Commit
Β·
a5ad664
1
Parent(s):
915b009
fix(security): Upgrade mcp to 1.23.0 to fix GHSA-9h52-p55h-vw2f
Browse filespip-audit flagged mcp 1.22.0 as vulnerable. Pinning to >=1.23.0
resolves the security issue.
Lock file updated: mcp 1.22.0 β 1.23.1
- pyproject.toml +2 -0
- uv.lock +5 -3
pyproject.toml
CHANGED
|
@@ -20,6 +20,8 @@ dependencies = [
|
|
| 20 |
"huggingface-hub>=0.24.0", # Hugging Face Inference API - 0.24.0 required for stable chat_completion with tools
|
| 21 |
# UI
|
| 22 |
"gradio[mcp]>=6.0.0", # Chat interface with MCP server support (6.0 required for css in launch())
|
|
|
|
|
|
|
| 23 |
# Utils
|
| 24 |
"python-dotenv>=1.0", # .env loading
|
| 25 |
"tenacity>=8.2", # Retry logic
|
|
|
|
| 20 |
"huggingface-hub>=0.24.0", # Hugging Face Inference API - 0.24.0 required for stable chat_completion with tools
|
| 21 |
# UI
|
| 22 |
"gradio[mcp]>=6.0.0", # Chat interface with MCP server support (6.0 required for css in launch())
|
| 23 |
+
# Security: Pin mcp to fix GHSA-9h52-p55h-vw2f
|
| 24 |
+
"mcp>=1.23.0",
|
| 25 |
# Utils
|
| 26 |
"python-dotenv>=1.0", # .env loading
|
| 27 |
"tenacity>=8.2", # Retry logic
|
uv.lock
CHANGED
|
@@ -1130,6 +1130,7 @@ dependencies = [
|
|
| 1130 |
{ name = "langgraph" },
|
| 1131 |
{ name = "langgraph-checkpoint-sqlite" },
|
| 1132 |
{ name = "limits" },
|
|
|
|
| 1133 |
{ name = "openai" },
|
| 1134 |
{ name = "pydantic" },
|
| 1135 |
{ name = "pydantic-ai" },
|
|
@@ -1195,6 +1196,7 @@ requires-dist = [
|
|
| 1195 |
{ name = "llama-index-embeddings-openai", marker = "extra == 'modal'" },
|
| 1196 |
{ name = "llama-index-llms-openai", marker = "extra == 'modal'" },
|
| 1197 |
{ name = "llama-index-vector-stores-chroma", marker = "extra == 'modal'" },
|
|
|
|
| 1198 |
{ name = "modal", marker = "extra == 'modal'", specifier = ">=0.63.0" },
|
| 1199 |
{ name = "mypy", marker = "extra == 'dev'", specifier = ">=1.10" },
|
| 1200 |
{ name = "openai", specifier = ">=1.0.0" },
|
|
@@ -3007,7 +3009,7 @@ wheels = [
|
|
| 3007 |
|
| 3008 |
[[package]]
|
| 3009 |
name = "mcp"
|
| 3010 |
-
version = "1.
|
| 3011 |
source = { registry = "https://pypi.org/simple" }
|
| 3012 |
dependencies = [
|
| 3013 |
{ name = "anyio" },
|
|
@@ -3025,9 +3027,9 @@ dependencies = [
|
|
| 3025 |
{ name = "typing-inspection" },
|
| 3026 |
{ name = "uvicorn", marker = "sys_platform != 'emscripten'" },
|
| 3027 |
]
|
| 3028 |
-
sdist = { url = "https://files.pythonhosted.org/packages/
|
| 3029 |
wheels = [
|
| 3030 |
-
{ url = "https://files.pythonhosted.org/packages/
|
| 3031 |
]
|
| 3032 |
|
| 3033 |
[package.optional-dependencies]
|
|
|
|
| 1130 |
{ name = "langgraph" },
|
| 1131 |
{ name = "langgraph-checkpoint-sqlite" },
|
| 1132 |
{ name = "limits" },
|
| 1133 |
+
{ name = "mcp" },
|
| 1134 |
{ name = "openai" },
|
| 1135 |
{ name = "pydantic" },
|
| 1136 |
{ name = "pydantic-ai" },
|
|
|
|
| 1196 |
{ name = "llama-index-embeddings-openai", marker = "extra == 'modal'" },
|
| 1197 |
{ name = "llama-index-llms-openai", marker = "extra == 'modal'" },
|
| 1198 |
{ name = "llama-index-vector-stores-chroma", marker = "extra == 'modal'" },
|
| 1199 |
+
{ name = "mcp", specifier = ">=1.23.0" },
|
| 1200 |
{ name = "modal", marker = "extra == 'modal'", specifier = ">=0.63.0" },
|
| 1201 |
{ name = "mypy", marker = "extra == 'dev'", specifier = ">=1.10" },
|
| 1202 |
{ name = "openai", specifier = ">=1.0.0" },
|
|
|
|
| 3009 |
|
| 3010 |
[[package]]
|
| 3011 |
name = "mcp"
|
| 3012 |
+
version = "1.23.1"
|
| 3013 |
source = { registry = "https://pypi.org/simple" }
|
| 3014 |
dependencies = [
|
| 3015 |
{ name = "anyio" },
|
|
|
|
| 3027 |
{ name = "typing-inspection" },
|
| 3028 |
{ name = "uvicorn", marker = "sys_platform != 'emscripten'" },
|
| 3029 |
]
|
| 3030 |
+
sdist = { url = "https://files.pythonhosted.org/packages/12/42/10c0c09ca27aceacd8c428956cfabdd67e3d328fe55c4abc16589285d294/mcp-1.23.1.tar.gz", hash = "sha256:7403e053e8e2283b1e6ae631423cb54736933fea70b32422152e6064556cd298", size = 596519 }
|
| 3031 |
wheels = [
|
| 3032 |
+
{ url = "https://files.pythonhosted.org/packages/9f/9e/26e1d2d2c6afe15dfba5ca6799eeeea7656dce625c22766e4c57305e9cc2/mcp-1.23.1-py3-none-any.whl", hash = "sha256:3ce897fcc20a41bd50b4c58d3aa88085f11f505dcc0eaed48930012d34c731d8", size = 231433 },
|
| 3033 |
]
|
| 3034 |
|
| 3035 |
[package.optional-dependencies]
|