Skip to content

fix: updated multiple packages for dependabot#552

Open
Ayaz-Microsoft wants to merge 2 commits intodevfrom
dependabotFix-ayaz
Open

fix: updated multiple packages for dependabot#552
Ayaz-Microsoft wants to merge 2 commits intodevfrom
dependabotFix-ayaz

Conversation

@Ayaz-Microsoft
Copy link
Copy Markdown
Contributor

@Ayaz-Microsoft Ayaz-Microsoft commented Apr 20, 2026

Purpose

  • Vulnerabilities count : Critical-2, High-53, Moderate-50, Low-30

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

@Ayaz-Microsoft Ayaz-Microsoft requested a review from Copilot April 20, 2026 04:48
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency pins/lockfiles across the Python services and the web app to address Dependabot-reported vulnerabilities.

Changes:

  • Bump multiple Python dependencies (e.g., aiohttp, authlib, pygments, pytest, requests, werkzeug, pillow, python-multipart) across ContentProcessor, ContentProcessorAPI, and ContentProcessorWorkflow (pyproject.toml + uv.lock + some requirements.txt).
  • Add a pnpm override to force follow-redirects@^1.16.0 and refresh pnpm-lock.yaml accordingly.
  • Refresh related transitive lock entries (sdists/wheels metadata) as part of lock regeneration.

Reviewed changes

Copilot reviewed 6 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/ContentProcessorWorkflow/uv.lock Python lockfile refresh; bumps authlib/pytest/pygments/requests/werkzeug, etc.
src/ContentProcessorWorkflow/pyproject.toml Updates direct pins for authlib and pytest (dev).
src/ContentProcessorWeb/pnpm-lock.yaml Lock refresh reflecting follow-redirects@1.16.0 resolution.
src/ContentProcessorWeb/package.json Adds pnpm.overrides.follow-redirects to enforce patched version.
src/ContentProcessorAPI/uv.lock Lockfile refresh; bumps aiohttp/pygments/pytest/python-multipart/requests, etc.
src/ContentProcessorAPI/requirements.txt Updates some pinned deps used by CI lint job.
src/ContentProcessorAPI/pyproject.toml Updates pinned deps (pygments/python-multipart/pyjwt/pytest).
src/ContentProcessor/uv.lock Lockfile refresh; bumps aiohttp/cryptography/pillow/requests/werkzeug/pytest, etc.
src/ContentProcessor/requirements.txt Updates some pinned deps used by CI test job.
src/ContentProcessor/pyproject.toml Updates pytest pin (dev).
Files not reviewed (1)
  • src/ContentProcessorWeb/pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/ContentProcessorAPI/requirements.txt Outdated
Comment thread src/ContentProcessor/requirements.txt
@Ayaz-Microsoft Ayaz-Microsoft requested a review from Copilot April 20, 2026 06:07
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 11 changed files in this pull request and generated no new comments.

Files not reviewed (1)
  • src/ContentProcessorWeb/pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

This was referenced Apr 20, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner

@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ayaz-Microsoft