Skip to content

Comments

chore: resolve cves#534

Merged
lawrence-u10d merged 4 commits intomainfrom
resolve-cves
Jan 2, 2026
Merged

chore: resolve cves#534
lawrence-u10d merged 4 commits intomainfrom
resolve-cves

Conversation

@lawrence-u10d
Copy link
Contributor

@lawrence-u10d lawrence-u10d commented Dec 31, 2025
edited by cursor bot
Loading

Note

Security/Deps

  • Broad dependency upgrades in requirements/base.txt, requirements/test.txt, and requirements/constraints.txt (e.g., fastapi, transformers, torch, unstructured[all-docs], urllib3, etc.) to remediate CVEs.

CI

  • Enhances ci.yml Docker test job with aggressive disk cleanup (remove preinstalled SDKs, docker system prune -af --volumes) and prints disk usage before/after to stabilize Docker builds.

Versioning

  • Bumps version to 0.0.91 in __version__.py and preprocessing-pipeline-family.yaml.
  • Adds CHANGELOG.md entry for 0.0.91 noting CVE-driven upgrades.

Written by Cursor Bugbot for commit 5d0b9d8. This will update automatically on new commits. Configure here.

@socket-security
Copy link

socket-security bot commented Dec 31, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​jupyterlab@​4.4.10 ⏵ 4.5.159100100100100 +10
Updatedpypi/​tornado@​6.5.2 ⏵ 6.5.472 +1100100100100
Updatedpypi/​ipython@​9.7.0 ⏵ 9.8.073 +110010010070
Updatedpypi/​torch@​2.9.0 ⏵ 2.9.17310010010070
Updatedpypi/​onnx@​1.19.1 ⏵ 1.20.074100100100100
Updatedpypi/​transformers@​4.57.1 ⏵ 4.57.374100100100100
Updatedpypi/​debugpy@​1.8.17 ⏵ 1.8.1974 +110010010090
Updatedpypi/​matplotlib@​3.10.7 ⏵ 3.10.875 +110010010080
Updatedpypi/​notebook@​7.4.7 ⏵ 7.5.17510010010080
Updatedpypi/​mypy@​1.18.2 ⏵ 1.19.175 +1100100100100 +20
Updatedpypi/​unstructured@​0.18.18 ⏵ 0.18.2481 +1100100100100
Updatedpypi/​torchvision@​0.24.0 ⏵ 0.24.182100100100100
Updatedpypi/​fonttools@​4.60.1 ⏵ 4.61.186 +1100 +210010090
Updatedpypi/​black@​25.9.0 ⏵ 25.12.086100100100100
Updatedpypi/​pytest@​8.4.2 ⏵ 9.0.287 -3100100100100
Updatedpypi/​execnet@​2.1.1 ⏵ 2.1.287 -9100100100100
Updatedpypi/​nbdev@​2.4.6 ⏵ 2.4.788100100100100
Updatedpypi/​fsspec@​2025.10.0 ⏵ 2025.12.089 +1100100100100
Updatedpypi/​accelerate@​1.11.0 ⏵ 1.12.091 +1100100100100
Updatedpypi/​joblib@​1.5.2 ⏵ 1.5.392 +1100100100100
Updatedpypi/​google-auth@​2.43.0 ⏵ 2.45.093 -1100100100100
Updatedpypi/​tzdata@​2025.2 ⏵ 2025.310010093100100
Updatedpypi/​psutil@​7.1.3 ⏵ 7.2.194 +23100100100100
Updatedpypi/​coverage@​7.11.1 ⏵ 7.13.195100100100100
Updatedpypi/​fastcore@​1.8.15 ⏵ 1.10.096 +1100100100100
Updatedpypi/​click@​8.3.0 ⏵ 8.3.196 +1100100100100
Updatedpypi/​pikepdf@​10.0.0 ⏵ 10.1.097 +110010010070
Updatedpypi/​jupyter-client@​8.6.3 ⏵ 8.7.09710010010070
Updatedpypi/​networkx@​3.5 ⏵ 3.6.197100100100100
Updatedpypi/​anyio@​4.11.0 ⏵ 4.12.097 +1100100100100
Updatedpypi/​urllib3@​2.5.0 ⏵ 2.6.297 +1100 +22100100100
Updatedpypi/​annotated-doc@​0.0.3 ⏵ 0.0.410010098 +2100100
See 31 more rows in the dashboard

View full report

@lawrence-u10d lawrence-u10d changed the title Resolve cves chore: resolve cves Dec 31, 2025
luke-kucing
luke-kucing approved these changes Jan 2, 2026
View reviewed changes
Copy link
Contributor

@luke-kucing luke-kucing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@lawrence-u10d lawrence-u10d merged commit fa49907 into main Jan 2, 2026
13 checks passed
@lawrence-u10d lawrence-u10d deleted the resolve-cves branch January 2, 2026 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luke-kucing luke-kucing luke-kucing approved these changes

@william-u10d william-u10d Awaiting requested review from william-u10d

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lawrence-u10d @luke-kucing