From 47c87e69790e5bb9537c321ee63eecca3069a5e0 Mon Sep 17 00:00:00 2001 From: Bryant Date: Sun, 5 Jul 2026 22:05:18 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20(deps):=20Document=20dev-only=20?= =?UTF-8?q?accepted-risk=20for=20nltk=20Dependabot=20#27?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit nltk <=3.9.4 (Dependabot #27, HIGH) enters uv.lock only transitively via llama-index-core, a dev/test-only dependency. It is never in runtime [project].dependencies nor the published wheel, is never imported by agent_assembly/, and the vulnerable nltk.data.load path is never invoked. No upstream fix exists (3.9.4 is the latest release; first_patched_version: none), so no lock upgrade removes it. Document the accepted-risk near the llama-index-core pin; recommend Dependabot #27 dismissal as dev/test-only. refs AAASM-4169 --- pyproject.toml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 6cc622b..2eda5fe 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -100,6 +100,14 @@ test = [ # installing it lets the `importorskip`-guarded governance tests drive a # real `FunctionTool` so a regression to a fail-open no-op patch is caught # rather than silently skipped. + # AAASM-4169: llama-index-core pulls `nltk` transitively, and nltk <=3.9.4 + # carries a URL-encoded path-traversal in `nltk.data.load()` (Dependabot #27, + # HIGH). Accepted-risk, NOT runtime-exploitable: nltk is dev/test-only (never + # in `[project].dependencies` nor the published wheel), is never imported by + # `agent_assembly/`, and the vulnerable `nltk.data.load` path is never invoked + # by the SDK or its tests. No upstream fix exists (3.9.4 is the latest release; + # `first_patched_version: none`), so no lock upgrade removes it. Tracked in + # AAASM-4169; Dependabot #27 recommended for dismissal as dev/test-only. "llama-index-core>=0.10.0", ] pre-commit-ci = [