Skip to content

chore: resolve open dependabot security alerts#388

Closed
jonathannorris wants to merge 1 commit intomainfrom
fix/dependabot-alerts
Closed

chore: resolve open dependabot security alerts#388
jonathannorris wants to merge 1 commit intomainfrom
fix/dependabot-alerts

Conversation

@jonathannorris
Copy link
Copy Markdown
Member

@jonathannorris jonathannorris commented Apr 28, 2026

Summary

  • Resolved all 6 open Dependabot security alerts by bumping 4 transitive dependencies in uv.lock: urllib3 (3 high-severity alerts), mako, python-dotenv, and pygments
  • No direct dependency constraints needed updating; all vulnerable packages are transitive deps resolved purely in the lockfile

@jonathannorris
chore: resolve open dependabot security alerts
3e490f9 
- urllib3 2.5.0 -> 2.6.3 (high, Dependabot alerts 4, 7, 8)
- mako 1.3.10 -> 1.3.12 (medium, Dependabot alert 27)
- python-dotenv 1.2.1 -> 1.2.2 (medium, Dependabot alert 29)
- pygments 2.19.2 -> 2.20.0 (low, Dependabot alert 14)

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@jonathannorris jonathannorris requested review from a team as code owners April 28, 2026 20:42
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.14%. Comparing base (6d3c5f8) to head (3e490f9).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #388      +/-   ##
==========================================
+ Coverage   95.94%   96.14%   +0.19%     
==========================================
  Files          33       47      +14     
  Lines        1135     1737     +602     
==========================================
+ Hits         1089     1670     +581     
- Misses         46       67      +21

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependencies in the uv.lock file, specifically upgrading mako, pygments, python-dotenv, and urllib3 to newer versions. I have no feedback to provide.

@gruebel
Copy link
Copy Markdown
Member

gruebel commented Apr 29, 2026

thanks! but I think this is already covered by #372

@gruebel gruebel closed this Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beeme1mr beeme1mr Awaiting requested review from beeme1mr

@askpt askpt Awaiting requested review from askpt

@toddbaert toddbaert Awaiting requested review from toddbaert

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathannorris @gruebel