Security updates

[github-actions]

Security Vulnerability Report

Generated on: 2026-03-30 00:44:17

Summary

Found vulnerabilities in 11 packages requiring updates.

Package Upgrades Overview

Package	Current Version	Recommended Version	Vulnerabilities
biopython	1.85	Unknown	1
black	25.11.0	26.3.1	1
nbconvert	7.16.6	7.17.0	1
orjson	3.10.18	3.11.6	1
pillow	11.3.0	12.1.1	1
protobuf	6.31.1	6.33.5	1
pyasn1	0.6.2	0.6.3	1
pygments	2.19.2	Unknown	1
requests	2.32.4	2.33.0	1
tornado	6.5.1	6.5.5	2
ujson	5.10.0	5.12.0	2

Detailed Vulnerability Information

biopython (v1.85)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68463		GHSA-x3vf-39hj-gxr4

black (v25.11.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-32274	26.3.1	GHSA-3936-cmfr-pm3m

nbconvert (v7.16.6)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-53000	7.17.0	GHSA-xm59-rqc7-hhvf

orjson (v3.10.18)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-67221	3.11.6	GHSA-hx9q-6w63-j58v

pillow (v11.3.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-25990	12.1.1	GHSA-cfh3-3jmp-rvhc, BIT-pillow-2026-25990

protobuf (v6.31.1)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-0994	5.29.6, 6.33.5	GHSA-7gcm-g887-7qv7

pyasn1 (v0.6.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-30922	0.6.3	GHSA-jr27-m4p2-rc6r

pygments (v2.19.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-4539		GHSA-5239-wwwm-4pmq

requests (v2.32.4)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-25645	2.33.0	GHSA-gc5v-m9x4-r6x2

tornado (v6.5.1)

Vulnerability ID	Fix Versions	Aliases
GHSA-78cv-mqj4-43f7	6.5.5
CVE-2026-31958	6.5.5	GHSA-qjxf-f2mg-c6mc

ujson (v5.10.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-32874	5.12.0	GHSA-wgvc-ghv9-3pmm
CVE-2026-32875	5.12.0	GHSA-c8rr-9gxc-jprv

Recommended Actions

1. Review the vulnerability details above.
2. Close and reopen this PR to trigger CI/CD tests.
3. Approve and merge the PR if everything looks good.

---

This report was generated automatically. Please verify all upgrades before applying.