[FIX] Patch transitive Python Dependabot alerts (h11, pyarrow, pyjwt, azure-core, protobuf) via uv lock#2039
[FIX] Patch transitive Python Dependabot alerts (h11, pyarrow, pyjwt, azure-core, protobuf) via uv lock#2039jaseemjaskp wants to merge 1 commit into
Conversation
Lock-only upgrades (no pyproject changes) that clear Dependabot alerts: - h11 0.14.0 -> 0.16.0 (+ httpcore 1.0.7 -> 1.0.9) [CRITICAL: request smuggling] in workflow-execution, tool-registry, filesystem - pyarrow 18.1.0 -> 24.0.0 [use-after-free] in root, backend, workers, connectors - pyjwt 2.10.x/2.11.0 -> 2.13.0 [unknown crit headers] in backend, workers, connectors, sdk1, platform-service, prompt-service - azure-core 1.33/1.35 -> 1.41.0 [untrusted deserialization] in connectors, sdk1, platform-service, prompt-service - protobuf 5.29.4 -> 5.29.6 (tool-sidecar) and 6.32.1 -> 6.33.6 (sdk1) [JSON recursion DoS] Verified: all 11 locks pass 'uv lock --check'; h11/httpcore/httpx and pyarrow/azure-core/pyjwt import cleanly. NOT included (capped by parents, need a separate AWS/gRPC bump PR): - urllib3 -> 2.x is held <2 by botocore/boto3 + cloud SDKs (no 1.26.x patch exists for these CVEs) - protobuf -> 5.x in root/backend/workers/connectors is held <5 by grpcio/google-* libraries
|
No reviewable files after applying ignore patterns. |
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (11)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Unstract test resultsPer-group results
Critical paths
|
|
jaseemjaskp
left a comment
There was a problem hiding this comment.
PR Review — transitive Dependabot lock bumps (#2039)
Scope: lock-only PR — 11 uv.lock files, 6 packages (h11, httpcore, pyarrow, pyjwt, azure-core, protobuf). No pyproject.toml/source/comment/type changes.
What I verified (✅):
uv lock --checkpasses on sampled locks (backend, workers, sdk1, filesystem) — the "verified" claim holds.- Each version bump carries regenerated sdist+wheel
sha256blocks (not just version strings); nospecifier =constraint edits → a clean resolution-only bump. - Commit-message package/target matrix matches the diff exactly.
Repo-wide residual-version audit (every uv.lock at HEAD vs. advisory fix version):
| Package | CVE | Fix version | Residual state | Verdict |
|---|---|---|---|---|
| h11 / httpcore | CVE-2025-43859 (req smuggling) | 0.16.0 / 1.0.9 | all 14 locks at 0.16.0 / 1.0.9 | ✅ clear |
| pyarrow | use-after-free | 24.0.0 | all 4 locks that carry it at 24.0.0 | ✅ clear (see note) |
| pyjwt | CVE-2026-32597 (crit headers) | 2.12.0 | root uv.lock left at 2.12.1; rest 2.13.0 |
✅ safe (≥2.12.0) — cosmetic skew |
| azure-core | CVE-2026-21226 (deser RCE) | 1.38.0 | backend/workers left at 1.38.2; rest 1.41.0 | ✅ safe (≥1.38.0) — cosmetic skew |
| protobuf | CVE-2025-4565 (recursion DoS) | 4.25.8 / 5.29.5 / 6.31.1 | unstract/connectors at 4.25.6 |
🔴 One real residual gap (see inline comment): unstract/connectors/uv.lock still pins protobuf 4.25.6, below the 4.25.8 fix for CVE-2025-4565. The commit's "held <5 by grpcio/google-*" rationale is accurate about the major cap but 4.25.8 is itself a 4.x release within that cap — backend & workers already resolve 4.25.8 under the same grpcio stack, so connectors should reach it too. This is a reachable-but-missed patch.
🟡 Worth a look: pyarrow jumps 18.1.0 → 24.0.0 (six major versions) as a transitive bump. uv lock --check passes so the constraint allows it, but a jump this large warrants a parquet read/write smoke test on backend/workers/connectors, and a check of whether a smaller patched release clears the CVE with less breakage surface.
Benign skews (no action needed): root pyjwt 2.12.1 and backend/workers azure-core 1.38.2 both sit above their advisory fix lines — they explain why Dependabot didn't push those locks. Standardizing them to 2.13.0 / 1.41.0 is optional tidiness, not security.
On the PR Review Toolkit agents: this PR is generated lock files only, so Silent-Failure-Hunter, Type-Design-Analyzer, Comment-Analyzer, and Code-Simplifier have no source/types/comments/logic to analyze (N/A). PR-Test-Analyzer: lock bumps have no unit coverage — CI dependency-install + a smoke run is the effective test gate. The Code-Reviewer pass is the dependency-correctness audit above.
| [[package]] | ||
| name = "azure-core" | ||
| version = "1.33.0" | ||
| version = "1.41.0" |
There was a problem hiding this comment.
🔴 Residual CVE — protobuf not patched in this lock.
This PR bumps azure-core/pyarrow/pyjwt here, but unstract/connectors/uv.lock still pins protobuf 4.25.6. CVE-2025-4565 (uncontrolled recursion → DoS in the pure-Python backend) is fixed in 4.25.8 / 5.29.5 / 6.31.1.
The commit message lists connectors' protobuf as "held <5 by grpcio/google-*" and excludes it — but 4.25.8 is a 4.x release inside that <5 cap. backend/uv.lock and workers/uv.lock already resolve protobuf 4.25.8 under the same grpcio/google stack, so connectors should be able to as well.
Suggested fix: in unstract/connectors, run uv lock --upgrade-package protobuf and confirm it lands on ≥4.25.8, then re-run uv lock --check.
| [[package]] | ||
| name = "pyarrow" | ||
| version = "18.1.0" | ||
| version = "24.0.0" |
There was a problem hiding this comment.
🟡 pyarrow 18.1.0 → 24.0.0 is a six-major-version jump (same in root, workers, connectors). It's purely transitive and uv lock --check passes, so the constraint allows it — but a jump this large can carry API/behaviour changes.
- Please run a parquet read/write smoke test on the backend/workers/connectors paths that touch pyarrow before merge.
- Optional: check whether the pyarrow use-after-free was fixed in an earlier release (e.g. 19/20.x) that would clear the alert with a smaller blast radius.
| [[package]] | ||
| name = "pyarrow" | ||
| version = "18.1.0" | ||
| version = "24.0.0" |
There was a problem hiding this comment.
ℹ️ Root lock's only change is pyarrow → 24.0.0. Note root pyjwt stays at 2.12.1 and root azure-core is 1.41.0 — both ≥ their CVE fix versions (2.12.0 / 1.38.0), so this lock is clean. No action; flagging for the audit trail.
What
Patches transitive Python Dependabot alerts across 11
uv.lockfiles via lock-only upgrades (nopyproject.toml/ pinned-dependency changes). Each bump here clears at least one alert:critheaders)Why
These are the Python Dependabot alerts whose fix is reachable by a pure lock upgrade — the parent constraints already permit the patched version, so no manifest edit is needed. Kept separate from the pinned-dependency upgrades (Django, Authlib, PyMySQL) which require
pyproject.tomlchanges and heavier testing.How
uv lock --upgrade-package <pkg>per affected service, restricted to packages that actually cross the alert threshold.h11was held at 0.14.0 byhttpcore; bumpinghttpcoreto 1.0.9 (a patch) pulls h11 to the patched 0.16.0.Can this PR break any existing features. If yes, please list possible items. If no, please explain why. (PS: Admins do not merge the PR without this section filled)
Low risk.
uv lock --check(resolutions valid & consistent — the same check a frozen Docker build runs).h110.16.0 /httpcore1.0.9 /httpx0.28.1, andpyarrow24.0.0 /azure-core/pyjwt2.13.0 all load cleanly.pyjwt/azure-core/protobufare minor/patch bumps.pyarrow18 → 24 is a major jump but it is transitive (data-layer libraries), resolved cleanly, and imports fine — worth a smoke-test in CI/Docker.Database Migrations
None.
Env Config
None.
Relevant Docs
N/A
Related Issues or PRs
Follows the frontend Dependabot PR (#2038).
Deliberately NOT included (blocked — need a separate AWS/gRPC parent bump)
<2bybotocore/boto3+ cloud SDKs (minio, docker, qdrant, etc.). The relevant CVEs have no 1.26.x patch — fixes exist only in 2.x — so clearing them requires upgrading the AWS SDK stack.<5bygrpcio/google-*libraries; only a 4.25.9 patch is reachable there, which does not cross the advisory threshold.These two warrant a dedicated PR (coordinated parent upgrades + testing).
Dependencies Versions
h11 0.16.0 · httpcore 1.0.9 · pyarrow 24.0.0 · pyjwt 2.13.0 · azure-core 1.41.0 · protobuf 5.29.6 / 6.33.6
Notes on Testing
uv lock --checkacross all 11 locks ✓Screenshots
N/A — lockfile-only.
Checklist
I have read and understood the Contribution Guidelines.