Skip to content

fix(deps): bump runner dependencies to resolve 4 Dependabot security alerts#1358

Merged
jeremyeder merged 11 commits intoambient-code:mainfrom
jeremyeder:fix/dependabot-security-alerts
Apr 20, 2026
Merged

fix(deps): bump runner dependencies to resolve 4 Dependabot security alerts#1358
jeremyeder merged 11 commits intoambient-code:mainfrom
jeremyeder:fix/dependabot-security-alerts

Conversation

@jeremyeder
Copy link
Copy Markdown
Contributor

@jeremyeder jeremyeder commented Apr 20, 2026

Summary

  • Bumps pinned runner dependencies in uv.lock to resolve 4 active Dependabot security alerts

Test plan

  • CI passes (lock-file only change, no code changes)

🤖 Generated with Claude Code

@claude
fix(deps): bump runner dependencies to resolve 4 Dependabot security …
a7577f9 
…alerts

- authlib 1.6.6 → 1.6.11 (CSRF via cache)
- Mako 1.3.10 → 1.3.11 (path traversal via double-slash URI)
- python-multipart 0.0.22 → 0.0.26 (CVE-2026-40347, DoS via large preamble)
- pytest 9.0.2 → 9.0.3 (CVE-2025-71176, tmpdir handling)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 20, 2026
edited
Loading

Deploy Preview for cheerful-kitten-f556a0 ready!

Name Link
🔨 Latest commit ff0495e
🔍 Latest deploy log https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/69e665176ffde10008dcbacb
😎 Deploy Preview https://deploy-preview-1358--cheerful-kitten-f556a0.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 20, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • components/runners/ambient-runner/uv.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 5ccbdcd2-2c2b-41c3-95cc-837121492051

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands and usage tips.

@jeremyeder jeremyeder enabled auto-merge (squash) April 20, 2026 15:41
@jeremyeder jeremyeder disabled auto-merge April 20, 2026 17:11
@jeremyeder jeremyeder merged commit 8a22dcb into ambient-code:main Apr 20, 2026
6 checks passed
@jeremyeder jeremyeder mentioned this pull request Apr 20, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jeremyeder