chore: merge dev to master - security updates & e2e fix

Bentlybro · Bentlybro · commit 76c368cadde7 · 2026-02-17T10:58:48.000Z
- Security fixes: authlib 1.6.8, werkzeug 3.1.5, urllib3 &gt;=2.6.0
- Dependency updates: flask-socketio 5.6.0, pre-commit 4.5.1, psutil 7.2.2
- Docker: Python 3.13 → 3.14
- E2E tests rewritten and fixed
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ jobs:
         python-version: ["3.12"]
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v6
diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Set up Python
       uses: actions/setup-python@v6
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -11,7 +11,7 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
           fetch-depth: 2
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.13-slim
+FROM python:3.14-slim
 
 # Set working directory
 WORKDIR /app
diff --git a/requirements.txt b/requirements.txt
@@ -3,9 +3,9 @@ Flask[async]==3.1.2
 Flask-SQLAlchemy==3.1.1
 Flask-Login==0.6.3
 Flask-WTF==1.2.2
-Flask-SocketIO==5.5.1
+Flask-SocketIO==5.6.0
 WTForms==3.2.1
-Werkzeug==3.1.4
+Werkzeug==3.1.5
 
 # OpenAI integration
 openai>=1.55.3
@@ -14,21 +14,22 @@ httpx[http2]
 
 # Security and utilities
 bcrypt==5.0.0
-python-dotenv==1.1.1
+python-dotenv==1.2.1
 requests==2.32.5
-pre-commit==4.3.0
-pydantic==2.12.0
+urllib3>=2.6.0  # Security fix for CVE-2024-37891
+pre-commit==4.5.1
+pydantic==2.12.5
 Flask-Talisman==1.1.0
-Authlib==1.6.5
-psutil==7.1.0
+Authlib==1.6.8
+psutil==7.2.2
 sentry-sdk[flask]
 
 # Database support
-psycopg2-binary==2.9.10
+psycopg2-binary==2.9.11
 
 # BeautifulSoup
-beautifulsoup4==4.14.2
+beautifulsoup4==4.14.3
 
 # Async support
 asyncio
-asyncpg==0.30.0
+asyncpg==0.31.0

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM python:3.13-slim`
	`1`	`+FROM python:3.14-slim`
`2`	`2`
`3`	`3`	`# Set working directory`
`4`	`4`	`WORKDIR /app`