Skip to content

fix(deps): vuln major upgrades — 4 packages (major: 3 · minor: 1) [datadog_checks_dev]#23632

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/major/pep621/datadog_checks_dev/1-1778179367
Draft

fix(deps): vuln major upgrades — 4 packages (major: 3 · minor: 1) [datadog_checks_dev]#23632
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/major/pep621/datadog_checks_dev/1-1778179367

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 7, 2026

Summary: High-severity security update — 4 packages upgraded (MAJOR changes included)

Manifests changed:

  • datadog_checks_dev (pep621)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
black 23.12.1 26.3.1 major Direct 2 HIGH, 3 MODERATE
pathspec 0.10.0 1.1.1 major Direct -
platformdirs 2.0.0a3 4.9.6 major Direct -
click 8.1.6 8.3.3 minor Direct -

Packages marked with "-" are updated due to dependency constraints.

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
black GHSA-3936-cmfr-pm3m HIGH Black: Arbitrary file writes from unsanitized user input in cache file name 23.12.1 26.3.1
black CVE-2026-32274 HIGH Black: Arbitrary file writes from unsanitized user input in cache file name 23.12.1 -
ℹ️ Other Vulnerabilities (3)
Package CVE Severity Summary Unsafe Version Fixed In
black GHSA-fj7x-q9j7-g6q6 MODERATE Black vulnerable to Regular Expression Denial of Service (ReDoS) 23.12.1 24.3.0
black CVE-2024-21503 MODERATE - 23.12.1 -
black PYSEC-2024-48 MODERATE - 23.12.1 f00093672628d212b8965a8993cee8bedf5fe9b8
⚠️ Dependencies that have Reached EOL (2)
Dependency Unsafe Version EOL Date New Version Path
click 8.1.6 - 8.3.3 datadog_checks_dev/pyproject.toml
pathspec 0.10.0 - 1.1.1 datadog_checks_dev/pyproject.toml
📅 Dependencies Nearing EOL (1)
Dependency Unsafe Version EOL Date New Version Path
platformdirs 2.0.0a3 May 14, 2026 4.9.6 datadog_checks_dev/pyproject.toml

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-high-severity adms-major-update adms-medium-severity adms-mode-all-vulns adms-python campaigner-automated-change dev_package ecosystems/review-requested product/review-requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants