Context
When pushing to origin, GitHub reports 47 dependabot vulnerabilities on the default branch:
- 20 high
- 21 moderate
- 6 low
https://github.com/loonghao/auroraview/security/dependabot
Tasks
Non-goals
Don't do a "bump everything to latest" sweep — keep changes scoped to CVE resolution, else we risk breaking the Rust toolchain pinning / PyO3 ABI.
Acceptance
Context
When pushing to
origin, GitHub reports 47 dependabot vulnerabilities on the default branch:https://github.com/loonghao/auroraview/security/dependabot
Tasks
gh api repos/loonghao/auroraview/dependabot/alerts --paginateorigin/dependabot/*)Non-goals
Don't do a "bump everything to latest" sweep — keep changes scoped to CVE resolution, else we risk breaking the Rust toolchain pinning / PyO3 ABI.
Acceptance