Bump tornado from 6.5.5 to 6.5.7#182
Conversation
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.5 to 6.5.7. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.5.5...v6.5.7) --- updated-dependencies: - dependency-name: tornado dependency-version: 6.5.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
…54280 Addresses 8 CVEs in aiohttp 3.14.0 patched in 3.14.1. Note: torch 2.12.0 CVE-2025-3000 has no fix available upstream yet. Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
Security Vulnerability — No Patch Available Yetaieng-bot found the following security vulnerability reported by pip-audit, but cannot fix it automatically because no patched version has been released to PyPI yet:
Why this cannot be auto-fixedThe vulnerability exists in What was fixed automaticallyThe following aiohttp vulnerabilities were fixed in this update (bumped to 3.14.1):
Recommended next steps
This PR will not be auto-merged until the torch vulnerability is resolved. |
# Conflicts: # pyproject.toml
Add/remove type: ignore comments to address mypy errors from newer transformers stubs: unused ignore on config_class assignments, no-untyped-call on PretrainedConfig subclasses, comparison-overlap on custom problem_type values, and call-arg on group_by_length in TrainingArguments. Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
|
Automated fix applied and PR merged The agentic fix loop successfully fixed this PR and merged it. ✓ Successfully fixed merge_conflict failures - Modified 6 files - Executed 466 agent actions - (292 info, 73 tool_call, 14 error, 66 tool_result, 20 reasoning, 1 action) View detailed trace on dashboard | Raw trace AI Engineering Maintenance Bot |
1 participant
Bumps tornado from 6.5.5 to 6.5.7.
Changelog
Sourced from tornado's changelog.
... (truncated)
Commits
48fc2d4Merge pull request #3633 from bdarnell/curl-reset-654ae1dddRelease notes and version bump for 6.5.73154caacurl_httpclient: Reset the curl object before putting it on the freelist7d869c0Merge pull request #3631 from bdarnell/cve-links288241fdocs: Use the correct link syntax8da981cdocs: Add CVE links to 6.5.6 release notesaba2569Merge pull request #3626 from bdarnell/fixes-656a24b260httpclient_test: Accept an additional error message varianta74240aRelease notes and version bump for 6.5.6.e8fc7edsimple_httpclient: Strip auth headers on cross-origin redirectsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.