Skip to content

fix: update packages with detected vulnerabilities #1834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jselig-rigetti merged 9 commits into from
Sep 10, 2025
Merged

fix: update packages with detected vulnerabilities #1834

jselig-rigetti merged 9 commits into from
Sep 10, 2025

Conversation

@jselig-rigetti
Copy link
Contributor

@jselig-rigetti jselig-rigetti commented Sep 5, 2025

From https://github.com/rigetti/pyquil/actions/runs/17415859364/job/49444091708?pr=1833

 +-------------------------------------+------+-----------+--------------+---------+-------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE      | VERSION | SOURCE      |
+-------------------------------------+------+-----------+--------------+---------+-------------+
| https://osv.dev/GHSA-33p9-3p43-82vq | 7.3  | PyPI      | jupyter-core | 5.7.2   | poetry.lock |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3  | PyPI      | requests     | 2.32.3  | poetry.lock |
| https://osv.dev/PYSEC-2025-49       | 8.8  | PyPI      | setuptools   | 70.3.0  | poetry.lock |
| https://osv.dev/GHSA-5rjg-fvgr-3xxf |      |           |              |         |             |
| https://osv.dev/GHSA-7cx3-6m66-7c5m | 7.5  | PyPI      | tornado      | 6.4.2   | poetry.lock |
| https://osv.dev/GHSA-48p4-8xcf-vxj5 | 5.3  | PyPI      | urllib3      | 2.3.0   | poetry.lock |
| https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3  | PyPI      | urllib3      | 2.3.0   | poetry.lock |
+-------------------------------------+------+-----------+--------------+---------+-------------+

@jselig-rigetti jselig-rigetti requested a review from a team as a code owner September 5, 2025 19:25
windsurf-bot[bot]
windsurf-bot bot reviewed Sep 5, 2025
View reviewed changes
Copy link

@windsurf-bot windsurf-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file skipped due to size limits:
  • poetry.lock

Looks good to me 🤙

💡 To request another review, post a new comment with "/windsurf-review".

@github-actions
Copy link

github-actions bot commented Sep 5, 2025
edited
Loading

🐰 Bencher Report

Branchjselig/fix-dep-vulns
Testbedci-runner-linux

⚠️ WARNING: No Threshold found!

Without a Threshold, no Alerts will ever be generated.

Click here to create a new Threshold
For more information, see the Threshold documentation.
To only post results if a Threshold exists, set the --ci-only-thresholds flag.

Click to view all benchmark results
BenchmarkLatencyseconds (s)
test/benchmarks/test_program.py::test_copy_everything_except_instructions📈 view plot
⚠️ NO THRESHOLD		10.49 s
test/benchmarks/test_program.py::test_instructions📈 view plot
⚠️ NO THRESHOLD		4.08 s
test/benchmarks/test_program.py::test_iteration📈 view plot
⚠️ NO THRESHOLD		4.12 s
🐰 View full continuous benchmarking report in Bencher

@github-actions
Copy link

github-actions bot commented Sep 5, 2025
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
7268 6384 88% 87% 🟢

New Files

No new covered files...

Modified Files

File Coverage Status
pyquil/latex/_ipython.py 29% 🟢
pyquil/quilatom.py 83% 🟢
pyquil/quilbase.py 94% 🟢
TOTAL 69% 🟢

updated for commit: e7d5d62 by action🐍

jselig-rigetti
jselig-rigetti commented Sep 5, 2025
View reviewed changes
jselig-rigetti
jselig-rigetti commented Sep 8, 2025
View reviewed changes
asaites
asaites approved these changes Sep 9, 2025
View reviewed changes
Copy link
Contributor

@asaites asaites left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not something that needs to be fixed here, but I think the $pyquil_version is meant to be passed as a build-arg from the Makefile for the docker target.

@jselig-rigetti jselig-rigetti mentioned this pull request Sep 10, 2025
Open
@jselig-rigetti
Copy link
Contributor Author

jselig-rigetti commented Sep 10, 2025

It's not something that needs to be fixed here, but I think the $pyquil_version is meant to be passed as a build-arg from the Makefile for the docker target.

@asaites created #1835 to follow up

@jselig-rigetti jselig-rigetti merged commit df5e0ba into master Sep 10, 2025
20 checks passed
@jselig-rigetti jselig-rigetti deleted the jselig/fix-dep-vulns branch September 10, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@windsurf-bot windsurf-bot[bot] windsurf-bot[bot] left review comments

@asaites asaites asaites approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jselig-rigetti @asaites