Skip to content

Commit aae2eb9

Browse files
B4nanvdusek
B4nan
and
vdusek
authored
fix: update black to fix ReDoS vulnerability (#582)
## Summary - Addresses Dependabot alert #65 (medium severity) - Updates `black` to ≥24.3.0 to fix CVE-2024-21503 (Regular Expression Denial of Service) - Added explicit constraint in dev dependencies ## Test plan - [x] `uv lock` completes successfully - [x] black version updated to 26.1.0 - [x] CI tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Vlada Dusek <v.dusek96@gmail.com>
1 parent 1939b7f commit aae2eb9

File tree

2 files changed

+82
-22
lines changed

2 files changed

+82
-22
lines changed

pyproject.toml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,11 @@ dependencies = [
4242

4343
[dependency-groups]
4444
dev = [
45+
# TODO: Remove this constraint once pydoc-markdown updates its dependencies.
46+
# Package pydoc-markdown is unmaintained and pins old docspec-python with vulnerable black.
47+
# See https://github.com/apify/apify-client-python/pull/582/ for more details.
48+
# We explicitly constrain black>=24.3.0 to override the transitive dependency.
49+
"black>=24.3.0",
4550
"dycw-pytest-only<3.0.0",
4651
"griffe",
4752
"poethepoet<1.0.0",

0 commit comments

Comments
 (0)