ROB-623: bump python deps to fix CVEs#2122
Conversation
- pyjwt 2.12.1 -> 2.13.0 (CVE-2026-48526, High) - tornado 6.5.5 -> 6.5.7 (CVE-2026-49853, CVE-2026-49855, High) - cryptography 46.0.7 -> 48.0.1 (GHSA-537c-gmf6-5ccf, High) - python-dotenv 0.18.0 -> 1.2.2 (CVE-2026-28684, Medium) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
✅ Docker image ready for
Use this tag to pull the image for testing. 📋 Copy commandsgcloud auth configure-docker us-central1-docker.pkg.dev
docker pull us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:8ea44c1
docker tag us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:8ea44c1 me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:8ea44c1
docker push me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:8ea44c1Patch Helm values in one line: helm upgrade --install robusta robusta/robusta \
--reuse-values \
--set runner.image=me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:8ea44c1 |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
WalkthroughUpdates four dependency version pins in ChangesDependency Security Updates
Estimated code review effort: 1 (Trivial) | ~5 minutes Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Fixes CVEs flagged for the
robustaimage in the 2026-07-14 Vanta scan (sub-issue ROB-623 of ROB-595).Dependency bumps
Only these four packages change version in the lock file.
python-dotenv(0.18 → 1.2) is not imported directly insrc/; the four bumped packages install and import together cleanly in a venv smoke test.SLA: before 2026-07-21 (pyjwt due 16 Jul).
🤖 Generated with Claude Code