[LIBX] Security dependency upgrades — 4 package(s) (2026-05-05)#29

Open

raghavmehrotra-art wants to merge 1 commit into

Ramakm:mainfrom

raghavmehrotra-art:libx/security-upgrades-0505_1730

raghavmehrotra-art commented May 5, 2026

Security Dependency Upgrades

This PR was automatically generated by LIBX.

Upgrades Summary

Package	Old Version	New Version	CVEs Fixed
`fastapi`	`0.104.1`	`0.109.1`	PYSEC-2024-38, GHSA-qf9m-vfgh-m389
`python-multipart`	`0.0.6`	`0.0.7`	GHSA-2jv5-9r88-3w3p, GHSA-59g5-xgcq-4qw3, GHSA-mj87-hwqh-73pj, GHSA-wp53-j4wj-2cfg
`keras`	`2.14.0`	`3.12.0`	GHSA-36fq-jgmw-4r9c, GHSA-4f3f-g24h-fr8m, GHSA-cjgq-5qmw-rcj6, GHSA-hjqc-jx6g-rwp9, GHSA-mq84-hjqx-cwf2, GHSA-9g7v-8wxv-mwxp, GHSA-28jp-44vh-q42h, GHSA-5478-v2w6-c6q7
`nltk`	`3.8.1`	`3.9`	GHSA-469j-vmhf-r6v7, GHSA-7p94-766c-hgjp, GHSA-cgvx-9447-vcch, GHSA-gfwx-w7gr-fvh7, GHSA-h8wq-7xc4-p3qx, GHSA-jm6w-m3j8-898g, GHSA-rf74-v2fm-23pw, PYSEC-2024-167

Vulnerabilities Fixed

PYSEC-2024-38 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-qf9m-vfgh-m389 (HIGH)

Summary: Duplicate Advisory: FastAPI Content-Type Header ReDoS
Fixed in: 0.109.1
Source: GITHUB

GHSA-2jv5-9r88-3w3p (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-59g5-xgcq-4qw3 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-mj87-hwqh-73pj (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-wp53-j4wj-2cfg (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-36fq-jgmw-4r9c (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-4f3f-g24h-fr8m (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-cjgq-5qmw-rcj6 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-hjqc-jx6g-rwp9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-mq84-hjqx-cwf2 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-9g7v-8wxv-mwxp (HIGH)

Summary: Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Fixed in: 3.12.0
Source: GITHUB

GHSA-28jp-44vh-q42h (HIGH)

Summary: Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Fixed in: 3.12.0
Source: GITHUB

GHSA-5478-v2w6-c6q7 (HIGH)

Summary: Duplicate Advisory: Keras arbitrary code execution vulnerability
Fixed in: 3.9.0
Source: GITHUB

GHSA-469j-vmhf-r6v7 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-7p94-766c-hgjp (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-cgvx-9447-vcch (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-gfwx-w7gr-fvh7 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-h8wq-7xc4-p3qx (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-jm6w-m3j8-898g (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-rf74-v2fm-23pw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-167 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

Verification

Tests: ✅ PASSED (import-check)
Lint: ✅ PASSED

Generated by LIBX


          [LIBX] Security dependency upgrades + code migration

- fastapi: 0.104.1 → 0.109.1 (PYSEC-2024-38, GHSA-qf9m-vfgh-m389)
- python-multipart: 0.0.6 → 0.0.7 (GHSA-2jv5-9r88-3w3p, GHSA-59g5-xgcq-4qw3, GHSA-mj87-hwqh-73pj, GHSA-wp53-j4wj-2cfg)
- keras: 2.14.0 → 3.12.0 (GHSA-36fq-jgmw-4r9c, GHSA-4f3f-g24h-fr8m, GHSA-cjgq-5qmw-rcj6, GHSA-hjqc-jx6g-rwp9, GHSA-mq84-hjqx-cwf2, GHSA-9g7v-8wxv-mwxp, GHSA-28jp-44vh-q42h, GHSA-5478-v2w6-c6q7)
- nltk: 3.8.1 → 3.9 (GHSA-469j-vmhf-r6v7, GHSA-7p94-766c-hgjp, GHSA-cgvx-9447-vcch, GHSA-gfwx-w7gr-fvh7, GHSA-h8wq-7xc4-p3qx, GHSA-jm6w-m3j8-898g, GHSA-rf74-v2fm-23pw, PYSEC-2024-167)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet