Skip to content

ROB-628: bump pyjwt and cryptography to fix CVEs#25

Open
Avi-Robusta wants to merge 1 commit into
mainfrom
avi/rob-628-cve-robusta-cli
Open

ROB-628: bump pyjwt and cryptography to fix CVEs#25
Avi-Robusta wants to merge 1 commit into
mainfrom
avi/rob-628-cve-robusta-cli

Conversation

@Avi-Robusta

Copy link
Copy Markdown
Contributor

Sub-issue ROB-628 of ROB-595. Fixes the CVEs flagged for robusta-cli in the 2026-07-14 Vanta scan.

Package From To CVE
pyjwt 2.12.1 2.13.0 CVE-2026-48526 (High)
cryptography 46.0.7 48.0.1 GHSA-537c-gmf6-5ccf (High)

Only these two packages change version in the lock. robusta-cli is a CLI (no cluster deployment).

🤖 Generated with Claude Code

- pyjwt 2.12.1 -> 2.13.0 (CVE-2026-48526, High)
- cryptography 46.0.7 -> 48.0.1 (GHSA-537c-gmf6-5ccf, High)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant