diff --git a/pyproject.toml b/pyproject.toml index b1ef9062d..278c7d515 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -87,6 +87,9 @@ dependencies = [ # urllib3 2.7.0 fixes GHSA-mf9v-mfxr-j63j (decompression-bomb bypass) # and GHSA-qccp-gfcp-xxvc (header leak across origins). "urllib3>=2.7.0,<3", + # cryptography is pulled in transitively by PyJWT[crypto]; pin it explicitly + # so the WeCom/Weixin crypto paths can't drift below the CVE-fixed floor. + "cryptography==46.0.7", # CVE-2026-39892, CVE-2026-34073 # Windows has no IANA tzdata shipped with the OS, so Python's ``zoneinfo`` # (PEP 615) raises ``ZoneInfoNotFoundError`` for every non-UTC timezone # out of the box. ``tzdata`` ships the Olson database as a data package @@ -155,9 +158,9 @@ modal = ["modal==1.3.4"] daytona = ["daytona==0.155.0"] hindsight = ["hindsight-client==0.6.1"] dev = ["debugpy==1.8.20", "pytest==9.0.2", "pytest-asyncio==1.3.0", "mcp==1.26.0", "starlette==1.0.1", "ty==0.0.21", "ruff==0.15.10", "setuptools==81.0.0"] # starlette: CVE-2026-48710; setuptools: latest <82 (torch >=2.11 caps setuptools<82) -messaging = ["python-telegram-bot[webhooks]==22.6", "discord.py[voice]==2.7.1", "aiohttp==3.13.4", "brotlicffi==1.2.0.1", "slack-bolt==1.27.0", "slack-sdk==3.40.1", "qrcode==7.4.2"] # aiohttp: CVE-2026-34513/34518/34519/34520/34525 +messaging = ["python-telegram-bot[webhooks]==22.6", "discord.py[voice]==2.7.1", "aiohttp==3.14.0", "brotlicffi==1.2.0.1", "slack-bolt==1.27.0", "slack-sdk==3.40.1", "qrcode==7.4.2"] # aiohttp 3.14.0: CVE-2026-34513/34518/34519/34520/34525 + 34993(RCE)/47265 cron = [] # croniter is now a core dependency; this extra kept for back-compat -slack = ["slack-bolt==1.27.0", "slack-sdk==3.40.1", "aiohttp==3.13.4"] +slack = ["slack-bolt==1.27.0", "slack-sdk==3.40.1", "aiohttp==3.14.0"] matrix = ["mautrix[encryption]==0.21.0", "aiosqlite==0.22.1", "asyncpg==0.31.0", "aiohttp-socks==0.11.0"] # WeCom callback-mode adapter — parses untrusted XML POST bodies from # WeCom-controlled callback endpoints, so we use defusedxml (drop-in @@ -203,9 +206,9 @@ vision = [] # a vulnerable pre-1.0.1 transitive. Bump in lockstep with uv.lock. mcp = ["mcp==1.26.0", "starlette==1.0.1"] # starlette: CVE-2026-48710 nemo-relay = ["nemo-relay==0.3"] -homeassistant = ["aiohttp==3.13.4"] -sms = ["aiohttp==3.13.4"] -teams = ["microsoft-teams-apps==2.0.13.4", "aiohttp==3.13.4"] +homeassistant = ["aiohttp==3.14.0"] +sms = ["aiohttp==3.14.0"] +teams = ["microsoft-teams-apps==2.0.13.4", "aiohttp==3.14.0"] # aiohttp 3.14.0: CVE-2026-34993(RCE)/47265 + 34513/34518/34519/34520/34525 # Computer use — macOS background desktop control via cua-driver (MCP stdio). # The cua-driver binary itself is installed via `hermes tools` post-setup # (curl install script); this extra just pins the MCP client used to talk diff --git a/tools/lazy_deps.py b/tools/lazy_deps.py index 0bf3424c0..5aa25063d 100644 --- a/tools/lazy_deps.py +++ b/tools/lazy_deps.py @@ -158,7 +158,7 @@ LAZY_DEPS: dict[str, tuple[str, ...]] = { "platform.slack": ( "slack-bolt==1.27.0", "slack-sdk==3.40.1", - "aiohttp==3.13.4", # CVE-2026-34513/34518/34519/34520/34525 + "aiohttp==3.14.0", # CVE-2026-34513/34518/34519/34520/34525 + 34993(RCE)/47265 ), "platform.matrix": ( "mautrix[encryption]==0.21.0",