PB-2275: Upgrade black to >=26.3.1 (arbitrary file write fix)#86
Merged
cjfuller-dev merged 2 commits intoMay 6, 2026
Merged
Conversation
cjfuller-dev
force-pushed
the
PB-2275-chris-dependabot-black-arbitrary-file-writes-in-types
branch
from
858b972 to
0e4918a
Compare
cjfuller-dev
commented
May 5, 2026
Required because ^24.10.0 caps at <25.0.0 which excludes the fix version.
Resolves PB-2275 (CVE-2026-32274)
cjfuller-dev
force-pushed
the
PB-2275-chris-dependabot-black-arbitrary-file-writes-in-types
branch
from
0e4918a to
610097d
Compare
cariad
approved these changes
May 6, 2026
cjfuller-dev
deleted the
PB-2275-chris-dependabot-black-arbitrary-file-writes-in-types
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes Dependabot alert: Black arbitrary file writes from unsanitized user input in cache file name (CVE-2026-32274).
Upgraded black to >=26.3.1 which sanitizes the --python-cell-magics option value before using it in cache file names.
Resolves PB-2275