Skip to content

fix(FFESUPPORT-747): address open Dependabot vulnerabilities#18

Merged
aarsilv merged 1 commit into
mainfrom
aarsilv/ffesupport-747/fix-vulnerabilities
Jun 2, 2026
Merged

fix(FFESUPPORT-747): address open Dependabot vulnerabilities#18
aarsilv merged 1 commit into
mainfrom
aarsilv/ffesupport-747/fix-vulnerabilities

Conversation

@aarsilv
Copy link
Copy Markdown

@aarsilv aarsilv commented May 29, 2026
edited
Loading

Summary

  • Updates the vulnerable Python dependency floor for requests, urllib3, and pytest.
  • Raises the supported Python floor to 3.10 because the patched pytest line requires Python >=3.10.
  • Removes Python 3.9 from the CI matrix to match the new package constraint.

Dependabot alerts addressed

Verification

  • poetry install --no-interaction
  • poetry run pytest -v --tb=short
  • poetry check --lock

🤖 Generated with Codex

@aarsilv aarsilv requested a review from Copilot May 29, 2026 02:56
Copilot AI reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Bumps vulnerable dependencies (requests, urllib3, pytest) to patched versions to resolve open Dependabot alerts. Because pytest >=9.0.3 requires Python >=3.10, the project's Python floor is raised and Python 3.9 is removed from CI.

Changes:

  • Bump requests to ^2.33.0, urllib3 to ^2.7.0, and pytest to ^9.0.3 (lockfile updated accordingly).
  • Raise the Python floor from ^3.9 to ^3.10 in pyproject.toml and poetry.lock metadata.
  • Drop 3.9 from the CI matrix in .github/workflows/test.yml.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
pyproject.toml Raises Python floor to 3.10 and pins patched versions of requests, urllib3, and pytest.
poetry.lock Regenerated lock reflecting new versions, Python ^3.10 metadata, and narrowed backport markers.
.github/workflows/test.yml Removes Python 3.9 from the CI matrix to match the new constraint.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aarsilv
Copy link
Copy Markdown
Author

aarsilv commented May 29, 2026
edited
Loading

🤖 Context from Codex: This resolves the Python alerts by bumping requests, urllib3, and pytest, with the supported/tested Python floor raised to 3.10 because pytest 9 requires Python >=3.10. Local poetry run pytest -v --tb=short passed (22 tests), poetry check --lock passed, and CI is green on Python 3.10/3.11/3.12.

@aarsilv aarsilv force-pushed the aarsilv/ffesupport-747/fix-vulnerabilities branch from 205663c to 4295920 Compare May 29, 2026 15:34
@aarsilv aarsilv requested a review from Copilot May 29, 2026 15:35
Copilot AI reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated no new comments.

@aarsilv aarsilv requested review from A-Rindone and emielver June 1, 2026 12:37
@aarsilv aarsilv merged commit cd8a664 into main Jun 2, 2026
3 checks passed
@aarsilv aarsilv deleted the aarsilv/ffesupport-747/fix-vulnerabilities branch June 2, 2026 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@greghuels greghuels greghuels approved these changes

@emielver emielver Awaiting requested review from emielver

@A-Rindone A-Rindone Awaiting requested review from A-Rindone

Assignees

@emielver emielver

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aarsilv @greghuels @emielver