From 3effda57bd8ca6aba0700c34252251d67c8dd787 Mon Sep 17 00:00:00 2001 From: Norris Date: Sat, 14 Mar 2026 23:21:10 -0400 Subject: [PATCH 1/4] fix: bump black and django to resolve dependabot security alerts --- example/django-app/requirements.txt | 2 +- requirements.test.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/example/django-app/requirements.txt b/example/django-app/requirements.txt index fbd3164..5b6b804 100644 --- a/example/django-app/requirements.txt +++ b/example/django-app/requirements.txt @@ -1,2 +1,2 @@ -django >= 4.2 +django >= 4.2.29 -e ../../ diff --git a/requirements.test.txt b/requirements.test.txt index e257c94..5c7a250 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,6 +1,6 @@ -r requirements.txt -black~=25.1.0 +black~=26.3.1 mypy~=1.15.0 mypy-extensions~=1.0.0 pytest~=7.4.0 From d2c7acfa42efd1529379fb2a056efd5f178cfe6f Mon Sep 17 00:00:00 2001 From: Norris Date: Sat, 14 Mar 2026 23:24:06 -0400 Subject: [PATCH 2/4] fix: split lint deps into requirements.lint.txt for Python 3.10+ compat black>=26.3.1 requires Python 3.10+, but unit tests run on 3.9. Move black, mypy, and ruff into a separate requirements.lint.txt used only by the lint workflow (Python 3.12). --- .github/workflows/lint.yml | 2 +- requirements.lint.txt | 8 ++++++++ requirements.test.txt | 4 ---- 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 requirements.lint.txt diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9000815..402e635 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: - name: Install dependencies run: | pip install --upgrade pip - pip install -r requirements.test.txt + pip install -r requirements.lint.txt - name: Check formatting run: | diff --git a/requirements.lint.txt b/requirements.lint.txt new file mode 100644 index 0000000..6f6b4dd --- /dev/null +++ b/requirements.lint.txt @@ -0,0 +1,8 @@ +-r requirements.txt + +black~=26.3.1 +mypy~=1.15.0 +mypy-extensions~=1.0.0 +ruff~=0.9.0 +types-requests~=2.32.0 +types-urllib3~=1.26.25.14 diff --git a/requirements.test.txt b/requirements.test.txt index 5c7a250..80e5b61 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,11 +1,7 @@ -r requirements.txt -black~=26.3.1 -mypy~=1.15.0 -mypy-extensions~=1.0.0 pytest~=7.4.0 pytest-benchmark~=4.0.0 responses~=0.25.6 -ruff~=0.9.0 types-requests~=2.32.0 types-urllib3~=1.26.25.14 From ca0d0d9f4f1042ad17aef7b4bc95384791f0a6c4 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 22 Apr 2026 15:46:05 -0400 Subject: [PATCH 3/4] fix: resolve remaining dependabot security alerts - requests >= 2.33.0 to address CVE (medium, alerts #7, #8) - pytest >= 9.0.3 to address vulnerability (medium, alert #14) - django >= 6.0.4 in example app to address multiple CVEs (alerts #9-#13) --- example/django-app/requirements.txt | 2 +- requirements.test.txt | 2 +- requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/example/django-app/requirements.txt b/example/django-app/requirements.txt index 5b6b804..1fec939 100644 --- a/example/django-app/requirements.txt +++ b/example/django-app/requirements.txt @@ -1,2 +1,2 @@ -django >= 4.2.29 +django >= 6.0.4 -e ../../ diff --git a/requirements.test.txt b/requirements.test.txt index 80e5b61..264afd1 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,6 +1,6 @@ -r requirements.txt -pytest~=7.4.0 +pytest>=9.0.3 pytest-benchmark~=4.0.0 responses~=0.25.6 types-requests~=2.32.0 diff --git a/requirements.txt b/requirements.txt index 1054d22..dc7ab31 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ setuptools >= 21.0.0 urllib3 >= 1.15.1 -requests >= 2.32 +requests >= 2.33.0 wasmtime ~= 30.0.0 protobuf >= 4.23.3 openfeature-sdk ~= 0.8.0 From a84133c01f317b8d923d42a8d33afd690dca1ecc Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 22 Apr 2026 16:32:55 -0400 Subject: [PATCH 4/4] fix: drop Python 3.9 from CI matrix Python 3.9 reached EOL in October 2025. requests>=2.33.0 requires Python>=3.10, so we replace 3.9 with 3.10 in the test matrix. --- .github/workflows/unit_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit_test.yml b/.github/workflows/unit_test.yml index 76b6124..64a3a66 100644 --- a/.github/workflows/unit_test.yml +++ b/.github/workflows/unit_test.yml @@ -11,7 +11,7 @@ jobs: runs-on: ${{matrix.os}} strategy: matrix: - python-version: ["3.12", "3.9"] + python-version: ["3.12", "3.10"] os: [ubuntu-latest, windows-latest] steps: