Remediate GitHub security advisories across pip and npm dependencies#162
Conversation
Bumps transitive (and one direct) dependencies flagged by Dependabot in the workflows/, extension/, and ui/ projects out of their vulnerable ranges. workflows/ (pip; all transitive, via uv constraints/override): - urllib3 2.4.0 -> 2.7.0, pyasn1 0.6.1 -> 0.6.4, protobuf 6.31.1 -> 6.33.6 (kept on 6.x), cryptography 46.0.2 -> 49.0.0, pillow 11.3.0 -> 12.3.0, soupsieve 2.8 -> 2.8.4. aiohttp 3.12.15 -> 3.14.1 via override-dependencies because browser-use==0.9.5 hard-pins aiohttp==3.12.15. extension/ (npm overrides; all transitive): - node-forge 1.4.0, tar 7.5.20, rollup 4.62.2, minimatch per-major (3.1.5 / 9.0.9 / 10.2.5), flatted 3.4.2, picomatch@4 4.0.5, defu 6.1.7, tmp 0.2.7, vite 6.4.3, ws 8.21.0. ui/ (npm; vite direct bump + overrides): - vite 5.4.19 -> 5.4.21, tar 7.5.20, rollup 4.62.2, minimatch per-major (3.1.5 / 5.1.9 / 9.0.9), flatted 3.4.2. Not fixable here: starlette is upstream-blocked -- every fixed release (> 0.49.0) needs a fastapi that supports starlette 1.x, and no released fastapi allows it yet (latest 0.139.0 still caps starlette < 0.49.0).
There was a problem hiding this comment.
Pull request overview
Remediates Dependabot-reported security advisories by lifting vulnerable transitive dependency versions via uv constraints/overrides in workflows/, and via npm overrides (plus a direct vite bump in ui/) in the front-end projects.
Changes:
- Add/expand
uvtransitive security floors (constraint-dependencies) and anaiohttpoverride to bypass an upstream hard pin. - Bump
ui’s directviteversion and add npmoverridesfor vulnerable transitive packages. - Add npm
overridesinextensionand regenerate both npm lockfiles accordingly.
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| workflows/pyproject.toml | Adds security constraint floors and an override for aiohttp under [tool.uv]. |
| ui/package.json | Bumps direct vite and adds npm overrides for transitive remediation. |
| ui/package-lock.json | Lockfile updates reflecting vite bump and override-resolved dependency graph. |
| extension/package.json | Adds npm overrides to force patched transitive versions. |
| extension/package-lock.json | Lockfile updates reflecting the new overrides and resolved versions. |
Files not reviewed (2)
- extension/package-lock.json: Generated file
- ui/package-lock.json: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 26ab94a2c5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # browser-use==0.9.5 hard-pins aiohttp==3.12.15, so a constraint can't lift it; | ||
| # override the pin to clear CVE-2025-69223 (aiohttp <= 3.13.2). | ||
| override-dependencies = [ | ||
| "aiohttp>=3.13.3", |
There was a problem hiding this comment.
Enforce the aiohttp fix outside the uv lock
When the workflows package is released via .github/workflows/publish.yml and installed from PyPI/pip, this [tool.uv] override is not part of the wheel metadata; pip will still see browser-use==0.9.5 and its hard pin to aiohttp==3.12.15. That means the advertised aiohttp advisory fix only works for developers syncing this repo with uv, not for published package consumers.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Good catch — confirmed valid and addressed in 255fd15.
You're right that [tool.uv] override/constraint entries aren't part of the wheel's Requires-Dist (I verified with uv build: the metadata carried only browser-use==0.9.5), so published pip install workflow-use consumers weren't getting the aiohttp fix — browser-use==0.9.5 hard-pins aiohttp==3.12.15.
Rather than the uv override, I bumped browser-use 0.9.5 → 0.13.4, which pins aiohttp==3.13.4 itself, so the fix now travels in the wheel metadata. Removed the redundant override. Verified all workflow_use modules import against 0.13.4, WorkflowController registers its 24 actions, the CLI imports, and the MCP server builds.
