Skip to content

Remediate GitHub security advisories across pip and npm dependencies#162

Merged
sauravpanda merged 2 commits into
mainfrom
fix/security-dependency-remediation
Jul 13, 2026
Merged

Remediate GitHub security advisories across pip and npm dependencies#162
sauravpanda merged 2 commits into
mainfrom
fix/security-dependency-remediation

Conversation

@sauravpanda

@sauravpanda sauravpanda commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Remediates the GitHub Dependabot advisories that live in this repo, across all three dependency projects: workflows/ (pip/uv), extension/ (npm), and ui/ (npm).

All bumps were verified: uv sync + import of every browser_use-integrating workflow_use module + the CLI + MCP-server build; wxt build for the extension; vite build for the ui.

workflows/ — pip

browser-use 0.9.5 → 0.13.4 (direct). This is the key change: browser-use 0.9.5 hard-pinned aiohttp==3.12.15 (CVE-2025-69223), and a [tool.uv] override does not reach the published wheel's Requires-Dist (verified with uv build), so pip install workflow-use consumers stayed vulnerable. browser-use 0.13.4 pins aiohttp==3.13.4 itself, so the fix now travels in wheel metadata. (Thanks @chatgpt-codex-connector for flagging this.) markdownify bumped 1.2.0 → 1.2.2 to match browser-use's pin.

The remaining pip fixes are transitive, held to safe floors via [tool.uv] constraint-dependencies:

Package After Advisory (vulnerable range)
aiohttp 3.13.4 (via browser-use) CVE-2025-69223 (<= 3.13.2)
urllib3 2.7.0 CVE-2026-44431 / CVE-2025-66418 / CVE-2025-66471 / CVE-2026-21441
pyasn1 0.6.4 CVE-2026-23490 / CVE-2026-30922 (<= 0.6.2)
protobuf 6.33.6 CVE-2026-0994 (<= 6.33.4) — kept on 6.x
cryptography 49.0.0 CVE-2026-26007 / GHSA-537c-gmf6-5ccf (< 48.0.1)
pillow 12.2.0 CVE-2026-25990 / CVE-2026-40192 / CVE-2026-42311 (< 12.2.0)
soupsieve 2.8.4 CVE-2026-49476 / CVE-2026-49477 (<= 2.8.3)

extension/ — npm overrides (all transitive)

node-forge 1.4.0, tar 7.5.20, rollup 4.62.2, minimatch per-major (@3→3.1.5, @9→9.0.9, @10→10.2.5), flatted 3.4.2, picomatch@4→4.0.5, defu 6.1.7, tmp 0.2.7, vite 6.4.3, ws 8.21.0. (Existing shell-quote 1.10.0 override retained.)

ui/ — npm

vite 5.4.19 → 5.4.21 (direct) plus overrides: tar 7.5.20, rollup 4.62.2, minimatch per-major (@3→3.1.5, @5→5.1.9, @9→9.0.9), flatted 3.4.2.

Per-major minimatch/picomatch selectors avoid forcing unaffected majors (e.g. CommonJS minimatch@3, picomatch@2) up to breaking ESM-era versions.

Not remediated (out of scope / blocked)

  • starlette (stays 0.46.2) — upstream-blocked. All three starlette advisories (CVE-2025-62727, CVE-2026-48818, CVE-2026-54283) are only fixed in > 0.49.0 / >= 1.3.1, but every released fastapi — including the latest 0.139.0 — still requires starlette < 0.49.0. No starlette version both clears these CVEs and satisfies fastapi, so this can't be fixed until fastapi ships starlette 1.x support.
  • browsercode and sdk advisories are not in this repo. Those advisory labels (wrangler, astro, @astrojs/cloudflare, @opentelemetry/sdk-node, @grpc/grpc-js, fast-uri, …) point to manifests that don't exist in browser-use/workflow-use and must be fixed in their own repositories.

Verification

  • uv lock + uv sync resolve cleanly against browser-use 0.13.4.
  • All workflow_use modules import; WorkflowController() registers its 24 actions; cli imports; MCP server builds via get_mcp_server(); ruff check passes.
  • extension: npm run build (wxt) succeeds with Vite 6.4.3.
  • ui: vite build bundles cleanly with 5.4.21 + overrides. Note: npm run build also runs tsc, which fails on a pre-existing type error (node-config-menu.tsx:286) present on main and unrelated to these changes.

