hexolan/panels
1
0
Fork 0
mirror of https://github.com/hexolan/panels.git synced 2026-05-20 11:39:22 +01:00
Code Issues Packages Releases Activity

chore(security): bump dependencies

Browse Source 
Add `cryptography` as direct dependency (instead of solely from
dependency tree) at version `^46.0.6`.

Update `pyjwt` to latest version.

Commit addresses concerns related to:
- CVE-2026-32597 (pyjwt)
- CVE-2026-26007 (cryptography)
- CVE-2026-34073 (cryptography)
- CVE-2024-12797 (cryptography)
This commit is contained in:
Declan Teevan
2026-03-30 12:45:31 +01:00
parent df8110939a
commit 9442c47136
2 changed files with 61 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/auth-service/pyproject.toml
+3 -2
View File
@@ -8,15 +8,16 @@ repository = "https://github.com/hexolan/panels"
authors = ["Declan Teevan <dt@hexolan.com>"]
[tool.poetry.dependencies]
python = "^3.9"
python = ">3.9.0,<3.9.1 || >3.9.1,<4.0"
grpcio = "^1.57.0"
pydantic = "^2.4.0"
pydantic-settings = "^2.0.3"
databases = {extras = ["asyncpg"], version = "^0.8.0"}
grpcio-health-checking = "^1.57.0"
argon2-cffi = "^23.1.0"
PyJWT = {extras = ["crypto"], version = "^2.11.0"}
PyJWT = {extras = ["crypto"], version = "^2.12.1"}
aiokafka = "^0.8.1"
cryptography = "^46.0.6"
[tool.poetry.dev-dependencies]
grpcio-tools = "^1.57.0"