From 8e4559b14ab9c38690af6f1e801d770280cbae6a Mon Sep 17 00:00:00 2001 From: aivong-openhands Date: Tue, 24 Feb 2026 18:15:04 -0600 Subject: [PATCH] Fix CVE-2025-61765: Update python-socketio to 5.14.0 (#13027) Co-authored-by: OpenHands CVE Fix Bot --- enterprise/poetry.lock | 8 ++++---- poetry.lock | 8 ++++---- pyproject.toml | 4 ++-- uv.lock | 8 ++++---- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/enterprise/poetry.lock b/enterprise/poetry.lock index d0005af0a1..78e0eb5f68 100644 --- a/enterprise/poetry.lock +++ b/enterprise/poetry.lock @@ -6194,7 +6194,7 @@ python-jose = {version = ">=3.3", extras = ["cryptography"]} python-json-logger = ">=3.2.1" python-multipart = "*" python-pptx = "*" -python-socketio = "5.13" +python-socketio = "5.14" pythonnet = "*" pyyaml = ">=6.0.2" qtconsole = ">=5.6.1" @@ -11916,14 +11916,14 @@ XlsxWriter = ">=0.5.7" [[package]] name = "python-socketio" -version = "5.13.0" +version = "5.14.0" description = "Socket.IO server and client for Python" optional = false python-versions = ">=3.8" groups = ["main"] files = [ - {file = "python_socketio-5.13.0-py3-none-any.whl", hash = "sha256:51f68d6499f2df8524668c24bcec13ba1414117cfb3a90115c559b601ab10caf"}, - {file = "python_socketio-5.13.0.tar.gz", hash = "sha256:ac4e19a0302ae812e23b712ec8b6427ca0521f7c582d6abb096e36e24a263029"}, + {file = "python_socketio-5.14.0-py3-none-any.whl", hash = "sha256:7de5ad8a55efc33e17897f6cf91d20168d3d259f98c38d38e2940af83136d6f8"}, + {file = "python_socketio-5.14.0.tar.gz", hash = "sha256:d057737f658b3948392ff452a5c865c5ccc969859c37cf095a73393ce755f98e"}, ] [package.dependencies] diff --git a/poetry.lock b/poetry.lock index 588a66ce50..04b272332d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -11802,14 +11802,14 @@ unidecode = ["Unidecode (>=1.1.1)"] [[package]] name = "python-socketio" -version = "5.13.0" +version = "5.14.0" description = "Socket.IO server and client for Python" optional = false python-versions = ">=3.8" groups = ["main"] files = [ - {file = "python_socketio-5.13.0-py3-none-any.whl", hash = "sha256:51f68d6499f2df8524668c24bcec13ba1414117cfb3a90115c559b601ab10caf"}, - {file = "python_socketio-5.13.0.tar.gz", hash = "sha256:ac4e19a0302ae812e23b712ec8b6427ca0521f7c582d6abb096e36e24a263029"}, + {file = "python_socketio-5.14.0-py3-none-any.whl", hash = "sha256:7de5ad8a55efc33e17897f6cf91d20168d3d259f98c38d38e2940af83136d6f8"}, + {file = "python_socketio-5.14.0.tar.gz", hash = "sha256:d057737f658b3948392ff452a5c865c5ccc969859c37cf095a73393ce755f98e"}, ] [package.dependencies] @@ -14724,4 +14724,4 @@ third-party-runtimes = ["daytona", "e2b-code-interpreter", "modal", "runloop-api [metadata] lock-version = "2.1" python-versions = "^3.12,<3.14" -content-hash = "2dd57221bad7f95e0c047155f6ccd98cd5af455114700b206941c8e2d5b8a213" +content-hash = "be9c30f9eed031f0ca445fcdd24a550c00803883978c8e221f4a36ef0da5cbcd" diff --git a/pyproject.toml b/pyproject.toml index d176a2ae8a..6d138eb4ef 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -80,7 +80,7 @@ dependencies = [ "python-json-logger>=3.2.1", "python-multipart", "python-pptx", - "python-socketio==5.13", + "python-socketio==5.14", "pythonnet", "pyyaml>=6.0.2", "qtconsole>=5.6.1", @@ -199,7 +199,7 @@ libtmux = ">=0.46.2" pygithub = "^2.5.0" joblib = "*" openhands-aci = "0.3.2" -python-socketio = "5.13.0" +python-socketio = "5.14.0" sse-starlette = "^3.0.2" psutil = "*" python-json-logger = "^3.2.1" diff --git a/uv.lock b/uv.lock index 73f0d2caec..3b5d931756 100644 --- a/uv.lock +++ b/uv.lock @@ -3811,7 +3811,7 @@ requires-dist = [ { name = "python-json-logger", specifier = ">=3.2.1" }, { name = "python-multipart" }, { name = "python-pptx" }, - { name = "python-socketio", specifier = "==5.13" }, + { name = "python-socketio", specifier = "==5.14" }, { name = "pythonnet" }, { name = "pyyaml", specifier = ">=6.0.2" }, { name = "qtconsole", specifier = ">=5.6.1" }, @@ -7583,15 +7583,15 @@ wheels = [ [[package]] name = "python-socketio" -version = "5.13.0" +version = "5.14.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "bidict" }, { name = "python-engineio" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/21/1a/396d50ccf06ee539fa758ce5623b59a9cb27637fc4b2dc07ed08bf495e77/python_socketio-5.13.0.tar.gz", hash = "sha256:ac4e19a0302ae812e23b712ec8b6427ca0521f7c582d6abb096e36e24a263029", size = 121125, upload-time = "2025-04-12T15:46:59.933Z" } +sdist = { url = "https://files.pythonhosted.org/packages/ec/bf/bbc41facdb33a7f440a39f213e59202032106b42df4667a32ef4c9ffe604/python_socketio-5.14.0.tar.gz", hash = "sha256:d057737f658b3948392ff452a5c865c5ccc969859c37cf095a73393ce755f98e", size = 122099 } wheels = [ - { url = "https://files.pythonhosted.org/packages/3c/32/b4fb8585d1be0f68bde7e110dffbcf354915f77ad8c778563f0ad9655c02/python_socketio-5.13.0-py3-none-any.whl", hash = "sha256:51f68d6499f2df8524668c24bcec13ba1414117cfb3a90115c559b601ab10caf", size = 77800, upload-time = "2025-04-12T15:46:58.412Z" }, + { url = "https://files.pythonhosted.org/packages/ee/8d/f41abde5846c456b33f25e7fa71d8b8ad78785bb812ef0f2393cda2caaf2/python_socketio-5.14.0-py3-none-any.whl", hash = "sha256:7de5ad8a55efc33e17897f6cf91d20168d3d259f98c38d38e2940af83136d6f8", size = 78438 }, ] [[package]]