Skip to content

Bump onboard package to 0.6.2 with updates#75

Merged
amrit110 merged 1 commit intomainfrom
bump_onboard_0.6.2
Mar 8, 2026
Merged

Bump onboard package to 0.6.2 with updates#75
amrit110 merged 1 commit intomainfrom
bump_onboard_0.6.2

Conversation

@amrit110
Copy link
Member

@amrit110 amrit110 commented Mar 8, 2026

This pull request updates several dependencies in both pyproject.toml and aieng-eval-agents/pyproject.toml to address recent security vulnerabilities (CVEs) and ensure the project uses secure, patched versions of its libraries.

Dependency security updates:

  • Upgraded gradio to version >=6.7.0 in aieng-eval-agents/pyproject.toml to address multiple CVEs (CVE-2026-28414, CVE-2026-27167, CVE-2026-28416, CVE-2026-28415) that were fixed in versions 6.6.0–6.7.0.
  • Upgraded pypdf to version >=6.7.5 in both pyproject.toml and aieng-eval-agents/pyproject.toml to fix CVE-2026-28804 (ASCIIHexDecode DoS vulnerability). [1] [2]
  • Upgraded authlib to version >=1.6.7 in pyproject.toml to fix CVE-2026-28802 (alg:none JWT bypass vulnerability).

Development dependency update:

  • Upgraded aieng-platform-onboard to version >=0.6.2 in the development dependencies group in pyproject.toml.

@amrit110 amrit110 self-assigned this Mar 8, 2026
@amrit110 amrit110 added version New version update, package release dependencies Pull requests that update a dependency file and removed version New version update, package release labels Mar 8, 2026
@amrit110 amrit110 merged commit 20912fb into main Mar 8, 2026
3 checks passed
@amrit110 amrit110 deleted the bump_onboard_0.6.2 branch March 8, 2026 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@amrit110 amrit110

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@amrit110