Merge pull request #4 from diffblue/fix/security-vulnerabilities

yumibagge · web-flow · commit ba322ff27397 · 2025-12-09T19:02:05.000Z
fix: update dependencies to resolve security vulnerabilities
diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml
@@ -30,7 +30,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@v7
         with:
-          version: "0.9.5"
+          version: "0.9.6"
 
       - name: Install Project Dependencies
         run: uv sync --locked --all-extras --all-groups
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,9 @@ readme = "README.md"
 requires-python = ">=3.14"
 dependencies = [
     "fastmcp>=2.13.0.2",
+    "mcp>=1.23.0", # security fix for GHSA-9h52-p55h-vw2f
     "starlette>=0.49.1", # the default version in fastmcp is vulnerable to https://github.com/advisories/GHSA-7f5h-v6xp-fcq8
+    "urllib3>=2.6.0", # security fix for GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37
 ]
 
 [dependency-groups]
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,9 @@ readme = "README.md"`
`6`	`6`	`requires-python = ">=3.14"`
`7`	`7`	`dependencies = [`
`8`	`8`	`"fastmcp>=2.13.0.2",`
	`9`	`+ "mcp>=1.23.0", # security fix for GHSA-9h52-p55h-vw2f`
`9`	`10`	`"starlette>=0.49.1", # the default version in fastmcp is vulnerable to https://github.com/advisories/GHSA-7f5h-v6xp-fcq8`
	`11`	`+ "urllib3>=2.6.0", # security fix for GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37`
`10`	`12`	`]`
`11`	`13`
`12`	`14`	`[dependency-groups]`