chore(deps): update bandit requirement from >=1.8.0 to >=1.9.4 by dependabot[bot] · Pull Request #171 · docxology/codomyrmex

dependabot · 2026-04-13T09:49:00Z

Updates the requirements on bandit to permit the latest version.

Release notes

1.9.4

What's Changed

chore: fixed some typos in comments by @jakob1379 in PyCQA/bandit#1351

Bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in PyCQA/bandit#1353

Bump docker/build-push-action from 6.18.0 to 6.19.2 by @dependabot[bot] in PyCQA/bandit#1357

Fix B613 crash when reading from stdin by @worksbyfriday in PyCQA/bandit#1361

Include filename in nosec 'no failed test' warning by @worksbyfriday in PyCQA/bandit#1363

Fix B615 false positive when revision is set via variable by @worksbyfriday in PyCQA/bandit#1358

Lower version guard in check_ast_node to Python 3.12 by @rcgray in PyCQA/bandit#1355

Fix B106 reporting wrong line number on multiline function calls by @worksbyfriday in PyCQA/bandit#1360

New Contributors

@jakob1379 made their first contribution in PyCQA/bandit#1351

@worksbyfriday made their first contribution in PyCQA/bandit#1361

@rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
8f2f928 Fix B615 false positive when revision is set via variable (#1358)
e27493f Include filename in nosec 'no failed test' warning (#1363)
b69b336 Fix B613 crash when reading from stdin (#1361)
e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
c0def6c chore: fixed some typos in comments (#1351)
765f00d Limit B614 to torch.load deserializers (#1348)
06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.8.0...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2026-04-13T09:49:01Z

Labels

The following labels could not be found: automated, dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-04-13T09:50:54Z

📊 File Changes Analysis

Change Analysis

Source Code Changes

src/codomyrmex/api/health.py

Configuration Changes

pyproject.toml

Analysis

⚠️ Dependencies changed - Review dependency updates carefully
⚠️ Source code changed without test updates - Consider adding tests

github-actions · 2026-04-13T09:51:35Z

📦 Dependabot — Dependency update detected.

This PR will be auto-merged if CI passes and it receives the auto-merge label.

github-actions · 2026-04-13T09:51:59Z

🤖 Hi @dependabot[bot], I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

github-actions · 2026-04-13T10:01:30Z

🤖 I'm sorry @dependabot[bot], but I was unable to process your request. Please see the logs for more details.

github-actions · 2026-04-13T10:02:14Z

🔒 Security Scan Results

🔒 Comprehensive Security Report

Generated on: Mon Apr 13 10:02:13 UTC 2026
Repository: docxology/codomyrmex
Commit: e34dfd7

