Skip to content

[pull] main from modelcontextprotocol:main#329

Merged
pull[bot] merged 1 commit into
threatcode:mainfrom
modelcontextprotocol:main
Jun 29, 2026
Merged

[pull] main from modelcontextprotocol:main#329
pull[bot] merged 1 commit into
threatcode:mainfrom
modelcontextprotocol:main

Conversation

@pull

@pull pull Bot commented Jun 29, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

…lerts (#4398)

Resolves a fresh batch of Dependabot alerts (disclosed 2026-06-15/16,
after PR #4376 merged) across the fetch, git, and time server lockfiles:

- python-multipart 0.0.27 -> 0.0.32 (CVE-2026-53539 HIGH querystring DoS,
  plus CVE-2026-53537/53538/53540 parameter smuggling / buffering)
- cryptography     48.0.0  -> 49.0.0 (GHSA-537c-gmf6-5ccf HIGH, vulnerable
  OpenSSL statically linked in wheels < 48.0.1)
- pyjwt            2.12.1  -> 2.13.0 (HIGH + medium JWT advisories)

All three are transitive deps; lockfiles only. Diff scoped to exactly
these 9 version bumps with no other resolution churn. git server tests
unchanged vs base (43 passed; 37 pre-existing Windows tempdir errors).

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@pull pull Bot locked and limited conversation to collaborators Jun 29, 2026
@pull pull Bot added the ⤵️ pull label Jun 29, 2026
@pull pull Bot merged commit b2a94a2 into threatcode:main Jun 29, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant