Skip to content

fix(docs): upgrade vulnerable dependencies#121

Merged
hackfisher merged 3 commits into
mainfrom
codex/fix-docs-security-dependencies
Jun 11, 2026
Merged

fix(docs): upgrade vulnerable dependencies#121
hackfisher merged 3 commits into
mainfrom
codex/fix-docs-security-dependencies

Conversation

@fewensa

@fewensa fewensa commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • remove the deprecated polyfill.io script from the MkDocs JavaScript bundle
  • refresh the Poetry lockfile so Dependabot-alerted packages resolve to patched versions
  • add explicit least-privilege GITHUB_TOKEN permissions to the preview/staging workflows flagged by CodeQL

Security notes

  • GitHub Dependabot alerts were open for vulnerable pip packages in poetry.lock
  • Patched versions now include GitPython 3.1.50, urllib3 2.7.0, requests 2.34.2, Jinja2 3.1.6, Markdown 3.10.2, Pygments 2.20.0, pymdown-extensions 10.21.3, and idna 3.18
  • The published site was loading https://polyfill.io/v3/polyfill.min.js?features=es6; this PR removes that external script
  • Code scanning alerts actions/missing-workflow-permissions for deploy-dev.yml and deploy-stg.yml are addressed with explicit permissions blocks

Validation

  • uvx --from poetry==1.8.3 poetry check
  • uvx --from poetry==1.8.3 poetry install --no-root
  • uvx --from poetry==1.8.3 poetry run mkdocs build
  • uvx pip-audit -r exported-requirements.txt: No known vulnerabilities found
  • rg polyfill.io against source and generated site returned no matches
  • git diff --check

@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 11, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 86168ee77e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread poetry.lock Outdated
@fewensa fewensa mentioned this pull request Jun 11, 2026
Closed
hackfisher
hackfisher previously approved these changes Jun 11, 2026
View reviewed changes
@hackfisher hackfisher enabled auto-merge June 11, 2026 15:05
@hackfisher hackfisher disabled auto-merge June 11, 2026 15:13
@hackfisher hackfisher merged commit 45fcee8 into main Jun 11, 2026
3 checks passed
@hackfisher hackfisher deleted the codex/fix-docs-security-dependencies branch June 11, 2026 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments
@hackfisher hackfisher hackfisher approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fewensa @hackfisher