chore(deps): resolve Dependabot security alerts across npm and python#1302
chore(deps): resolve Dependabot security alerts across npm and python#1302mishushakov merged 3 commits intomainfrom
Conversation
Bump vulnerable transitive npm deps (postcss, vite, lodash, brace-expansion, picomatch, yaml, @tootallnate/once, smol-toml, flatted, minimatch) via range-based pnpm overrides. Bump python-sdk dev deps in poetry.lock (pytest 9.0.3, pytest-asyncio 1.3.0, python-dotenv 1.2.2, pygments 2.20.0, requests 2.33.1, black 26.3.1). Remove now-unused ty:ignore directives that pytest 9's stricter type signatures made obsolete. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🦋 Changeset detectedLatest commit: 66b1bf6 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
PR SummaryMedium Risk Overview Upgrades Python SDK dev dependencies in Reviewed by Cursor Bugbot for commit 66b1bf6. Bugbot is set up for automated code reviews on this repo. Configure here. |
Package ArtifactsBuilt from 93afdc1. Download artifacts from this workflow run. JS SDK ( npm install ./e2b-2.19.3-mishushakov-dependabot-fixes.0.tgzCLI ( npm install ./e2b-cli-2.10.1-mishushakov-dependabot-fixes.0.tgzPython SDK ( pip install ./e2b-2.20.2+mishushakov.dependabot.fixes-py3-none-any.whl |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 1fb935b. Configure here.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
pytest-asyncio 1.x deprecated the session-scoped event_loop fixture override, which caused class-based async tests to fail with "Event loop is closed" — the per-loop httpx transport cache in AsyncTransportWithLogger was keyed by id(loop), and recycled loop addresses returned stale transports tied to closed loops. Pin tests and fixtures to a single session loop via asyncio_default_fixture_loop_scope and asyncio_default_test_loop_scope, and convert async_sandbox_factory and async_volume to yield-style async fixtures so cleanup runs in the same loop without run_until_complete. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
arkamar
left a comment
arkamar
left a comment
There was a problem hiding this comment.
The change looks good to me, CI seems to be unrelated.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2 participants
Summary
Resolves all 31 open Dependabot alerts across the workspace.
pnpm.overridesto bump vulnerable transitive deps to their patched versions: postcss, vite, lodash, brace-expansion, picomatch (2.x + 4.x), yaml, @tootallnate/once, smol-toml, flatted, and minimatch (3.x/5.x/9.x/10.x).poetry.lock: pytest 7.4 → 9.0.3 (with constraint update inpyproject.toml), pytest-asyncio 0.23 → 1.3 (required for pytest 9), python-dotenv 1.2.2, pygments 2.20.0, requests 2.33.1, black 26.3.1; removed 4 now-unused# ty: ignoredirectives that pytest 9's stricter type signatures made obsolete.Test plan
🤖 Generated with Claude Code