diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index edb42e4a..2c43b089 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -20,12 +20,12 @@ repos: - id: check-toml - repo: https://github.com/astral-sh/uv-pre-commit - rev: 0.10.9 + rev: 0.10.12 hooks: - id: uv-lock - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.15.5 + rev: v0.15.7 hooks: - id: ruff-check args: [--fix, --exit-non-zero-on-fix] diff --git a/pyproject.toml b/pyproject.toml index 3fa6fdc8..d951d96f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,11 +25,11 @@ dependencies = [ "openpyxl>=3.1.5", "authlib>=1.6.7", # CVE-2026-28802: alg:none JWT bypass fixed in 1.6.7 "filelock>=3.20.3", - "pyasn1>=0.6.2", + "pyasn1>=0.6.3", # CVE-2026-30922: DoS via uncontrolled recursion fixed in 0.6.3 "virtualenv>=20.36.1", "tenacity>=9.1.2", "certifi>=2026.1.4", - "pypdf>=6.7.5", # CVE-2026-28804: ASCIIHexDecode DoS fixed in 6.7.5 + "pypdf>=6.9.1", # CVE-2026-28804: ASCIIHexDecode DoS fixed in 6.7.5; CVE-2026-33123: array-based stream DoS fixed in 6.9.1 ] [dependency-groups] diff --git a/uv.lock b/uv.lock index 8e4a64d3..feed0e8a 100644 --- a/uv.lock +++ b/uv.lock @@ -101,11 +101,11 @@ requires-dist = [ { name = "numpy", specifier = "<2.3.0" }, { name = "openpyxl", specifier = ">=3.1.5" }, { name = "plotly", specifier = ">=6.5.0" }, - { name = "pyasn1", specifier = ">=0.6.2" }, + { name = "pyasn1", specifier = ">=0.6.3" }, { name = "pydantic", specifier = ">=2.12.4" }, { name = "pydantic-ai-slim", extras = ["logfire"], specifier = ">=1.26.0" }, { name = "pydantic-settings", specifier = ">=2.7.0" }, - { name = "pypdf", specifier = ">=6.7.5" }, + { name = "pypdf", specifier = ">=6.9.1" }, { name = "scikit-learn", specifier = ">=1.7.0" }, { name = "tenacity", specifier = ">=9.1.2" }, { name = "urllib3", specifier = ">=2.6.3" }, @@ -4788,11 +4788,11 @@ wheels = [ [[package]] name = "pyasn1" -version = "0.6.2" +version = "0.6.3" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/fe/b6/6e630dff89739fcd427e3f72b3d905ce0acb85a45d4ec3e2678718a3487f/pyasn1-0.6.2.tar.gz", hash = "sha256:9b59a2b25ba7e4f8197db7686c09fb33e658b98339fadb826e9512629017833b", size = 146586 } +sdist = { url = "https://files.pythonhosted.org/packages/5c/5f/6583902b6f79b399c9c40674ac384fd9cd77805f9e6205075f828ef11fb2/pyasn1-0.6.3.tar.gz", hash = "sha256:697a8ecd6d98891189184ca1fa05d1bb00e2f84b5977c481452050549c8a72cf", size = 148685 } wheels = [ - { url = "https://files.pythonhosted.org/packages/44/b5/a96872e5184f354da9c84ae119971a0a4c221fe9b27a4d94bd43f2596727/pyasn1-0.6.2-py3-none-any.whl", hash = "sha256:1eb26d860996a18e9b6ed05e7aae0e9fc21619fcee6af91cca9bad4fbea224bf", size = 83371 }, + { url = "https://files.pythonhosted.org/packages/5d/a0/7d793dce3fa811fe047d6ae2431c672364b462850c6235ae306c0efd025f/pyasn1-0.6.3-py3-none-any.whl", hash = "sha256:a80184d120f0864a52a073acc6fc642847d0be408e7c7252f31390c0f4eadcde", size = 83997 }, ] [[package]] @@ -5024,11 +5024,11 @@ wheels = [ [[package]] name = "pypdf" -version = "6.9.0" +version = "6.9.2" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/f5/c8/1f40699576c70a6c90d4bf47705a12a0bed1b02964a6bee039016279e126/pypdf-6.9.0.tar.gz", hash = "sha256:a59257869fc575ba2ccc10100a36be0a47cd1bc1fb00f2950abf1d219fa94c01", size = 5311107 } +sdist = { url = "https://files.pythonhosted.org/packages/31/83/691bdb309306232362503083cb15777491045dd54f45393a317dc7d8082f/pypdf-6.9.2.tar.gz", hash = "sha256:7f850faf2b0d4ab936582c05da32c52214c2b089d61a316627b5bfb5b0dab46c", size = 5311837 } wheels = [ - { url = "https://files.pythonhosted.org/packages/00/64/ac6159cfbeabab3cf54873bbf7314b29183c7ff547c9776596d63170d7c0/pypdf-6.9.0-py3-none-any.whl", hash = "sha256:85805ad7457ca878c4cfd1bc026c4b3dcae359b4a80f889fa7e8c5a1c1a83e51", size = 333408 }, + { url = "https://files.pythonhosted.org/packages/a5/7e/c85f41243086a8fe5d1baeba527cb26a1918158a565932b41e0f7c0b32e9/pypdf-6.9.2-py3-none-any.whl", hash = "sha256:662cf29bcb419a36a1365232449624ab40b7c2d0cfc28e54f42eeecd1fd7e844", size = 333744 }, ] [[package]]