Skip to content

Commit 4b5da3b

Browse files
mishushakovclaude
mishushakov
and
claude
authored
Fix Dependabot security alerts (12 vulnerabilities) (#264)
* Fix Dependabot security alerts Bump vulnerable npm and Python dev/transitive dependencies: - npm: postcss, vite, brace-expansion, smol-toml - python/: pytest (^9.0.3), pytest-asyncio (^1.3.0), pillow, pygments, python-dotenv - chart_data_extractor/: pytest (^9.0.3), pillow, pygments - template/requirements.txt: pytest 9.0.3 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Migrate conftest.py to pytest-asyncio 1.x The session-scoped event_loop fixture override is no longer honored in pytest-asyncio 1.x. Replace it with `asyncio_default_fixture_loop_scope` and `asyncio_default_test_loop_scope` set to session in pytest.ini, and convert async_sandbox_factory to an async fixture that yields and awaits sandbox cleanup directly instead of calling run_until_complete from a sync finalizer. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Regenerate poetry locks with Poetry 1.8.5 CI installs Poetry from .tool-versions (currently 1.8.5). Regenerating the locks under Poetry 2.1.1 produced lock-version 2.1 with Poetry-2.x- only metadata, which makes Poetry 1.8.5 fall back to a re-resolve and defeats the deterministic install this PR depends on. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Make async_sandbox_factory teardown exception-safe Use asyncio.gather(..., return_exceptions=True) so a failure killing one sandbox doesn't skip cleanup of the others, matching the independence the previous per-finalizer approach provided. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Restrict poetry lock churn to security bumps Restore chart_data_extractor/poetry.lock to its Poetry 2.1.1 form (matches main; pydantic stays at 2.9.2). Rebuild python/poetry.lock from main with poetry lock --no-update + targeted poetry update for the vulnerable packages, so runtime deps (attrs, e2b, httpx) stay on their existing pins instead of pulling latest. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
1 parent fb68a54 commit 4b5da3b

8 files changed

Lines changed: 690 additions & 438 deletions

File tree

chart_data_extractor/poetry.lock

Lines changed: 103 additions & 103 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

chart_data_extractor/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ matplotlib = "^3.10.3"
1717
pydantic = "^2.9.1"
1818

1919
[tool.poetry.group.dev.dependencies]
20-
pytest = "^8.3.5"
20+
pytest = "^9.0.3"
2121
python-dotenv = "^1.2.1"
2222
pytest-dotenv = "^0.5.2"
2323
ruff = "^0.11.12"

0 commit comments

Comments
 (0)