starred/ServerKit
1
0
Fork 0
mirror of https://github.com/jhd3197/ServerKit.git synced 2026-04-26 08:25:59 +03:00
Code Issues 3 Projects Releases 2 Packages Wiki Activity

[PR #17] [MERGED] Add Bandit + Safety security scanning to CI and fix vulnerable deps #22

New issue
Closed
opened 2026-03-02 11:44:10 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 11:44:10 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/jhd3197/ServerKit/pull/17
Author: @jhd3197
Created: 2/12/2026
Status: Merged
Merged: 2/12/2026
Merged by: @jhd3197

Base: mainHead: dev

📝 Commits (2)

  • 9604e1e Add Bandit + Safety security scanning to CI and fix vulnerable deps
  • d9e12d1 chore: bump version to 1.2.85 [skip ci]

📊 Changes

4 files changed (+91 additions, -12 deletions)

View changed files

.github/workflows/security-scan.yml (+70 -0)
📝 VERSION (+1 -1)
backend/.bandit (+9 -0)
📝 backend/requirements.txt (+11 -11)

📄 Description

  • Add .github/workflows/security-scan.yml with Bandit SAST and Safety dependency scanning (requires SAFETY_API_KEY secret)
  • Add backend/.bandit config to skip expected noise (B404, B603, B607)
  • Update vulnerable dependencies: gunicorn 21.2.0 → 22.0.0 (CVE-2024-1135 HTTP smuggling) gevent 23.9.1 → 25.4.2 (HTTP smuggling + race condition) python-socketio 5.10.0 → 5.14.0 (CVE-2025-61765 deserialization) cryptography 42.0.0 → 44.0.3 (multiple CVEs) requests 2.31.0 → 2.32.5 (vulnerability fixes) Flask-Cors 4.0.0 → 5.0.1, Flask-SocketIO 5.3.6 → 5.4.1 python-engineio 4.8.1 → 4.11.2
  • Pin previously unpinned deps: schedule, passlib, bcrypt

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jhd3197/ServerKit/pull/17 **Author:** [@jhd3197](https://github.com/jhd3197) **Created:** 2/12/2026 **Status:** ✅ Merged **Merged:** 2/12/2026 **Merged by:** [@jhd3197](https://github.com/jhd3197) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (2) - [`9604e1e`](https://github.com/jhd3197/ServerKit/commit/9604e1ea66870f88587c2f7f5c53545fedf3373b) Add Bandit + Safety security scanning to CI and fix vulnerable deps - [`d9e12d1`](https://github.com/jhd3197/ServerKit/commit/d9e12d1eb14844ad1ad33ebf3b07fa270c7661ed) chore: bump version to 1.2.85 [skip ci] ### 📊 Changes **4 files changed** (+91 additions, -12 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/security-scan.yml` (+70 -0) 📝 `VERSION` (+1 -1) ➕ `backend/.bandit` (+9 -0) 📝 `backend/requirements.txt` (+11 -11) </details> ### 📄 Description - Add .github/workflows/security-scan.yml with Bandit SAST and Safety dependency scanning (requires SAFETY_API_KEY secret) - Add backend/.bandit config to skip expected noise (B404, B603, B607) - Update vulnerable dependencies: gunicorn 21.2.0 → 22.0.0 (CVE-2024-1135 HTTP smuggling) gevent 23.9.1 → 25.4.2 (HTTP smuggling + race condition) python-socketio 5.10.0 → 5.14.0 (CVE-2025-61765 deserialization) cryptography 42.0.0 → 44.0.3 (multiple CVEs) requests 2.31.0 → 2.32.5 (vulnerability fixes) Flask-Cors 4.0.0 → 5.0.1, Flask-SocketIO 5.3.6 → 5.4.1 python-engineio 4.8.1 → 4.11.2 - Pin previously unpinned deps: schedule, passlib, bcrypt --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 11:44:10 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
new-ui
agent-v1.0.3
agent-v1.0.2
agent-v1.0.1
agent-v1.0.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ServerKit#22
No description provided.