Skip to content

Resolving dependabot vulnerability findings#61

Open
jacob6838 wants to merge 10 commits intomainfrom
dependabot-updates
Open

Resolving dependabot vulnerability findings#61
jacob6838 wants to merge 10 commits intomainfrom
dependabot-updates

Conversation

@jacob6838
Copy link
Copy Markdown
Collaborator

@jacob6838 jacob6838 commented Mar 26, 2026
edited
Loading

Resolving all vulnerabilities detected by dependabot analysis as of 2026/3/26: https://github.com/CDOT-CV/Work_Zone/security/dependabot

This PR also bumps the release version to 1.4.7rc1

@jacob6838 jacob6838 requested a review from Copilot March 26, 2026 21:39
@jacob6838 jacob6838 marked this pull request as ready for review March 26, 2026 21:39
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Python dependency versions to address Dependabot-reported vulnerabilities for the cdot-wzdx-translator package (Poetry-managed), primarily by bumping requests and explicitly pinning several previously-transitive dependencies to patched versions.

Changes:

  • Bump requests and update the resolved dependency graph in poetry.lock.
  • Add explicit pins for several packages (e.g., urllib3, protobuf, cryptography, etc.) to force patched versions.
  • Shift multiple packages from dev-only resolution into the main dependency group via pyproject.toml changes.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
pyproject.toml Updates requests and adds multiple explicit dependency pins intended to address vulnerability findings.
poetry.lock Re-locks dependencies to newer versions; several packages shift into main group and/or change platform markers.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 14:28
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 15:02
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 15:17
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 15:45
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 16:14
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jacob6838
Update pyproject.toml
e70dc08 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jacob6838 jacob6838 requested a review from Copilot March 27, 2026 16:19
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dmccoystephenson dmccoystephenson Awaiting requested review from dmccoystephenson

@drewjj drewjj Awaiting requested review from drewjj

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jacob6838