From d3cffa784826c6a07762ce8d8b6e8d86f902f2b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 04:29:05 +0000 Subject: [PATCH 1/2] Bump pip-tools in /.github/utils in the python group across 1 directory Bumps the python group with 1 update in the /.github/utils directory: [pip-tools](https://github.com/jazzband/pip-tools). Updates `pip-tools` from 7.5.2 to 7.5.3 - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md) - [Commits](https://github.com/jazzband/pip-tools/compare/v7.5.2...v7.5.3) --- updated-dependencies: - dependency-name: pip-tools dependency-version: 7.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python ... Signed-off-by: dependabot[bot] --- .github/utils/requirements_audit.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/utils/requirements_audit.txt b/.github/utils/requirements_audit.txt index d41510d8..1761760b 100644 --- a/.github/utils/requirements_audit.txt +++ b/.github/utils/requirements_audit.txt @@ -1 +1 @@ -pip-tools==7.5.2 +pip-tools==7.5.3 From a8a7f2b2befa2f3bb6d78322c1dc3af9fb5c75c7 Mon Sep 17 00:00:00 2001 From: Casper Welzel Andersen Date: Mon, 16 Feb 2026 12:48:03 +0100 Subject: [PATCH 2/2] Ignore diskcache safety issue --- .github/workflows/ci_tests.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci_tests.yml b/.github/workflows/ci_tests.yml index d5c71c8c..56820435 100644 --- a/.github/workflows/ci_tests.yml +++ b/.github/workflows/ci_tests.yml @@ -74,6 +74,12 @@ jobs: uses: pypa/gh-action-pip-audit@v1.1.0 with: inputs: '${{ runner.temp }}/requirements.txt' + # CVE-2025-69872: DiskCache 5.6.3 + # DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. + # An attacker with write access to the cache directory can achieve arbitrary code execution + # when a victim application reads from the cache. + ignore-vulns: | + CVE-2025-69872 pytest: name: pytest (${{ matrix.os[1] }}-py${{ matrix.python-version }})