…mers Addresses PR review feedback (Codex, P2): the aiohttp fix via [tool.uv] override-dependencies only applied to the uv-managed dev env and the repo lockfile, not to the published wheel metadata (Requires-Dist is generated from [project.dependencies] only). Since workflow-use is published to PyPI, `pip install workflow-use` consumers still resolved browser-use==0.9.5's hard pin of aiohttp==3.12.15 (CVE-2025-69223). browser-use 0.13.4 pins aiohttp==3.13.4 itself, so the fix now travels in the wheel's Requires-Dist. Removed the now-redundant [tool.uv] aiohttp override and aligned markdownify==1.2.2 to browser-use's pin. Verified against browser-use 0.13.4: all workflow_use modules import, WorkflowController registers its 24 actions, cli imports, the MCP server builds via get_mcp_server(), and ruff passes.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 255fd1586a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
All reported issues were addressed across 2 files (changes from recent commits).
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
Summary
Remediates the GitHub Dependabot advisories that live in this repo, across all three dependency projects:
workflows/(pip/uv),extension/(npm), andui/(npm).All bumps were verified:
uv sync+ import of everybrowser_use-integratingworkflow_usemodule + the CLI + MCP-server build;wxt buildfor the extension;vite buildfor the ui.workflows/— pipbrowser-use0.9.5 → 0.13.4 (direct). This is the key change: browser-use 0.9.5 hard-pinnedaiohttp==3.12.15(CVE-2025-69223), and a[tool.uv]override does not reach the published wheel'sRequires-Dist(verified withuv build), sopip install workflow-useconsumers stayed vulnerable. browser-use 0.13.4 pinsaiohttp==3.13.4itself, so the fix now travels in wheel metadata. (Thanks @chatgpt-codex-connector for flagging this.)markdownifybumped 1.2.0 → 1.2.2 to match browser-use's pin.The remaining pip fixes are transitive, held to safe floors via
[tool.uv] constraint-dependencies:aiohttp<= 3.13.2)urllib3pyasn1<= 0.6.2)protobuf<= 6.33.4) — kept on 6.xcryptography< 48.0.1)pillow< 12.2.0)soupsieve<= 2.8.3)extension/— npmoverrides(all transitive)node-forge1.4.0,tar7.5.20,rollup4.62.2,minimatchper-major (@3→3.1.5,@9→9.0.9,@10→10.2.5),flatted3.4.2,picomatch@4→4.0.5,defu6.1.7,tmp0.2.7,vite6.4.3,ws8.21.0. (Existingshell-quote1.10.0 override retained.)ui/— npmvite5.4.19 → 5.4.21 (direct) plusoverrides:tar7.5.20,rollup4.62.2,minimatchper-major (@3→3.1.5,@5→5.1.9,@9→9.0.9),flatted3.4.2.Per-major
minimatch/picomatchselectors avoid forcing unaffected majors (e.g. CommonJSminimatch@3,picomatch@2) up to breaking ESM-era versions.Not remediated (out of scope / blocked)
starlette(stays 0.46.2) — upstream-blocked. All three starlette advisories (CVE-2025-62727, CVE-2026-48818, CVE-2026-54283) are only fixed in> 0.49.0/>= 1.3.1, but every releasedfastapi— including the latest 0.139.0 — still requiresstarlette < 0.49.0. No starlette version both clears these CVEs and satisfies fastapi, so this can't be fixed until fastapi ships starlette 1.x support.browsercodeandsdkadvisories are not in this repo. Those advisory labels (wrangler, astro, @astrojs/cloudflare, @opentelemetry/sdk-node, @grpc/grpc-js, fast-uri, …) point to manifests that don't exist inbrowser-use/workflow-useand must be fixed in their own repositories.Verification
uv lock+uv syncresolve cleanly against browser-use 0.13.4.workflow_usemodules import;WorkflowController()registers its 24 actions;cliimports; MCP server builds viaget_mcp_server();ruff checkpasses.extension:npm run build(wxt) succeeds with Vite 6.4.3.ui:vite buildbundles cleanly with 5.4.21 + overrides. Note:npm run buildalso runstsc, which fails on a pre-existing type error (node-config-menu.tsx:286) present onmainand unrelated to these changes.