Skip to content

chore: Fix CVEs#6042

Open
aniketpalu wants to merge 5 commits intofeast-dev:masterfrom
aniketpalu:cve-fix-upstream
Open

chore: Fix CVEs#6042
aniketpalu wants to merge 5 commits intofeast-dev:masterfrom
aniketpalu:cve-fix-upstream

Conversation

@aniketpalu
Copy link
Contributor

@aniketpalu aniketpalu commented Mar 2, 2026
edited by devin-ai-integration bot
Loading

What this PR does / why we need it:

  • cryptography ≥ 46.0.5 — bumped from >=43.0,<44 to fix subgroup validation vulnerability in SECT curves
  • python-multipart ≥ 0.0.22 — added as direct dependency to fix path traversal via crafted filenames

Which issue(s) this PR fixes:

Misc

Open with Devin

@aniketpalu
chore: Fix CVEs
f5d6676 
Signed-off-by: Aniket Paluskar <apaluska@redhat.com>
@aniketpalu aniketpalu requested a review from a team as a code owner March 2, 2026 10:54
devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shuchu shuchu shuchu left review comments

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aniketpalu @shuchu @tokoko