Summary

Dependency Security

Current Dependencies

codomyrmex v1.2.7
├── agent-client-protocol v0.8.1
│   └── pydantic v2.12.5
│       ├── annotated-types v0.7.0
│       ├── pydantic-core v2.41.5
│       │   └── typing-extensions v4.15.0
│       ├── typing-extensions v4.15.0
│       └── typing-inspection v0.4.2
│           └── typing-extensions v4.15.0
├── aiohttp v3.13.3
│   ├── aiohappyeyeballs v2.6.1
│   ├── aiosignal v1.4.0
│   │   ├── frozenlist v1.8.0
│   │   └── typing-extensions v4.15.0
│   ├── attrs v26.1.0
│   ├── frozenlist v1.8.0
│   ├── multidict v6.7.1
│   ├── propcache v0.4.1
│   └── yarl v1.23.0
│       ├── idna v3.11
│       ├── multidict v6.7.1
│       └── propcache v0.4.1
├── bandit v1.9.4
│   ├── pyyaml v6.0.3
│   ├── rich v14.3.3
│   │   ├── markdown-it-py v4.0.0
│   │   │   ├── mdurl v0.1.2
│   │   │   └── linkify-it-py v2.1.0 (extra: linkify)
│   │   │       └── uc-micro-py v2.0.0
│   │   └── pygments v2.19.2
│   └── stevedore v5.7.0
├── beautifulsoup4 v4.14.3
│   ├── soupsieve v2.8.3
│   └── typing-extensions v4.15.0
├── cased-kit v3.5.1
│   ├── anthropic v0.86.0
│   │   ├── anyio v4.13.0
│   │   │   ├── idna v3.11
│   │   │   └── typing-extensions v4.15.0
│   │   ├── distro v1.9.0
│   │   ├── docstring-parser v0.17.0
│   │   ├── httpx v0.28.1
│   │   │   ├── anyio v4.13.0 (*)
│   │   │   ├── certifi v2026.2.25
│   │   │   ├── httpcore v1.0.9
│   │   │   │   ├── certifi v2026.2.25
│   │   │   │   └── h11 v0.16.0
│   │   │   └── idna v3.11
│   │   ├── jiter v0.13.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── sniffio v1.3.1
│   │   └── typing-extensions v4.15.0
│   ├── click v8.1.8
│   ├── fastapi v0.135.2
│   │   ├── annotated-doc v0.0.4
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── starlette v1.0.0
│   │   │   ├── anyio v4.13.0 (*)
│   │   │   └── typing-extensions v4.15.0
│   │   ├── typing-extensions v4.15.0
│   │   └── typing-inspection v0.4.2 (*)
│   ├── google-genai v1.68.0
│   │   ├── anyio v4.13.0 (*)
│   │   ├── distro v1.9.0
│   │   ├── google-auth[requests] v2.49.1
│   │   │   ├── cryptography v46.0.5
│   │   │   │   └── cffi v2.0.0
│   │   │   │       └── pycparser v3.0
│   │   │   ├── pyasn1-modules v0.4.2
│   │   │   │   └── pyasn1 v0.6.3
│   │   │   └── requests v2.32.5 (extra: requests)
│   │   │       ├── certifi v2026.2.25
│   │   │       ├── charset-normalizer v3.4.6
│   │   │       ├── idna v3.11
│   │   │       └── urllib3 v2.6.3
│   │   ├── httpx v0.28.1 (*)
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── requests v2.32.5 (*)
│   │   ├── sniffio v1.3.1
│   │   ├── tenacity v9.1.4
│   │   ├── typing-extensions v4.15.0
│   │   └── websockets v16.0
│   ├── ignore-python v0.3.3
│   ├── mcp v1.26.0
│   │   ├── anyio v4.13.0 (*)
│   │   ├── httpx v0.28.1 (*)
│   │   ├── httpx-sse v0.4.3
│   │   ├── jsonschema v4.26.0
│   │   │   ├── attrs v26.1.0
│   │   │   ├── jsonschema-specifications v2025.9.1
│   │   │   │   └── referencing v0.37.0
│   │   │   │       ├── attrs v26.1.0
│   │   │   │       ├── rpds-py v0.30.0
│   │   │   │       └── typing-extensions v4.15.0
│   │   │   ├── referencing v0.37.0 (*)
│   │   │   └── rpds-py v0.30.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── pydantic-settings v2.13.1
│   │   │   ├── pydantic v2.12.5 (*)
│   │   │   ├── python-dotenv v1.2.2
│   │   │   └── typing-inspection v0.4.2 (*)
│   │   ├── pyjwt[crypto] v2.12.1
│   │   │   └── cryptography v46.0.5 (extra: crypto) (*)
│   │   ├── python-multipart v0.0.22
│   │   ├── sse-starlette v3.3.3
│   │   │   ├── anyio v4.13.0 (*)
│   │   │   └── starlette v1.0.0 (*)
│   │   ├── starlette v1.0.0 (*)
│   │   ├── typing-extensions v4.15.0
│   │   ├── typing-inspection v0.4.2 (*)
│   │   └── uvicorn v0.42.0
│   │       ├── click v8.1.8
