[PR #30494] Bump fickling to 0.1.6 in api lockfile (Vibe Kanban) #32844

Closed
opened 2026-02-21 20:52:11 -05:00 by yindo · 0 comments
Owner

Original Pull Request: https://github.com/langgenius/dify/pull/30494

State: closed
Merged: No


What

  • Updated api/uv.lock to bump transitive fickling from 0.1.5 to 0.1.6.

Why

  • Address CVE-2025-67747 flagged by Docker Scout; the fix requires fickling>=0.1.6.

Details

  • Dependency chain: dify-api -> weave -> polyfile-weave -> fickling.
  • Lockfile entries were refreshed with the new sdist/wheel URLs and hashes.

Testing

  • Not run (lockfile-only change).

This PR was written using Vibe Kanban

**Original Pull Request:** https://github.com/langgenius/dify/pull/30494 **State:** closed **Merged:** No --- ## What - Updated `api/uv.lock` to bump transitive `fickling` from 0.1.5 to 0.1.6. ## Why - Address CVE-2025-67747 flagged by Docker Scout; the fix requires `fickling>=0.1.6`. ## Details - Dependency chain: `dify-api` -> `weave` -> `polyfile-weave` -> `fickling`. - Lockfile entries were refreshed with the new sdist/wheel URLs and hashes. ## Testing - Not run (lockfile-only change). This PR was written using [Vibe Kanban](https://vibekanban.com)
yindo added the pull-request label 2026-02-21 20:52:11 -05:00
yindo closed this issue 2026-02-21 20:52:11 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: langgenius/dify#32844