fix(deps): bump cryptography, migrate PyPDF2→pypdf, scope workflow permissions#355
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add EU AI Act, Colorado AI Act, and GPAI obligations timeline with AGT coverage mapping. Reference Microsoft Purview DSPM for AI as complementary data governance layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Scorecard API rejects workflows with write permissions at the workflow level. id-token: write and security-events: write must be scoped to the job level only. Restores permissions: read-all at workflow level while keeping job-level write permissions intact. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ft#324) Add Google-style docstrings with Args, Returns, Raises, Attributes, and Example sections to MCPMessageType, MCPAdapter, and MCPServer classes. Also enhances docstrings for key methods including handle_message, _handle_tools_call, _handle_resources_read, and _map_tool_to_action. Fixes microsoft#316
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
…s (dependency confusion) (microsoft#325) - Replace !pip install agent-os with !pip install -e ../.. in all 6 notebooks; agent-os is not on PyPI and installing it from PyPI is a dependency confusion vector - Replace zendesk-sdk/freshdesk-sdk with zenpy/freshdesk (the real published SDKs) in customer-service/requirements.txt - Remove hashlib-compat from healthcare-hipaa/requirements.txt; hashlib is stdlib and hashlib-compat is not a real PyPI package
…stall agent-os with agent-os-kernel Replace all remaining instances of `pip install agent-os` (unregistered on PyPI) with `pip install agent-os-kernel` (the actual package) across docs, examples, TypeScript extensions, CLI source, tests, and SVG assets. Also fixes `pip install emk` references to point to `agent-os-kernel[full]` since emk is a submodule, not a standalone PyPI package. Completes the fix started in PR microsoft#325 which only covered notebooks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dify 65K→133K, AutoGen 42K→55K, CrewAI 28K→46K, Semantic Kernel 24K→27K, LangGraph 24K→27K, Haystack 22K→24K, Agent Framework 7.6K→8K. Added star counts for OpenAI Agents SDK (20K) and Google ADK (18K). Sorted by stars descending. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…it CI - scripts/check_dependency_confusion.py: Pre-commit hook that scans for pip install commands referencing unregistered PyPI packages. Maintains an allowlist of known registered packages. - .github/workflows/weekly-security-audit.yml: Weekly CI job running dependency confusion scan, security skills scan, and weak crypto check. Uploads reports as artifacts with 90-day retention. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…icrosoft#349) * docs: add testing guide for external testers and customers Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: add regulatory alignment table and Purview positioning to README Add EU AI Act, Colorado AI Act, and GPAI obligations timeline with AGT coverage mapping. Reference Microsoft Purview DSPM for AI as complementary data governance layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): restore read-all at workflow level for Scorecard verification The Scorecard API rejects workflows with write permissions at the workflow level. id-token: write and security-events: write must be scoped to the job level only. Restores permissions: read-all at workflow level while keeping job-level write permissions intact. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: add comprehensive docstrings to mcp_adapter.py classes (microsoft#324) Add Google-style docstrings with Args, Returns, Raises, Attributes, and Example sections to MCPMessageType, MCPAdapter, and MCPServer classes. Also enhances docstrings for key methods including handle_message, _handle_tools_call, _handle_resources_read, and _map_tool_to_action. Fixes microsoft#316 * ci: add markdown link checker workflow (microsoft#323) Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> * feat: add policy evaluation heatmap to SRE dashboard (microsoft#309) (microsoft#326) * fix: remove unregistered PyPI packages from notebooks and requirements (dependency confusion) (microsoft#325) - Replace !pip install agent-os with !pip install -e ../.. in all 6 notebooks; agent-os is not on PyPI and installing it from PyPI is a dependency confusion vector - Replace zendesk-sdk/freshdesk-sdk with zenpy/freshdesk (the real published SDKs) in customer-service/requirements.txt - Remove hashlib-compat from healthcare-hipaa/requirements.txt; hashlib is stdlib and hashlib-compat is not a real PyPI package * fix(security): complete dependency confusion fix — replace all pip install agent-os with agent-os-kernel Replace all remaining instances of `pip install agent-os` (unregistered on PyPI) with `pip install agent-os-kernel` (the actual package) across docs, examples, TypeScript extensions, CLI source, tests, and SVG assets. Also fixes `pip install emk` references to point to `agent-os-kernel[full]` since emk is a submodule, not a standalone PyPI package. Completes the fix started in PR microsoft#325 which only covered notebooks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: update framework star counts to current values Dify 65K→133K, AutoGen 42K→55K, CrewAI 28K→46K, Semantic Kernel 24K→27K, LangGraph 24K→27K, Haystack 22K→24K, Agent Framework 7.6K→8K. Added star counts for OpenAI Agents SDK (20K) and Google ADK (18K). Sorted by stars descending. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Parsa Faraji Alamouti <165321600+parsa-faraji@users.noreply.github.com> Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com> Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> Co-authored-by: Zeel Desai <72783325+zeel2104@users.noreply.github.com> Co-authored-by: Xavier Garceau-Aranda <xavier.garceau-aranda@posteo.net>
- agentmesh → agentmesh-platform (5 files) - agentmesh-governance → agent-governance-toolkit - agent-os-observability → agent-os-kernel[observability] - hashlib.md5 → hashlib.sha256 (3 files) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…kflow permissions Vulnerability fixes: - cryptography: bump minimum to >=45.0.3 (fixes GHSA-3ww4, GHSA-9v9h, GHSA-h4gh, GHSA-jm77, GHSA-r6ph, GHSA-v8gr) - PyPDF2: migrate to pypdf>=6.8.0 (fixes GHSA-4vvm, GHSA-hqmh, GHSA-qpxp) - nltk: add upper bound <4.0 (3.9.3 already patched) - black: bump to >=25.1.0 (fixes GHSA-3936) Workflow permissions: - ai-release-notes.yml: move contents:write to job level - ai-spec-drafter.yml: move contents:write to job level Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
🤖 AI Agent: security-scanner — Security Review of Pull RequestSecurity Review of Pull RequestThis pull request addresses dependency updates, a library migration, and workflow permission scoping. Below is a detailed security analysis of the changes, categorized by potential risks and their severity. 1. Prompt Injection Defense BypassNo changes in this PR directly affect prompt injection defenses. The dependency updates and workflow permission changes do not introduce new vulnerabilities related to prompt injection. Rating: 🔵 LOW 2. Policy Engine CircumventionNo changes in this PR directly impact the policy engine or its enforcement mechanisms. The updates to dependencies and workflows do not suggest any bypass of policy enforcement. Rating: 🔵 LOW 3. Trust Chain WeaknessesThe update to Attack Vector: If a critical vulnerability is discovered in Recommendation: Remove the upper bound ( Rating: 🟠 HIGH 4. Credential ExposureThe changes to the GitHub Actions workflows reduce the default permissions for Rating: 🔵 LOW 5. Sandbox EscapeNo changes in this PR affect sandboxing or process isolation mechanisms. The dependency updates and workflow changes do not introduce any new risks related to sandbox escapes. Rating: 🔵 LOW 6. Deserialization AttacksThe migration from Attack Vector: If untrusted or malicious PDF files are processed without proper validation or sandboxing, it could lead to deserialization attacks or resource exhaustion. Recommendation: Ensure that any usage of Rating: 🟡 MEDIUM 7. Race ConditionsNo changes in this PR suggest the introduction of race conditions. The dependency updates and workflow changes do not involve concurrent operations or time-of-check-to-time-of-use (TOCTOU) vulnerabilities. Rating: 🔵 LOW 8. Supply Chain RisksThe dependency updates address multiple CVEs flagged by OpenSSF Scorecard, which is a positive step. However, the migration from Attack Vector: If Recommendation:
Rating: 🟡 MEDIUM Summary of Findings
Suggested Actions
This PR improves the security posture of the repository by addressing known vulnerabilities and scoping workflow permissions. However, the retention of the |
There was a problem hiding this comment.
🤖 AI Agent: code-reviewer
Review Summary
This pull request addresses several critical issues by updating dependencies to patch known vulnerabilities, migrating from PyPDF2 to pypdf, and scoping GitHub Actions workflow permissions. While the changes are generally beneficial, there are a few areas that require further attention to ensure security, backward compatibility, and maintainability.