│   │       ├── h11 v0.16.0
│   │       ├── httptools v0.7.1 (extra: standard)
│   │       ├── python-dotenv v1.2.2 (extra: standard)
│   │       ├── pyyaml v6.0.3 (extra: standard)
│   │       ├── uvloop v0.22.1 (extra: standard)
│   │       ├── watchfiles v1.1.1 (extra: standard)
│   │       │   └── anyio v4.13.0 (*)
│   │       └── websockets v16.0 (extra: standard)
│   ├── numpy v2.4.3
│   ├── openai v2.29.0
│   │   ├── anyio v4.13.0 (*)
│   │   ├── distro v1.9.0
│   │   ├── httpx v0.28.1 (*)
│   │   ├── jiter v0.13.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── sniffio v1.3.1
│   │   ├── tqdm v4.67.3
│   │   └── typing-extensions v4.15.0
│   ├── pathspec v1.0.4
│   ├── python-hcl2 v7.3.1
│   │   ├── lark v1.3.1
│   │   └── regex v2026.2.28
│   ├── pyyaml v6.0.3
│   ├── redis v7.4.0
│   ├── requests v2.32.5 (*)
│   ├── tiktoken v0.12.0
│   │   ├── regex v2026.2.28
│   │   └── requests v2.32.5 (*)
│   ├── tree-sitter v0.25.2
│   ├── tree-sitter-language-pack v1.1.4
│   │   └── tree-sitter v0.25.2
│   ├── typer v0.15.4
│   │   ├── click v8.1.8
│   │   ├── rich v14.3.3 (*)
│   │   ├── shellingham v1.5.4
│   │   └── typing-extensions v4.15.0
│   └── uvicorn[standard] v0.42.0 (*)
├── cryptography v46.0.5 (*)
├── diff-match-patch v20241021
├── email-validator v2.3.0
│   ├── dnspython v2.8.0
│   └── idna v3.11
├── gitpython v3.1.46
│   └── gitdb v4.0.12
│       └── smmap v5.0.3
├── jsonschema v4.26.0 (*)
├── lizard v1.21.2
│   ├── pathspec v1.0.4
│   └── pygments v2.19.2
├── loguru v0.7.3
├── mako v1.3.10
│   └── markupsafe v3.0.3
├── markdownify v1.2.2
│   ├── beautifulsoup4 v4.14.3 (*)
│   └── six v1.17.0
├── matplotlib v3.10.8
│   ├── contourpy v1.3.3
│   │   └── numpy v2.4.3
│   ├── cycler v0.12.1
│   ├── fonttools v4.62.1
│   ├── kiwisolver v1.5.0
│   ├── numpy v2.4.3
│   ├── packaging v26.0
│   ├── pillow v11.3.0
│   ├── pyparsing v3.3.2
│   └── python-dateutil v2.9.0.post0
│       └── six v1.17.0
├── mlx-lm v0.31.1
│   ├── jinja2 v3.1.6
│   │   └── markupsafe v3.0.3
│   ├── numpy v2.4.3
│   ├── protobuf v6.33.6
│   ├── pyyaml v6.0.3
│   ├── sentencepiece v0.2.1
│   └── transformers v5.3.0
│       ├── huggingface-hub v1.7.2
│       │   ├── filelock v3.12.4
│       │   ├── fsspec v2026.2.0
│       │   ├── hf-xet v1.4.2
│       │   ├── httpx v0.28.1 (*)
│       │   ├── packaging v26.0
│       │   ├── pyyaml v6.0.3
│       │   ├── tqdm v4.67.3
│       │   ├── typer v0.15.4 (*)
│       │   └── typing-extensions v4.15.0
│       ├── numpy v2.4.3
│       ├── packaging v26.0
│       ├── pyyaml v6.0.3
│       ├── regex v2026.2.28
│       ├── safetensors v0.7.0
│       ├── tokenizers v0.22.2
│       │   └── huggingface-hub v1.7.2 (*)
│       ├── tqdm v4.67.3
│       └── typer v0.15.4 (*)
├── prompt-toolkit v3.0.52
│   └── wcwidth v0.6.0
├── psutil v6.0.0
├── pydantic v2.12.5 (*)
├── pygments v2.19.2
├── pylint v4.0.5
│   ├── astroid v4.0.4
│   ├── dill v0.4.1
│   ├── isort v8.0.1
│   ├── mccabe v0.7.0
│   ├── platformdirs v4.9.4
│   └── tomlkit v0.14.0
├── python-dotenv v1.2.2
├── pytz v2026.1.post1
├── pyyaml v6.0.3
├── radon v6.0.1
│   ├── colorama v0.4.6
│   └── mando v0.7.1
│       └── six v1.17.0
├── requests v2.32.5 (*)
├── rich v14.3.3 (*)
├── tqdm v4.67.3
├── unidiff v0.7.5
├── wasmtime v42.0.0
├── watchdog v6.0.0
├── fastapi v0.135.2 (extra: api) (*)
├── uvicorn v0.42.0 (extra: api) (*)
├── edge-tts v7.2.8 (extra: audio)
│   ├── aiohttp v3.13.3 (*)
│   ├── certifi v2026.2.25
│   ├── tabulate v0.10.0
│   └── typing-extensions v4.15.0
├── faster-whisper v1.2.1 (extra: audio)
│   ├── av v17.0.0
│   ├── ctranslate2 v4.7.1
│   │   ├── numpy v2.4.3
│   │   ├── pyyaml v6.0.3
│   │   └── setuptools v82.0.1
│   ├── huggingface-hub v1.7.2 (*)
│   ├── onnxruntime v1.24.4
│   │   ├── flatbuffers v25.12.19
