Fix vulnerabilities in code

madhuri-rai07 · madhuri-rai07 · commit 13536bf6777e · 2026-02-27T14:22:26.000+05:30
diff --git a/metro-ai-suite/smart-route-planning-agent/src/pyproject.toml b/metro-ai-suite/smart-route-planning-agent/src/pyproject.toml
@@ -15,11 +15,11 @@ dependencies = [
     "gradio==5.49.1",
     "gradio_toggle>=0.1.5",
     "isort",
-    "langgraph==1.0.7",
+    "langgraph==1.0.9",
     "mypy",
     "numpy>1.24.3",
     "pandas",
-    "pillow>=10.4.0",
+    "pillow>=8.0,<12.0",
     "pydantic",
     "pytest",
     "python-dateutil",
diff --git a/metro-ai-suite/smart-route-planning-agent/src/uv.lock b/metro-ai-suite/smart-route-planning-agent/src/uv.lock
diff --git a/metro-ai-suite/smart-traffic-intersection-agent/Makefile b/metro-ai-suite/smart-traffic-intersection-agent/Makefile
@@ -99,7 +99,7 @@ TEST_TARGETS := $(addprefix test-,$(TEST_COMPONENTS))
         clean-all clean-all-keep-models \
         shellcheck pylint ruff \
         trivy-scan trivy-scan-fs trivy-scan-image trivy-scan-config \
-        clamav-scan bandit-scan gitleaks-scan codeql-scan \
+        clamav-scan bandit-scan-new bandit-scan gitleaks-scan codeql-scan \
         $(TEST_TARGETS) \
         get-service-name get-component-names get-image-tags get-context-dirs \
         get-python-version get-scan-matrix-json
@@ -403,6 +403,28 @@ clamav-scan:
 		> security-results/clamav-$(SERVICE_NAME)-$$(date +%Y%m%d-%H%M%S).txt 2>&1 || true
 	@echo "✅ ClamAV scan complete: security-results/clamav-*"
 
+bandit-scan-new:
+	@echo "🔐 Running Bandit Security Scan..."
+	@mkdir -p security-results
+	@python3 -m venv bandit-venv && \
+	source bandit-venv/bin/activate && \
+	pip install --upgrade pip && \
+	pip install bandit[toml] && \
+	CONFIG_OPT=""; \
+	if [ -f "pyproject.toml" ]; then CONFIG_OPT="-c pyproject.toml"; fi; \
+	echo "📝 Generating TXT Report (matches CI)..." && \
+	bandit $$CONFIG_OPT --severity-level low --confidence-level low -r src/ tests/ \
+		-f txt -o security-results/bandit-report-$(SERVICE_NAME).txt || true && \
+	echo "📊 Generating JSON Report..." && \
+	bandit $$CONFIG_OPT --severity-level low --confidence-level low -r src/ tests/ \
+		-f json -o security-results/bandit-report-$(SERVICE_NAME).json || true && \
+	echo "🌐 Generating HTML Report..." && \
+	bandit $$CONFIG_OPT --severity-level low --confidence-level low -r src/ tests/ \
+		-f html -o security-results/bandit-report-$(SERVICE_NAME).html || true && \
+	deactivate && \
+	rm -rf bandit-venv
+	@echo "✅ Bandit scan complete. Check security-results/ for txt, json, and html reports."
+
 bandit-scan:
 	@echo "🔐 Running Bandit Security Scan..."
 	@mkdir -p security-results
diff --git a/metro-ai-suite/smart-traffic-intersection-agent/src/Dockerfile b/metro-ai-suite/smart-traffic-intersection-agent/src/Dockerfile
@@ -1,7 +1,7 @@
 # Copyright (C) 2025 Intel Corporation
 # SPDX-License-Identifier: Apache-2.0
 
-FROM python:3.11-slim
+FROM python:3.13-slim
 
 # Set working directory
 WORKDIR /app
diff --git a/metro-ai-suite/smart-traffic-intersection-agent/src/pyproject.toml b/metro-ai-suite/smart-traffic-intersection-agent/src/pyproject.toml
@@ -12,11 +12,11 @@ dependencies = [
     "paho-mqtt==2.1.0",
     "aiohttp==3.13.3",
     "structlog==23.2.0",
-    "pydantic==2.7.0",
+    "pydantic==2.9.2",
     "python-dateutil==2.8.2",
     "python-dotenv==1.0.0",
-    "gradio==5.49.1",
-    "pillow>=9.0.0",
+    "gradio==6.2.0",
+    "pillow>=12.1.1,<13.0",
     "markdown>=3.4.0",
     "requests==2.32.5",
     "huggingface_hub==0.36.0",
diff --git a/metro-ai-suite/smart-traffic-intersection-agent/src/uv.lock b/metro-ai-suite/smart-traffic-intersection-agent/src/uv.lock
