Summary
The repo has 89 open Dependabot vulnerability alerts (separate from the routine version-bump PRs). The npm side (37 alerts) auto-resolves via the security-equivalent version bumps already merging (axios 1.16.0 #629 clears all 21 axios alerts; next 16.2.6 #631 clears all 13 next alerts; @tootallnate/once #630). Only postcss (med) + follow-redirects (med, transitive) remain, and both arrive with the held group #638.
This issue tracks the pip side: 52 alerts (20 high / 20 medium / 12 low) that have no Dependabot PRs. "Automated security fixes" is enabled, but Dependabot does not open security PRs for uv.lock (limited uv support, esp. transitive deps), so these must be remediated manually.
Several are serious given what CodeFrame does (runs git ops, parses multipart forms, issues JWTs).
Remediation targets
Direct deps (bump floors in pyproject.toml)
Transitive deps (bump parent or add explicit floor)
No fix available
Approach
- Bump direct-dep floors in
pyproject.toml; add explicit floors for the high-severity transitive ones (or bump the parent that pulls them — fastapi for starlette/python-multipart).
uv lock to regenerate uv.lock, then uv sync.- Run the full suite (
uv run pytest) — pay special attention to the starlette 1.0 major bump (FastAPI/Starlette API surface) and PyJWT auth tests.
uv run ruff check .; confirm cf --help + server boot.- Verify alerts auto-dismiss after merge.
Priority rationale
Marked P0-blocker-beta: CodeFrame is published as a uv tool install artifact and positioned around quality/proof ("PROVE"). Shipping 20 high-severity runtime CVEs — including a git-ops RCE (GitPython), form-parser arbitrary-file-write (python-multipart), and a JWT-validation flaw (PyJWT) — is a real risk for installers and undercuts the product thesis. The npm-side equivalents are already being fixed; the pip side should land before public beta.
Source: release-readiness Dependabot alert review 2026-06-13. 89 alerts total; npm 37 auto-resolving, pip 52 tracked here.
Summary
The repo has 89 open Dependabot vulnerability alerts (separate from the routine version-bump PRs). The npm side (37 alerts) auto-resolves via the security-equivalent version bumps already merging (axios 1.16.0 #629 clears all 21 axios alerts; next 16.2.6 #631 clears all 13 next alerts; @tootallnate/once #630). Only
postcss(med) +follow-redirects(med, transitive) remain, and both arrive with the held group #638.This issue tracks the pip side: 52 alerts (20 high / 20 medium / 12 low) that have no Dependabot PRs. "Automated security fixes" is enabled, but Dependabot does not open security PRs for
uv.lock(limited uv support, esp. transitive deps), so these must be remediated manually.Several are serious given what CodeFrame does (runs git ops, parses multipart forms, issues JWTs).
Remediation targets
Direct deps (bump floors in
pyproject.toml)aiohttp>= 3.14.0 (currently>=3.9.0) — 20 alerts (parser/zip-bomb DoS)gitpython>= 3.1.50 (currently>=3.1.40) — 5 high: command injection / RCE viacore.hooksPath, path traversalblack>= 26.3.1 (currently>=24.1.0, dev) — arbitrary file write via cache filenameTransitive deps (bump parent or add explicit floor)
python-multipart>= 0.0.27 — 3 high: arbitrary file write + DoS (FastAPI form parsing)starlette>= 1.0.1 — 2 high: Range-header DoS.PyJWT>= 2.12.0 — high: accepts unknowncritheader — directly relevant to the auth layerurllib3>= 2.7.0 — 4 high: header leak across redirects, decompression bombscryptography>= 46.0.7 — 3 high: subgroup attack (SECT curves)pyasn1>= 0.6.3 — 2 high: decoder DoS / unbounded recursionmcp>= 1.23.0 — high: DNS-rebinding protection off by defaultidna,requests(2.33.0),filelock,python-dotenv,virtualenv,pytest(9.0.3, dev),Pygments— medium/lowNo fix available
ecdsa— Minerva timing attack (P-256); no patched version exists. Decide: dismiss-with-rationale (it's transitive; assess actual exposure) or replace the dependency.Approach
pyproject.toml; add explicit floors for the high-severity transitive ones (or bump the parent that pulls them —fastapifor starlette/python-multipart).uv lockto regenerateuv.lock, thenuv sync.uv run pytest) — pay special attention to the starlette 1.0 major bump (FastAPI/Starlette API surface) and PyJWT auth tests.uv run ruff check .; confirmcf --help+ server boot.Priority rationale
Marked P0-blocker-beta: CodeFrame is published as a
uv tool installartifact and positioned around quality/proof ("PROVE"). Shipping 20 high-severity runtime CVEs — including a git-ops RCE (GitPython), form-parser arbitrary-file-write (python-multipart), and a JWT-validation flaw (PyJWT) — is a real risk for installers and undercuts the product thesis. The npm-side equivalents are already being fixed; the pip side should land before public beta.Source: release-readiness Dependabot alert review 2026-06-13. 89 alerts total; npm 37 auto-resolving, pip 52 tracked here.