Skip to content

Resolve Dependabot Alerts: Upgrade Dependencies#534

Merged
BinoyOza-okta merged 1 commit intomasterfrom
dependabot-alerts-fix
Apr 22, 2026
Merged

Resolve Dependabot Alerts: Upgrade Dependencies#534
BinoyOza-okta merged 1 commit intomasterfrom
dependabot-alerts-fix

Conversation

@BinoyOza-okta
Copy link
Copy Markdown
Contributor

@BinoyOza-okta BinoyOza-okta commented Apr 22, 2026

Resolve Dependabot Alerts: Upgrade Dependencies & GitHub Actions

Summary

This PR addresses multiple Dependabot security alerts and version-bump PRs by upgrading all flagged runtime.

Motivation

Dependabot raised alerts and pull requests for several outdated packages that have known vulnerabilities or have since been superseded by newer secure releases. Rather than merging each Dependabot PR individually, this PR consolidates all the dependency bumps into a single change set for easier review and testing.

Changes

Runtime Dependencies (requirements.txt, setup.py)

Package Previous Version New Version
aenum 3.1.16 3.1.17
aiohttp 3.13.4 3.13.5
jwcrypto 1.5.6 1.5.7
PyJWT 2.12.0 2.12.1
xmltodict 1.0.2 1.0.4

OpenAPI Generator Templates (openapi/templates/)

The mustache templates used for SDK code generation (requirements.mustache, setup.mustache) have been updated to match the new dependency versions so that future regenerations remain consistent.

Files Changed

  • requirements.txt — Bump runtime + dev dependency versions
  • setup.py — Bump runtime dependency version specifiers
  • openapi/templates/requirements.mustache — Mirror requirements.txt updates
  • openapi/templates/setup.mustache — Mirror setup.py updates

Testing

  • CI passes with the updated dependency set (Python 3.10–3.13)
  • Integration tests (pytest tests/integration) pass
  • Linting (flake8) passes with the upgraded flake8 version

Risk Assessment

Low risk. All changes are dependency version bumps to address known Dependabot alerts. No application logic or SDK API changes are included.

@BinoyOza-okta
fix: upgrade dependencies to resolve Dependabot security alerts
406ae48 
Bump runtime to their latest secure versions.

Runtime dependency updates:
- aenum: 3.1.16 → 3.1.17
- aiohttp: 3.13.4 → 3.13.5
- jwcrypto: 1.5.6 → 1.5.7
- PyJWT: 2.12.0 → 2.12.1
- xmltodict: 1.0.2 → 1.0.4
@BinoyOza-okta BinoyOza-okta self-assigned this Apr 22, 2026
dhiwakar-okta
dhiwakar-okta approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@dhiwakar-okta dhiwakar-okta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@BinoyOza-okta BinoyOza-okta merged commit 30ef4ee into master Apr 22, 2026
15 checks passed
@BinoyOza-okta BinoyOza-okta deleted the dependabot-alerts-fix branch April 22, 2026 05:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhiwakar-okta dhiwakar-okta dhiwakar-okta approved these changes

@aniket-okta aniket-okta Awaiting requested review from aniket-okta

@manmohan-shaw-okta manmohan-shaw-okta Awaiting requested review from manmohan-shaw-okta

Assignees

@BinoyOza-okta BinoyOza-okta

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BinoyOza-okta @dhiwakar-okta