│   │   ├── numpy v2.4.3
│   │   ├── packaging v26.0
│   │   ├── protobuf v6.33.6
│   │   └── sympy v1.14.0
│   │       └── mpmath v1.3.0
│   ├── tokenizers v0.22.2 (*)
│   └── tqdm v4.67.3
├── pydub v0.25.1 (extra: audio)
├── pyttsx3 v2.99 (extra: audio)
├── soundfile v0.13.1 (extra: audio)
│   ├── cffi v2.0.0 (*)
│   └── numpy v2.4.3
├── redis v7.4.0 (extra: cache)
├── google-api-python-client v2.193.0 (extra: calendar)
│   ├── google-api-core v2.30.0
│   │   ├── google-auth v2.49.1 (*)
│   │   ├── googleapis-common-protos v1.73.0
│   │   │   └── protobuf v6.33.6
│   │   ├── proto-plus v1.27.1
│   │   │   └── protobuf v6.33.6
│   │   ├── protobuf v6.33.6
│   │   └── requests v2.32.5 (*)
│   ├── google-auth v2.49.1 (*)
│   ├── google-auth-httplib2 v0.3.0
│   │   ├── google-auth v2.49.1 (*)
│   │   └── httplib2 v0.31.2
│   │       └── pyparsing v3.3.2
│   ├── httplib2 v0.31.2 (*)
│   └── uritemplate v4.2.0
├── google-auth-httplib2 v0.3.0 (extra: calendar) (*)
├── google-auth-oauthlib v1.3.0 (extra: calendar)
│   ├── google-auth v2.49.1 (*)
│   └── requests-oauthlib v2.0.0
│       ├── oauthlib v3.3.1
│       └── requests v2.32.5 (*)
├── azure-identity v1.25.3 (extra: cloud)
│   ├── azure-core v1.39.0
│   │   ├── requests v2.32.5 (*)
│   │   └── typing-extensions v4.15.0
│   ├── cryptography v46.0.5 (*)
│   ├── msal v1.35.1
│   │   ├── cryptography v46.0.5 (*)
│   │   ├── pyjwt[crypto] v2.12.1 (*)
│   │   └── requests v2.32.5 (*)
│   ├── msal-extensions v1.3.1
│   │   └── msal v1.35.1 (*)
│   └── typing-extensions v4.15.0
├── azure-storage-blob v12.28.0 (extra: cloud)
│   ├── azure-core v1.39.0 (*)
│   ├── cryptography v46.0.5 (*)
│   ├── isodate v0.7.2
│   └── typing-extensions v4.15.0
├── boto3 v1.42.74 (extra: cloud)
│   ├── botocore v1.42.74
│   │   ├── jmespath v1.1.0
│   │   ├── python-dateutil v2.9.0.post0 (*)
│   │   └── urllib3 v2.6.3
│   ├── jmespath v1.1.0
│   └── s3transfer v0.16.0
│       └── botocore v1.42.74 (*)
├── google-cloud-storage v3.10.1 (extra: cloud)
│   ├── google-api-core v2.30.0 (*)
│   ├── google-auth v2.49.1 (*)
│   ├── google-cloud-core v2.5.0
│   │   ├── google-api-core v2.30.0 (*)
│   │   └── google-auth v2.49.1 (*)
│   ├── google-crc32c v1.8.0
│   ├── google-resumable-media v2.8.0
│   │   └── google-crc32c v1.8.0
│   └── requests v2.32.5 (*)
├── openstacksdk v4.10.0 (extra: cloud)
│   ├── cryptography v46.0.5 (*)
│   ├── decorator v5.2.1
│   ├── dogpile-cache v1.5.0
│   │   ├── decorator v5.2.1
│   │   └── stevedore v5.7.0
│   ├── iso8601 v2.1.0
│   ├── jmespath v1.1.0
│   ├── jsonpatch v1.33
│   │   └── jsonpointer v3.1.1
│   ├── keystoneauth1 v5.13.1
│   │   ├── iso8601 v2.1.0
│   │   ├── os-service-types v1.8.2
│   │   │   ├── pbr v7.0.3
│   │   │   │   └── setuptools v82.0.1
│   │   │   └── typing-extensions v4.15.0
│   │   ├── pbr v7.0.3 (*)
│   │   ├── requests v2.32.5 (*)
│   │   ├── stevedore v5.7.0
│   │   └── typing-extensions v4.15.0
│   ├── os-service-types v1.8.2 (*)
│   ├── pbr v7.0.3 (*)
│   ├── platformdirs v4.9.4
│   ├── psutil v6.0.0
│   ├── pyyaml v6.0.3
│   ├── requestsexceptions v1.4.0
│   └── typing-extensions v4.15.0
├── safety v3.2.11 (extra: code-review)
│   ├── authlib v1.6.9
│   │   └── cryptography v46.0.5 (*)
│   ├── click v8.1.8
│   ├── dparse v0.6.4
│   │   └── packaging v26.0
│   ├── filelock v3.12.4
│   ├── jinja2 v3.1.6 (*)
│   ├── marshmallow v4.2.2
│   ├── packaging v26.0
│   ├── psutil v6.0.0
│   ├── pydantic v2.12.5 (*)
│   ├── requests v2.32.5 (*)
│   ├── rich v14.3.3 (*)
│   ├── ruamel-yaml v0.19.1
│   ├── safety-schemas v0.0.18
│   │   ├── dparse v0.6.4 (*)
│   │   ├── packaging v26.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── ruamel-yaml v0.19.1
│   │   └── typing-extensions v4.15.0
│   ├── setuptools v82.0.1
│   ├── typer v0.15.4 (*)
│   ├── typing-extensions v4.15.0
│   └── urllib3 v2.6.3
├── typing-extensions v4.15.0 (extra: code-review)
├── vulture v2.15 (extra: code-review)
├── docker v7.1.0 (extra: containerization)
│   ├── requests v2.32.5 (*)
│   └── urllib3 v2.6.3
├── mnemonic v0.21 (extra: crypto)
├── pillow v11.3.0 (extra: crypto)
├── pillow v11.3.0 (extra: dark)
├── pymupdf v1.27.2.2 (extra: dark)
├── matplotlib v3.10.8 (extra: data-visualization) (*)
├── seaborn v0.13.2 (extra: data-visualization)
│   ├── matplotlib v3.10.8 (*)
│   ├── numpy v2.4.3
│   └── pandas v3.0.1
│       ├── numpy v2.4.3
│       └── python-dateutil v2.9.0.post0 (*)
├── paramiko v4.0.0 (extra: deployment)
│   ├── bcrypt v5.0.0
│   ├── cryptography v46.0.5 (*)
│   ├── invoke v2.2.1
│   └── pynacl v1.6.2
│       └── cffi v2.0.0 (*)
├── chardet v7.3.0 (extra: documents)
├── pypdf v6.9.2 (extra: documents)
├── agentmail v0.4.12 (extra: email)
│   ├── httpx v0.28.1 (*)
│   ├── pydantic v2.12.5 (*)
│   ├── pydantic-core v2.41.5 (*)
│   ├── typing-extensions v4.15.0
│   └── websockets v16.0
├── google-api-python-client v2.193.0 (extra: email) (*)
├── google-auth-httplib2 v0.3.0 (extra: email) (*)
├── google-auth-oauthlib v1.3.0 (extra: email) (*)
├── chromadb v1.5.5 (extra: embedding)
│   ├── bcrypt v5.0.0
│   ├── build v1.4.0
│   │   ├── packaging v26.0
│   │   └── pyproject-hooks v1.2.0
│   ├── grpcio v1.78.0
│   │   └── typing-extensions v4.15.0
│   ├── httpx v0.28.1 (*)
│   ├── importlib-resources v6.5.2
│   ├── jsonschema v4.26.0 (*)
│   ├── kubernetes v35.0.0
│   │   ├── certifi v2026.2.25
│   │   ├── durationpy v0.10
│   │   ├── python-dateutil v2.9.0.post0 (*)
│   │   ├── pyyaml v6.0.3
│   │   ├── requests v2.32.5 (*)
│   │   ├── requests-oauthlib v2.0.0 (*)
│   │   ├── six v1.17.0
│   │   ├── urllib3 v2.6.3
│   │   └── websocket-client v1.9.0
│   ├── mmh3 v5.2.1
│   ├── numpy v2.4.3
│   ├── onnxruntime v1.24.4 (*)
│   ├── opentelemetry-api v1.40.0
│   │   ├── importlib-metadata v8.7.1
│   │   │   └── zipp v3.23.0
│   │   └── typing-extensions v4.15.0
│   ├── opentelemetry-exporter-otlp-proto-grpc v1.40.0
│   │   ├── googleapis-common-protos v1.73.0 (*)
│   │   ├── grpcio v1.78.0 (*)
│   │   ├── opentelemetry-api v1.40.0 (*)
│   │   ├── opentelemetry-exporter-otlp-proto-common v1.40.0
│   │   │   └── opentelemetry-proto v1.40.0
│   │   │       └── protobuf v6.33.6
│   │   ├── opentelemetry-proto v1.40.0 (*)
│   │   ├── opentelemetry-sdk v1.40.0
│   │   │   ├── opentelemetry-api v1.40.0 (*)
│   │   │   ├── opentelemetry-semantic-conventions v0.61b0
│   │   │   │   ├── opentelemetry-api v1.40.0 (*)
│   │   │   │   └── typing-extensions v4.15.0
│   │   │   └── typing-extensions v4.15.0
│   │   └── typing-extensions v4.15.0
│   ├── opentelemetry-sdk v1.40.0 (*)
│   ├── orjson v3.11.7
│   ├── overrides v7.7.0
│   ├── pybase64 v1.4.3
│   ├── pydantic v2.12.5 (*)
│   ├── pydantic-settings v2.13.1 (*)
│   ├── pypika v0.51.1
│   ├── pyyaml v6.0.3
│   ├── rich v14.3.3 (*)
│   ├── tenacity v9.1.4
│   ├── tokenizers v0.22.2 (*)
│   ├── tqdm v4.67.3
│   ├── typer v0.15.4 (*)
│   ├── typing-extensions v4.15.0
│   └── uvicorn[standard] v0.42.0 (*)
├── sentence-transformers v5.3.0 (extra: embedding)
│   ├── huggingface-hub v1.7.2 (*)
│   ├── numpy v2.4.3
│   ├── scikit-learn v1.8.0
│   │   ├── joblib v1.5.3
│   │   ├── numpy v2.4.3
│   │   ├── scipy v1.17.1
│   │   │   └── numpy v2.4.3
│   │   └── threadpoolctl v3.6.0
│   ├── scipy v1.17.1 (*)
│   ├── torch v2.10.0
│   │   ├── cuda-bindings v12.9.4
│   │   │   └── cuda-pathfinder v1.4.4
│   │   ├── filelock v3.12.4
│   │   ├── fsspec v2026.2.0
│   │   ├── jinja2 v3.1.6 (*)
│   │   ├── networkx v3.6.1
│   │   ├── nvidia-cublas-cu12 v12.8.4.1
│   │   ├── nvidia-cuda-cupti-cu12 v12.8.90
│   │   ├── nvidia-cuda-nvrtc-cu12 v12.8.93
│   │   ├── nvidia-cuda-runtime-cu12 v12.8.90
│   │   ├── nvidia-cudnn-cu12 v9.10.2.21
│   │   │   └── nvidia-cublas-cu12 v12.8.4.1
│   │   ├── nvidia-cufft-cu12 v11.3.3.83
│   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-cufile-cu12 v1.13.1.3
│   │   ├── nvidia-curand-cu12 v10.3.9.90
│   │   ├── nvidia-cusolver-cu12 v11.7.3.90
│   │   │   ├── nvidia-cublas-cu12 v12.8.4.1
│   │   │   ├── nvidia-cusparse-cu12 v12.5.8.93
│   │   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-cusparse-cu12 v12.5.8.93 (*)
│   │   ├── nvidia-cusparselt-cu12 v0.7.1
│   │   ├── nvidia-nccl-cu12 v2.27.5
│   │   ├── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-nvshmem-cu12 v3.4.5
│   │   ├── nvidia-nvtx-cu12 v12.8.90
│   │   ├── sympy v1.14.0 (*)
│   │   ├── triton v3.6.0
│   │   └── typing-extensions v4.15.0
│   ├── tqdm v4.67.3
│   ├── transformers v5.3.0 (*)
│   └── typing-extensions v4.15.0
├── z3-solver v4.16.0.0 (extra: formal-verification)
├── pillow v11.3.0 (extra: fpf)
├── google-api-python-client v2.193.0 (extra: google-workspace) (*)
├── google-auth v2.49.1 (extra: google-workspace) (*)
├── google-auth-httplib2 v0.3.0 (extra: google-workspace) (*)
├── google-auth-oauthlib v1.3.0 (extra: google-workspace) (*)
├── certifi v2026.2.25 (extra: language-models)
├── typing-extensions v4.15.0 (extra: language-models)
├── urllib3 v2.6.3 (extra: language-models)
├── anthropic v0.86.0 (extra: llm-providers) (*)
├── google-genai v1.68.0 (extra: llm-providers) (*)
├── openai v2.29.0 (extra: llm-providers) (*)
├── tiktoken v0.12.0 (extra: llm-providers) (*)
├── moderngl v5.12.0 (extra: modeling-3d)
│   └── glcontext v3.0.0
├── pillow v11.3.0 (extra: modeling-3d)
├── pygame v2.6.1 (extra: modeling-3d)
├── pyopengl v3.1.10 (extra: modeling-3d)
├── pyrr v0.10.3 (extra: modeling-3d)
│   ├── multipledispatch v1.0.0
│   └── numpy v2.4.3
├── trimesh v4.11.4 (extra: modeling-3d)
│   └── numpy v2.4.3
├── opentelemetry-api v1.40.0 (extra: observability) (*)
├── opentelemetry-exporter-otlp v1.40.0 (extra: observability)
│   ├── opentelemetry-exporter-otlp-proto-grpc v1.40.0 (*)
│   └── opentelemetry-exporter-otlp-proto-http v1.40.0
│       ├── googleapis-common-protos v1.73.0 (*)
│       ├── opentelemetry-api v1.40.0 (*)
│       ├── opentelemetry-exporter-otlp-proto-common v1.40.0 (*)
│       ├── opentelemetry-proto v1.40.0 (*)
│       ├── opentelemetry-sdk v1.40.0 (*)
│       ├── requests v2.32.5 (*)
│       └── typing-extensions v4.15.0
├── opentelemetry-sdk v1.40.0 (extra: observability) (*)
├── prometheus-client v0.24.1 (extra: observability)
├── statsd v4.0.1 (extra: observability)
├── python-frontmatter v1.1.0 (extra: obsidian)
│   └── pyyaml v6.0.3
├── pyyaml v6.0.3 (extra: obsidian)
├── tree-sitter v0.25.2 (extra: parsing)
├── psutil v6.0.0 (extra: performance)
├── alembic v1.18.4 (extra: physical-management)
│   ├── mako v1.3.10 (*)
│   ├── sqlalchemy v2.0.48
│   │   ├── greenlet v3.3.2
│   │   └── typing-extensions v4.15.0
│   └── typing-extensions v4.15.0
├── dynaconf v3.2.13 (extra: physical-management)
├── marshmallow v4.2.2 (extra: physical-management)
├── mkdocs v1.6.1 (extra: physical-management)
│   ├── click v8.1.8
│   ├── ghp-import v2.1.0
│   │   └── python-dateutil v2.9.0.post0 (*)
│   ├── jinja2 v3.1.6 (*)
│   ├── markdown v3.10.2
│   ├── markupsafe v3.0.3
│   ├── mergedeep v1.3.4
│   ├── mkdocs-get-deps v0.2.2
│   │   ├── mergedeep v1.3.4
│   │   ├── platformdirs v4.9.4
│   │   └── pyyaml v6.0.3
│   ├── packaging v26.0
│   ├── pathspec v1.0.4
│   ├── pyyaml v6.0.3
│   ├── pyyaml-env-tag v1.1
│   │   └── pyyaml v6.0.3
│   └── watchdog v6.0.0
├── mkdocs-material v9.7.6 (extra: physical-management)
│   ├── babel v2.18.0
│   ├── backrefs v6.2
│   ├── colorama v0.4.6
│   ├── jinja2 v3.1.6 (*)
│   ├── markdown v3.10.2
│   ├── mkdocs v1.6.1 (*)
│   ├── mkdocs-material-extensions v1.3.1
│   ├── paginate v0.5.7
│   ├── pygments v2.19.2
│   ├── pymdown-extensions v10.21
│   │   ├── markdown v3.10.2
│   │   └── pyyaml v6.0.3
│   └── requests v2.32.5 (*)
├── pyserial v3.5 (extra: physical-management)
├── smbus2 v0.6.0 (extra: physical-management)
├── sqlalchemy v2.0.48 (extra: physical-management) (*)
├── websockets v16.0 (extra: physical-management)
├── networkx v3.6.1 (extra: scientific)
├── numpy v2.4.3 (extra: scientific)
├── scipy v1.17.1 (extra: scientific) (*)
├── firecrawl-py v4.20.0 (extra: scrape)
│   ├── aiohttp v3.13.3 (*)
│   ├── httpx v0.28.1 (*)
│   ├── nest-asyncio v1.6.0
│   ├── pydantic v2.12.5 (*)
│   ├── python-dotenv v1.2.2
│   ├── requests v2.32.5 (*)
│   └── websockets v16.0
├── cryptography v46.0.5 (extra: security-audit) (*)
├── jinja2 v3.1.6 (extra: security-audit) (*)
├── pyopenssl v26.0.0 (extra: security-audit)
│   ├── cryptography v46.0.5 (*)
│   └── typing-extensions v4.15.0
├── safety v3.2.11 (extra: security-audit) (*)
├── fastavro v1.12.1 (extra: serialization)
├── msgpack v1.1.2 (extra: serialization)
├── pandas v3.0.1 (extra: serialization) (*)
├── protobuf v6.33.6 (extra: serialization)
├── pyarrow v23.0.1 (extra: serialization)
├── soul-agent v0.2.1 (extra: soul)
│   └── requests v2.32.5 (*)
├── pyrefly v0.57.1 (extra: static-analysis)
├── moviepy v2.2.1 (extra: video)
│   ├── decorator v5.2.1
│   ├── imageio v2.37.3
│   │   ├── numpy v2.4.3
│   │   └── pillow v11.3.0
│   ├── imageio-ffmpeg v0.6.0
│   ├── numpy v2.4.3
│   ├── pillow v11.3.0
│   ├── proglog v0.1.12
│   │   └── tqdm v4.67.3
│   └── python-dotenv v1.2.2
├── opencv-python v4.13.0.92 (extra: video)
│   └── numpy v2.4.3
├── pillow v11.3.0 (extra: video)
├── desloppify[full] v0.9.14 (group: dev)
│   ├── bandit v1.9.4 (extra: full) (*)
│   ├── defusedxml v0.7.1 (extra: full)
│   ├── pillow v11.3.0 (extra: full)
│   ├── pyyaml v6.0.3 (extra: full)
│   ├── tree-sitter v0.25.2 (extra: full)
│   └── tree-sitter-language-pack v1.1.4 (extra: full) (*)
├── fakeredis v2.34.1 (group: dev)
│   ├── redis v7.4.0
│   └── sortedcontainers v2.4.0
├── fire v0.7.1 (group: dev)
│   └── termcolor v3.3.0
├── hypothesis v6.151.9 (group: dev)
│   └── sortedcontainers v2.4.0
├── mutmut v3.5.0 (group: dev)
│   ├── click v8.1.8
│   ├── coverage v7.13.5
│   ├── libcst v1.8.6
│   │   └── pyyaml v6.0.3
│   ├── pytest v9.0.2
│   │   ├── iniconfig v2.3.0
│   │   ├── packaging v26.0
│   │   ├── pluggy v1.6.0
│   │   └── pygments v2.19.2
│   ├── setproctitle v1.3.7
│   └── textual v8.1.1
│       ├── markdown-it-py[linkify] v4.0.0 (*)
│       ├── mdit-py-plugins v0.5.0
│       │   └── markdown-it-py v4.0.0 (*)
│       ├── platformdirs v4.9.4
│       ├── pygments v2.19.2
│       ├── rich v14.3.3 (*)
│       └── typing-extensions v4.15.0
├── pytest v9.0.2 (group: dev) (*)
├── pytest-asyncio v1.3.0 (group: dev)
│   ├── pytest v9.0.2 (*)
│   └── typing-extensions v4.15.0
├── pytest-benchmark v5.2.3 (group: dev)
│   ├── py-cpuinfo v9.0.0
│   └── pytest v9.0.2 (*)
├── pytest-cov v7.1.0 (group: dev)
│   ├── coverage[toml] v7.13.5
│   ├── pluggy v1.6.0
│   └── pytest v9.0.2 (*)
├── pytest-timeout v2.4.0 (group: dev)
│   └── pytest v9.0.2 (*)
├── pytest-xdist v3.8.0 (group: dev)
│   ├── execnet v2.1.2
│   └── pytest v9.0.2 (*)
├── pyyaml v6.0.3 (group: dev)
├── ruff v0.15.7 (group: dev)
├── sarif-tools v3.0.5 (group: dev)
│   ├── jinja2 v3.1.6 (*)
│   ├── jsonpath-ng v1.8.0
│   ├── matplotlib v3.10.8 (*)
│   ├── python-docx v1.2.0
│   │   ├── lxml v6.0.2
│   │   └── typing-extensions v4.15.0
│   └── pyyaml v6.0.3
└── ty v0.0.24 (group: dev)
(*) Package tree already displayed

Vulnerability Scan Results

No vulnerabilities found or scan failed

Safety Scan Results

Safety scan completed - check artifacts for full results

Static Security Analysis (Bandit)

Bandit Security Analysis Report

Generated on: Mon Apr 13 10:01:09 UTC 2026

Summary

Run started:2026-04-13 10:00:19.304341+00:00

Test results:
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Medium
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b608_hardcoded_sql_expressions.html
   Location: src/codomyrmex/agentic_memory/bridges/cognilayer_bridge.py:191:20
190	                rows = conn.execute(
191	                    f"SELECT * FROM memories WHERE {where_clauses} LIMIT ?",
192	                    [*search_terms, top_k],

--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Medium
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b608_hardcoded_sql_expressions.html
   Location: src/codomyrmex/agentic_memory/cognilayer_bridge.py:187:20
186	                rows = conn.execute(
187	                    f"SELECT * FROM memories WHERE {where_clauses} LIMIT ?",

Key Metrics

Total lines of code: 578959

475 assert "Total Issues" in content
475 assert "Total Issues" in content
519 assert "Total Issues**: 0" in content
Total issues (by severity):
Total issues (by confidence):

License Compliance

License Compliance Report

Generated on: Mon Apr 13 09:54:03 UTC 2026

Dependencies and Their Licenses

License Summary

Recommendations

Review all HIGH and MEDIUM severity vulnerabilities
Update dependencies with known security issues
Address any Bandit security warnings
Ensure license compliance for all dependencies
Review and rotate any exposed secrets

dependabot Bot assigned docxology Apr 13, 2026

dependabot Bot requested a review from docxology as a code owner April 13, 2026 09:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update bandit requirement from >=1.8.0 to >=1.9.4#171

chore(deps): update bandit requirement from >=1.8.0 to >=1.9.4#171
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/bandit-gte-1.9.4

dependabot Bot commented on behalf of github Apr 13, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 13, 2026

1.9.4

What's Changed

New Contributors

Uh oh!

dependabot Bot commented on behalf of github Apr 13, 2026

Labels

Uh oh!

github-actions Bot commented Apr 13, 2026

📊 File Changes Analysis

Change Analysis

Source Code Changes

Configuration Changes

Analysis

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

🔒 Security Scan Results

🔒 Comprehensive Security Report

Summary

Dependency Security

Current Dependencies

Vulnerability Scan Results

Safety Scan Results

Static Security Analysis (Bandit)

Bandit Security Analysis Report

Summary

Key Metrics

License Compliance

License Compliance Report

Dependencies and Their Licenses

License Summary

Recommendations

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant