fix: update dependencies to resolve security vulnerabilities

yumibagge · claude · yumibagge · commit 49ac8e709a7e · 2025-12-09T18:57:58.000Z
- Update mcp from 1.19.0 to 1.23.3 (fixes GHSA-9h52-p55h-vw2f) - Update urllib3 from 2.5.0 to 2.6.1 (fixes GHSA-gm62-xv2j-4w53, GHSA-2xpw-w6gg-jr37) - Update uv from 0.9.5 to 0.9.6 in CI workflow (fixes GHSA-pqhf-p39g-3x64) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml
@@ -30,7 +30,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@v7
         with:
-          version: "0.9.5"
+          version: "0.9.6"
 
       - name: Install Project Dependencies
         run: uv sync --locked --all-extras --all-groups
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,9 @@ readme = "README.md"
 requires-python = ">=3.14"
 dependencies = [
     "fastmcp>=2.13.0.2",
+    "mcp>=1.23.0", # security fix for GHSA-9h52-p55h-vw2f
     "starlette>=0.49.1", # the default version in fastmcp is vulnerable to https://github.com/advisories/GHSA-7f5h-v6xp-fcq8
+    "urllib3>=2.6.0", # security fix for GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37
 ]
 
 [dependency-groups]
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,9 @@ readme = "README.md"`
`6`	`6`	`requires-python = ">=3.14"`
`7`	`7`	`dependencies = [`
`8`	`8`	`"fastmcp>=2.13.0.2",`
	`9`	`+ "mcp>=1.23.0", # security fix for GHSA-9h52-p55h-vw2f`
`9`	`10`	`"starlette>=0.49.1", # the default version in fastmcp is vulnerable to https://github.com/advisories/GHSA-7f5h-v6xp-fcq8`
	`11`	`+ "urllib3>=2.6.0", # security fix for GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37`
`10`	`12`	`]`
`11`	`13`
`12`	`14`	`[dependency-groups]`