Skip to content

Security updates#433

Open
github-actions[bot] wants to merge 1 commit into
masterfrom
security-updates
Open

Security updates#433
github-actions[bot] wants to merge 1 commit into
masterfrom
security-updates

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Security Vulnerability Report

Generated on: 2026-07-14 02:44:44

Summary

Found vulnerabilities in 4 packages requiring updates.

Package Upgrades Overview

Package Current Version Recommended Version Vulnerabilities
click 8.2.1 8.3.3 1
mistune 3.2.1 3.3.0 10
pillow 12.2.0 12.3.0 5
soupsieve 2.7 2.8.4 2

Detailed Vulnerability Information

click (v8.2.1)

Vulnerability ID Fix Versions Aliases
PYSEC-2026-2132 8.3.3 CVE-2026-7246, GHSA-47fr-3ffg-hgmw

mistune (v3.2.1)

Vulnerability ID Fix Versions Aliases
PYSEC-2026-2217 3.3.0 GHSA-qfrw-5rxm-mhh2, CVE-2026-59929
PYSEC-2026-2214 3.3.0 GHSA-g97x-gvcm-x72h, CVE-2026-59926
PYSEC-2026-2215 3.3.0 GHSA-8mpj-m6qm-5qr8, CVE-2026-59927
PYSEC-2026-2212 3.3.0 CVE-2026-59924, GHSA-r4rv-85jg-w4mf
PYSEC-2026-2216 3.3.0 GHSA-ffq3-xpv3-j92q, CVE-2026-59928
PYSEC-2026-2213 3.3.0 CVE-2026-59925, GHSA-4j32-57v6-6g45
PYSEC-2026-2218 3.3.0 CVE-2026-59930, GHSA-2hm2-hc3v-44h9
PYSEC-2026-2211 3.3.0 CVE-2026-59923, GHSA-8c25-4j27-2rv3
PYSEC-2026-2210 3.3.0 CVE-2026-59922, GHSA-c8j7-8cv4-2xmq
PYSEC-2026-2652 3.3.0 CVE-2026-49851, GHSA-qcq2-496w-v96p

pillow (v12.2.0)

Vulnerability ID Fix Versions Aliases
PYSEC-2026-2253 12.3.0 CVE-2026-54059, GHSA-8v84-f9pq-wr9x
PYSEC-2026-2255 12.3.0 CVE-2026-55379, GHSA-45hq-cxwh-f6vc
PYSEC-2026-2257 12.3.0 CVE-2026-55798, GHSA-4x4j-2g7c-83w6
PYSEC-2026-2256 12.3.0 GHSA-phj9-mv4w-65pm, CVE-2026-55380
PYSEC-2026-2254 12.3.0 CVE-2026-54060, GHSA-5x94-69rx-g8h2

soupsieve (v2.7)

Vulnerability ID Fix Versions Aliases
PYSEC-2026-3072 2.8.4 CVE-2026-49477, GHSA-836r-79rf-4m37
PYSEC-2026-3071 2.8.4 CVE-2026-49476, GHSA-2wc2-fm75-p42x

Recommended Actions

  1. Review the vulnerability details above.
  2. Close and reopen this PR to trigger CI/CD tests.
  3. Approve and merge the PR if everything looks good.

This report was generated automatically. Please verify all upgrades before applying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants