diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code_checks.yml index 687f169..31e3c50 100644 --- a/.github/workflows/code_checks.yml +++ b/.github/workflows/code_checks.yml @@ -29,7 +29,7 @@ jobs: run-code-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v6.0.3 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 768bd32..4eef0a8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: run: | sudo apt-get update sudo apt-get install libcurl4-openssl-dev libssl-dev - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v6.0.3 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index ebca370..c63185e 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -37,7 +37,7 @@ jobs: unit-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v6.0.3 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 diff --git a/pyproject.toml b/pyproject.toml index 2aa2b0b..481bce0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -53,7 +53,7 @@ dev = [ "jupyter>=1.1.1", "jupyterlab>=4.5.7", # CVE-2026-42266/42557: extension allow-list bypass and command linker XSS fixed in 4.5.7 "nbqa>=1.9.1", - "pip>=26.1.2", # Pinning version to address vulnerability GHSA-6vgw-5pg2-w6jp, CVE-2026-3219, PYSEC-2026-196 + "pip>=26.1.2", # Pinning version to address vulnerability GHSA-6vgw-5pg2-w6jp, CVE-2026-3219; PYSEC-2026-196: entry point path traversal fixed in 26.1.2 "pip-audit>=2.9.0", "pre-commit>=4.2.0", "pytest>=9.0.3", # CVE-2025-71176: tmp dir privilege escalation fixed in 9.0.3