Bumps transitive (and one direct) dependencies flagged by Dependabot in
the workflows/, extension/, and ui/ projects out of their vulnerable ranges.

workflows/ (pip; all transitive, via uv constraints/override):
- urllib3 2.4.0 -> 2.7.0, pyasn1 0.6.1 -> 0.6.4, protobuf 6.31.1 -> 6.33.6
  (kept on 6.x), cryptography 46.0.2 -> 49.0.0, pillow 11.3.0 -> 12.3.0,
  soupsieve 2.8 -> 2.8.4. aiohttp 3.12.15 -> 3.14.1 via override-dependencies
  because browser-use==0.9.5 hard-pins aiohttp==3.12.15.

extension/ (npm overrides; all transitive):
- node-forge 1.4.0, tar 7.5.20, rollup 4.62.2, minimatch per-major
  (3.1.5 / 9.0.9 / 10.2.5), flatted 3.4.2, picomatch@4 4.0.5, defu 6.1.7,
  tmp 0.2.7, vite 6.4.3, ws 8.21.0.

ui/ (npm; vite direct bump + overrides):
- vite 5.4.19 -> 5.4.21, tar 7.5.20, rollup 4.62.2, minimatch per-major
  (3.1.5 / 5.1.9 / 9.0.9), flatted 3.4.2.

Not fixable here: starlette is upstream-blocked -- every fixed release
(> 0.49.0) needs a fastapi that supports starlette 1.x, and no released
fastapi allows it yet (latest 0.139.0 still caps starlette < 0.49.0).
Copilot AI review requested due to automatic review settings July 13, 2026 19:12

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Remediates Dependabot-reported security advisories by lifting vulnerable transitive dependency versions via uv constraints/overrides in workflows/, and via npm overrides (plus a direct vite bump in ui/) in the front-end projects.

Changes:

  • Add/expand uv transitive security floors (constraint-dependencies) and an aiohttp override to bypass an upstream hard pin.
  • Bump ui’s direct vite version and add npm overrides for vulnerable transitive packages.
  • Add npm overrides in extension and regenerate both npm lockfiles accordingly.

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
workflows/pyproject.toml Adds security constraint floors and an override for aiohttp under [tool.uv].
ui/package.json Bumps direct vite and adds npm overrides for transitive remediation.
ui/package-lock.json Lockfile updates reflecting vite bump and override-resolved dependency graph.
extension/package.json Adds npm overrides to force patched transitive versions.
extension/package-lock.json Lockfile updates reflecting the new overrides and resolved versions.
Files not reviewed (2)
  • extension/package-lock.json: Generated file
  • ui/package-lock.json: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 26ab94a2c5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread workflows/pyproject.toml Outdated
# browser-use==0.9.5 hard-pins aiohttp==3.12.15, so a constraint can't lift it;
# override the pin to clear CVE-2025-69223 (aiohttp <= 3.13.2).
override-dependencies = [
"aiohttp>=3.13.3",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Enforce the aiohttp fix outside the uv lock

When the workflows package is released via .github/workflows/publish.yml and installed from PyPI/pip, this [tool.uv] override is not part of the wheel metadata; pip will still see browser-use==0.9.5 and its hard pin to aiohttp==3.12.15. That means the advertised aiohttp advisory fix only works for developers syncing this repo with uv, not for published package consumers.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — confirmed valid and addressed in 255fd15.

You're right that [tool.uv] override/constraint entries aren't part of the wheel's Requires-Dist (I verified with uv build: the metadata carried only browser-use==0.9.5), so published pip install workflow-use consumers weren't getting the aiohttp fix — browser-use==0.9.5 hard-pins aiohttp==3.12.15.

Rather than the uv override, I bumped browser-use 0.9.5 → 0.13.4, which pins aiohttp==3.13.4 itself, so the fix now travels in the wheel metadata. Removed the redundant override. Verified all workflow_use modules import against 0.13.4, WorkflowController registers its 24 actions, the CLI imports, and the MCP server builds.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 6 files

Re-trigger cubic

…mers

Addresses PR review feedback (Codex, P2): the aiohttp fix via [tool.uv]
override-dependencies only applied to the uv-managed dev env and the repo
lockfile, not to the published wheel metadata (Requires-Dist is generated
from [project.dependencies] only). Since workflow-use is published to PyPI,
`pip install workflow-use` consumers still resolved browser-use==0.9.5's
hard pin of aiohttp==3.12.15 (CVE-2025-69223).

browser-use 0.13.4 pins aiohttp==3.13.4 itself, so the fix now travels in
the wheel's Requires-Dist. Removed the now-redundant [tool.uv] aiohttp
override and aligned markdownify==1.2.2 to browser-use's pin.

Verified against browser-use 0.13.4: all workflow_use modules import,
WorkflowController registers its 24 actions, cli imports, the MCP server
builds via get_mcp_server(), and ruff passes.
Copilot AI review requested due to automatic review settings July 13, 2026 20:40

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.

Files not reviewed (2)
  • extension/package-lock.json: Generated file
  • ui/package-lock.json: Generated file

Comment thread workflows/pyproject.toml

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 255fd1586a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread workflows/pyproject.toml

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All reported issues were addressed across 2 files (changes from recent commits).

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread workflows/pyproject.toml
@sauravpanda
sauravpanda merged commit 0a1142e into main Jul 13, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants