security: sdk pip-audit findings (pypdf, python-multipart, urllib3, etc.)

## Vulnerability

**Severity:** mixed (high + moderate)
**Source:** Nightshift supervisor security scan 2026-05-13
**Package/file:** sdk/ (Python deps)

## Details
pip-audit on K:/agent47/sdk reports vulnerable versions across multiple deps:

- pypdf 5.8.0 -> 6.10.2+ (16 CVEs)
- pytest 8.4.2 -> 9.0.3 (CVE-2025-71176)
- python-dotenv 1.1.1 -> 1.2.2 (CVE-2026-28684)
- python-multipart 0.0.20 -> 0.0.27 (3 CVEs)
- requests 2.32.5 -> 2.33.0 (CVE-2026-25645)
- urllib3 2.6.3 -> 2.7.0 (2 CVEs)
- uv 0.9.30 -> 0.11.6 (GHSA-pjjw-68hj-v9mw)

## Suggested fix
```bash
cd K:/agent47/sdk
pip install --upgrade pypdf pytest python-dotenv python-multipart requests urllib3 uv
# regenerate lockfile, run tests, commit
```

## Why not auto-fixed
Python dep upgrades require lockfile regeneration + test suite verification; supervisor only auto-fixes npm audit issues that pass build.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

security: sdk pip-audit findings (pypdf, python-multipart, urllib3, etc.) #469

Vulnerability

Details

Suggested fix

Why not auto-fixed

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

security: sdk pip-audit findings (pypdf, python-multipart, urllib3, etc.) #469

Description

Vulnerability

Details

Suggested fix

Why not auto-fixed

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions