fix(security): update dependencies [SECURITY]#566
Merged
renovate[bot] merged 1 commit intomainfrom Mar 13, 2026
Merged
Conversation
renovate
bot
added
chore
dependencies
ansibuddy
approved these changes
Mar 13, 2026
github-project-automation
bot
moved this from Review
to Done
in 🧰 devtools project board
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
26.3.0→26.3.1GitHub Vulnerability Alerts
CVE-2026-32274
Impact
Black writes a cache file, the name of which is computed from various formatting options. The value of the
--python-cell-magicsoption was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations.Patches
Fixed in Black 26.3.1.
Workarounds
Do not allow untrusted user input into the value of the
--python-cell-magicsoption.Release Notes
psf/black (black)
v26.3.1Compare Source
Stable style
exact-length placeholders for short magics and aborting if a placeholder can no longer
be unmasked safely (#5038)
Configuration
--python-cell-magicsso custommagic names cannot affect cache paths (#5038)
Blackd
and request body limits, and bound executor submissions to improve backpressure
(#5039)
Configuration
📅 Schedule: Branch creation - "before 4am" in timezone UTC, Automerge - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone UTC.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.