Skip to content

Update dev dependencies with security vulnerabilities in elt-common #178

New issue
New issue
Closed
#184
Closed
Update dev dependencies with security vulnerabilities in elt-common#178
#184
Assignees
martyngigg
Labels
technical debtTasks to deliver a more robust solution to a quick fix required for speed of implementation
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Jan 5, 2026

Summary

Several dev dependencies in elt-common/pyproject.toml contain known security vulnerabilities and should be updated:

  • requests 2.32.3: Affected by CVE-2024-47081 (URL-parsing vulnerability that can leak .netrc credentials). Should be upgraded to version 2.32.4 or later (current version: 2.32.5).

  • ruff 0.11.11: Contains an "Improper Neutralisation" vulnerability affecting versions below 0.12.11. Should be upgraded to version 0.14.10 or later (current version: 0.14.10).

  • pytest 8.3.5: No known CVEs but outdated. Consider upgrading to version 9.0.2 (current version).

Context

This issue was identified during code review and flagged by @coderabbitai in PR #177.

References

Metadata

Metadata

Assignees

Labels

technical debtTasks to deliver a more robust solution to a quick fix required for speed of implementation

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions