Merge pull request #142 from neutrons/pre-commit-ci-update-config

KedoKudo · web-flow · commit 4aa48d2a3d9e · 2026-02-16T17:37:57.000-05:00
[pre-commit.ci] pre-commit autoupdate
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -17,7 +17,7 @@ repos:
       - id: trailing-whitespace
         exclude: "tests/cis_tests/.*"
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.0
+    rev: v0.15.1
     hooks:
       - id: ruff-check
         args: [--fix, --exit-non-zero-on-fix]
diff --git a/pixi.lock b/pixi.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -108,11 +108,13 @@ qt = "*"
 qtpy = "*"
 pyqt = "*"
 # pip-audit
-h2 = ">=4.3.0"           # Known vulnerability in <4.3.0
+h2 = ">=4.3.0"            # Known vulnerability in <4.3.0
 brotli = ">=1.2.0"
-urllib3 = ">=2.6.3"      # Known vulnerability in <2.6.3
-filelock = ">=3.20.3"    # Known vulnerability in <3.20.3
-virtualenv = ">=20.36.1" # Known vulnerability in <20.36.1
+urllib3 = ">=2.6.3"       # Known vulnerability in <2.6.3
+filelock = ">=3.20.3"     # Known vulnerability in <3.20.3
+virtualenv = ">=20.36.1"  # Known vulnerability in <20.36.1
+cryptography = ">=46.0.5" # CVE-2026-26007
+pillow = ">=12.1.1"       # CVE-2026-25990
 
 [tool.pixi.pypi-dependencies]
 # PyPI dependencies, including this package to allow local editable installs
@@ -166,7 +168,7 @@ hatch = "*"
 toml-cli = "*"
 
 [tool.pixi.feature.developer.dependencies]
-pip = ">=25.3"
+pip = ">=26.0"     # CVE-2026-1703
 pip-audit = "*"
 pre-commit = "*"
 ruff = "*"
