Skip to content

fix: update vulnerable packages #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
edis-uipath merged 1 commit into from
Jan 15, 2026
Merged

fix: update vulnerable packages #166

edis-uipath merged 1 commit into from
Jan 15, 2026
+17 −11

Conversation

@cristipufu
Copy link
Member

@cristipufu cristipufu commented Jan 15, 2026

Description

These are only development dependencies, but we still need to pass security scanner checks.

virtualenv

filelock

@cristipufu cristipufu self-assigned this Jan 15, 2026
Copilot AI review requested due to automatic review settings January 15, 2026 06:31
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates vulnerable development dependencies to address TOCTOU (Time-of-check to time-of-use) security vulnerabilities in filelock and virtualenv packages.

Changes:

  • Updated filelock from 3.18.0 to 3.20.3
  • Updated virtualenv from 20.31.2 to 20.36.1
  • Updated pre-commit from 4.2.0 to 4.5.1
  • Added filelock and virtualenv as explicit dev dependencies to ensure secure versions

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
pyproject.toml Updated version constraints for pre-commit, and added explicit minimum versions for filelock and virtualenv as dev dependencies
uv.lock Updated lock file with new package versions, hashes, URLs, and metadata for filelock, virtualenv, and pre-commit

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@edis-uipath edis-uipath merged commit 5767328 into main Jan 15, 2026
17 checks passed
@cristipufu cristipufu deleted the fix/vulnerable_packages branch January 15, 2026 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@edis-uipath edis-uipath edis-uipath approved these changes

Assignees

@cristipufu cristipufu

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cristipufu @edis-uipath