Skip to content

chore: bump vulnerable deps and fix flaky TTL test#53

Merged
27Bslash6 merged 1 commit intomainfrom
chore/bump-vulnerable-deps
Feb 22, 2026
Merged

chore: bump vulnerable deps and fix flaky TTL test#53
27Bslash6 merged 1 commit intomainfrom
chore/bump-vulnerable-deps

Conversation

@27Bslash6
Copy link
Contributor

@27Bslash6 27Bslash6 commented Feb 22, 2026

Summary

  • bytes 1.10.1 → 1.11.1 (RUSTSEC-2026-0007: integer overflow in BytesMut::reserve)
  • filelock 3.20.1 → 3.24.3 (GHSA-qmgc-5h2g-mvrw: TOCTOU symlink vulnerability)
  • orjson 3.11.4 → 3.11.7 (GHSA-hx9q-6w63-j58v: unbounded recursion)
  • pip 25.3 → 26.0.1 (GHSA-6vgw-5pg2-w6jp: path traversal in wheel extraction)
  • test_ttl_enforced: increase TTL 1s → 3s to prevent CI timing flakiness on Python 3.14

Test plan

  • All pre-commit hooks pass
  • CI security checks should now pass (pip-audit, cargo-deny, rustsec)
  • Python 3.14 flaky test should stabilize

@27Bslash6
chore: bump vulnerable deps and fix flaky TTL test
a6b72a9 
- bytes 1.10.1 → 1.11.1 (RUSTSEC-2026-0007: integer overflow in BytesMut::reserve)
- filelock 3.20.1 → 3.24.3 (GHSA-qmgc-5h2g-mvrw: TOCTOU symlink vuln)
- orjson 3.11.4 → 3.11.7 (GHSA-hx9q-6w63-j58v: unbounded recursion)
- pip 25.3 → 26.0.1 (GHSA-6vgw-5pg2-w6jp: path traversal in wheel extraction)
- test_ttl_enforced: increase TTL 1s→3s to prevent CI timing flakiness
@27Bslash6 27Bslash6 merged commit c975834 into main Feb 22, 2026
37 checks passed
@27Bslash6 27Bslash6 deleted the chore/bump-vulnerable-deps branch February 22, 2026 02:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@27Bslash6