From 95d648210c39be5d2a2081ed7bb23193456e2d72 Mon Sep 17 00:00:00 2001 From: derekc Date: Mon, 25 May 2026 01:03:57 -0700 Subject: [PATCH] Patch CRITICAL/HIGH CVEs: python-jose 3.5.0, python-multipart 0.0.29 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - python-jose 3.3.0 → 3.5.0 (CVE-2024-33663: CRITICAL, algorithm confusion) - python-multipart 0.0.20 → 0.0.29 (CVE-2026-24486, CVE-2026-42561: HIGH) Co-Authored-By: Claude Sonnet 4.6 --- backend/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/requirements.txt b/backend/requirements.txt index 8f757c8..9b56e94 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -3,10 +3,10 @@ uvicorn[standard]==0.32.1 sqlalchemy[asyncio]==2.0.50 aiomysql==0.3.2 pydantic-settings==2.7.0 -python-jose[cryptography]==3.3.0 +python-jose[cryptography]==3.5.0 passlib[bcrypt]==1.7.4 bcrypt==4.0.1 -python-multipart==0.0.20 +python-multipart==0.0.29 pytz==2024.2 email-validator==2.2.0 slowapi==0.1.9