fix(deps): address critical and high severity security vulnerabilities#827
Merged
nicoloboschi merged 6 commits intomainfrom Apr 1, 2026
Merged
fix(deps): address critical and high severity security vulnerabilities#827nicoloboschi merged 6 commits intomainfrom
nicoloboschi merged 6 commits intomainfrom
Conversation
Bump vulnerable dependencies to patched versions across the monorepo: Python (critical/high): - fastmcp >=2.14.0 → >=3.2.0 (SSRF, path traversal, OAuth confused deputy, command injection) - langchain-core >=1.2.11 → >=1.2.22 (path traversal in legacy load_prompt) Python (low): - cryptography >=46.0.5 → >=46.0.6 (incomplete DNS name constraint enforcement) - pygments: add >=2.20.0 pin (ReDoS via GUID regex) Node.js: - serialize-javascript ^7.0.3 → ^7.0.5 (CPU exhaustion DoS) - handlebars: add >=4.7.9 override (JS injection via AST type confusion) - path-to-regexp: add >=0.1.13 override (ReDoS via route params) - brace-expansion: add version range override (process hang/memory exhaustion) Also adds type: ignore comments for FastMCP 2.x private attribute access that ty now flags since FastMCP 3.x removed _tool_manager (guarded by try/except and hasattr at runtime). Regenerated all lock files across API, integrations, and tests.
The global ajv ^6.14.0 override caused schema-utils and ajv-keywords to receive ajv v6, but they require ajv v8 (for dist/compile/codegen). Add scoped overrides to ensure these packages get ajv v8 while the global override remains for packages that need v6.
FastMCP 3.x no longer accepts stateless_http in the constructor. The tests call tools directly without HTTP transport, so the parameter is not needed.
FastMCP 3.x removed _tool_manager. Tests now use _local_provider._components for sync tool dict access and mcp.list_tools() for async filtered tool listing.
…date) - Remove global ajv ^6.14.0 override and scoped ajv-keywords/schema-utils overrides that caused webpack compilation errors manifesting as "Cannot read properties of undefined (reading 'date')" during SSR and "these parameters are deprecated" warnings. Natural version resolution (v6.12.6+ for v6 consumers, v8+ for v8 consumers) already satisfies the security fix (>= 6.12.3). - Add missing date frontmatter to learning-capabilities blog post.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
load_promptfunctionstype: ignorecomments for FastMCP 2.x_tool_managerprivate attribute access (now flagged by ty since 3.x removed it; guarded by try/except and hasattr at runtime)Addresses dependabot alerts: https://github.com/vectorize-io/hindsight/security/dependabot
Test plan
./scripts/hooks/lint.sh)