chore(sdk,mcp): pin direct dependencies to exact versions (#10593)

Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
This commit is contained in:
Hugo Pereira Brito
2026-04-09 14:42:49 +01:00
committed by GitHub
parent ca50b24d77
commit cccb3a4b94
7 changed files with 18 additions and 11 deletions
+4
View File
@@ -8,6 +8,10 @@ All notable changes to the **Prowler MCP Server** are documented in this file.
- Resource events tool to get timeline for a resource (who, what, when) [(#10412)](https://github.com/prowler-cloud/prowler/pull/10412)
### 🔄 Changed
- Pin `httpx` dependency to exact version for reproducible installs [(#10593)](https://github.com/prowler-cloud/prowler/pull/10593)
### 🔐 Security
- `authlib` bumped from 1.6.5 to 1.6.9 to fix CVE-2026-28802 (JWT `alg: none` validation bypass) [(#10579)](https://github.com/prowler-cloud/prowler/pull/10579)
+1 -1
View File
@@ -5,7 +5,7 @@ requires = ["setuptools>=61.0", "wheel"]
[project]
dependencies = [
"fastmcp==2.14.0",
"httpx>=0.28.0"
"httpx==0.28.1"
]
description = "MCP server for Prowler ecosystem"
name = "prowler-mcp"
+1 -1
View File
@@ -727,7 +727,7 @@ dependencies = [
[package.metadata]
requires-dist = [
{ name = "fastmcp", specifier = "==2.14.0" },
{ name = "httpx", specifier = ">=0.28.0" },
{ name = "httpx", specifier = "==0.28.1" },
]
[[package]]