mirror of
https://github.com/SigNoz/signoz.git
synced 2026-04-28 06:30:33 +01:00
aeadeacc70
Bumps direct pins pytest>=9.0.3 (GHSA-6w46-j5rx-g56g) and requests>=2.33.0 (GHSA-gc5v-m9x4-r6x2). uv lock --upgrade then refreshes everything transitive, which covers: - cryptography 46.0.3 -> 46.0.7 (GHSA-r6ph-v2qm-q3c2 high, GHSA-p423-j2cm-9vmq medium, GHSA-m959-cc7f-wv43 low) - python-dotenv 1.2.1 -> 1.2.2 (GHSA-mf9w-mj56-hr94) - Pygments 2.19.2 -> 2.20.0 (GHSA-5239-wwwm-4pmq) - jwcrypto 1.5.6 -> 1.5.7 (GHSA-fjrm-76x2-c4q4 — PyPI has 1.5.7, GitHub's advisory hasn't catalogued the patched version yet) Risk: python-keycloak majored 6.0.0 -> 7.1.1. The 7.0 release tightens return-type handling and can now raise TypeError on mismatch. Imports collect cleanly (499 tests) but only the callbackauthn suite exercises KeycloakAdmin at runtime — watch that job in CI.