🔴 CRITICAL
-
PyPDF2 to pypdf Migration
- The migration from
PyPDF2topypdfis a significant change. Whilepypdfis a fork ofPyPDF2and is actively maintained, it is not a drop-in replacement in all cases. The PR does not include any updates to the codebase to reflect this migration. Ensure that:- All usages of
PyPDF2in the codebase are compatible withpypdf. - Tests are updated to cover the new library's behavior.
- Any breaking changes in
pypdfcompared toPyPDF2are addressed. For example,pypdfhas made changes to method names and parameters in some cases.
- All usages of
- The migration from
-
Cryptography Library Update
- While updating
cryptographyto>=45.0.3addresses several CVEs, ensure that the codebase is tested for compatibility with the new version.cryptographyupdates often include breaking changes, especially for deprecated APIs or changes in behavior for cryptographic primitives. Verify that:- All cryptographic operations (e.g., key generation, encryption, decryption, signing) are tested with the new version.
- Any deprecated APIs used in the codebase are updated.
- While updating
-
GitHub Actions Workflow Permissions
- The changes to workflow permissions are a good step toward the principle of least privilege. However, the
ai-release-notesandai-spec-drafterworkflows still grantwritepermissions tocontents,pull-requests, andissuesat the job level. Verify that these permissions are strictly necessary for the workflows to function. If not, consider reducing them further toreadpermissions.
- The changes to workflow permissions are a good step toward the principle of least privilege. However, the
🟡 WARNING
- Backward Compatibility
- The dependency updates (e.g.,
cryptography,black,nltk) and the migration fromPyPDF2topypdfmay introduce backward compatibility issues. Ensure that:- The public API of the library remains unchanged.
- Any breaking changes in the updated dependencies are accounted for and documented.
- Consumers of the library are informed about potential impacts through release notes or migration guides.
- The dependency updates (e.g.,
💡 SUGGESTIONS
-
Testing for Dependency Updates
- Ensure that the test suite is comprehensive enough to catch any issues introduced by the dependency updates. Specifically:
- Add tests for any functionality that relies on
cryptographyandpypdf. - Run the test suite with all supported Python versions (3.9 to 3.12) to ensure compatibility.
- Add tests for any functionality that relies on
- Ensure that the test suite is comprehensive enough to catch any issues introduced by the dependency updates. Specifically:
-
Documentation Updates
- The documentation in
dependencies.mdhas been updated to reflect the migration fromPyPDF2topypdf. However, consider adding a note about why the migration was necessary (e.g., security vulnerabilities inPyPDF2and lack of maintenance).
- The documentation in
-
Lock File Updates
- If the project uses lock files (e.g.,
poetry.lockorrequirements.txt), ensure they are updated to reflect the new dependency versions.
- If the project uses lock files (e.g.,
-
Workflow Permissions
- Consider adding comments in the workflow files to explain why specific permissions (e.g.,
contents: write) are required. This will help future maintainers understand the rationale behind the permissions.
- Consider adding comments in the workflow files to explain why specific permissions (e.g.,
-
Changelog
- Ensure that the changelog is updated to reflect the changes in this PR, especially the dependency updates and the migration to
pypdf.
- Ensure that the changelog is updated to reflect the changes in this PR, especially the dependency updates and the migration to
Conclusion
This PR addresses critical security vulnerabilities and improves the security posture of the project by scoping workflow permissions. However, the migration from PyPDF2 to pypdf and the cryptography update require thorough testing to ensure compatibility and prevent regressions. Additionally, the workflow permissions could be further scoped if possible. Addressing these issues will ensure a smooth and secure update.
Fixes 18 OSV vulnerabilities flagged by OpenSSF Scorecard. cryptography>=45.0.3 (6 CVEs), PyPDF2→pypdf>=6.8.0 (3 CVEs), nltk upper bound (4 CVEs patched), black>=25.1.0 (1 CVE). Workflow permissions scoped to job level for ai-release-notes and ai-spec-drafter. 15 files changed.