From a90614d7eda05fc4f0de4680fbee10a53feb2a24 Mon Sep 17 00:00:00 2001 From: Paulo Lacerda Date: Fri, 12 Jun 2026 10:55:33 -0300 Subject: [PATCH 1/2] fix: update e2e agent dependencies for security advisories Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CHANGELOG.md | 7 +++++++ infra/e2e/agent-app/requirements.txt | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c786b00..87b911d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,13 @@ This format follows [Keep a Changelog](https://keepachangelog.com/) and adheres ## [Unreleased] +### Security +- **E2E agent container dependencies no longer resolve vulnerable Starlette or + mem0ai versions.** The sample FastAPI service now pins patched FastAPI and + Agent Framework releases and adds an explicit `mem0ai` pin so Dependabot no + longer reports the transitive Starlette host-header / file-response advisories + or the mem0ai unsafe deserialization advisory on the default branch. + ## [0.3.21] - 2026-06-12 ### Changed diff --git a/infra/e2e/agent-app/requirements.txt b/infra/e2e/agent-app/requirements.txt index 5df35411..875b6fc0 100644 --- a/infra/e2e/agent-app/requirements.txt +++ b/infra/e2e/agent-app/requirements.txt @@ -1,4 +1,5 @@ -fastapi==0.115.6 +fastapi==0.136.3 uvicorn[standard]==0.32.1 -agent-framework==1.2.1 +agent-framework==1.8.1 azure-identity==1.19.0 +mem0ai==2.0.5 From dc2d7ed2192dee7b29d86c7c72da30028e62f465 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 12 Jun 2026 13:59:47 +0000 Subject: [PATCH 2/2] chore: prepare release 0.3.22 --- .claude-plugin/marketplace.json | 2 +- .github/plugin/marketplace.json | 2 +- CHANGELOG.md | 2 ++ plugins/agentops/package.json | 2 +- plugins/agentops/plugin.json | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index b28acd13..a14f87bc 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -13,7 +13,7 @@ "name": "agentops-accelerator", "source": "../../plugins/agentops", "description": "Copilot agent skills for running standardized evaluation workflows with AgentOps Toolkit and Microsoft Foundry agents.", - "version": "0.3.21", + "version": "0.3.22", "keywords": [ "agentops", "evaluation", diff --git a/.github/plugin/marketplace.json b/.github/plugin/marketplace.json index b28acd13..a14f87bc 100644 --- a/.github/plugin/marketplace.json +++ b/.github/plugin/marketplace.json @@ -13,7 +13,7 @@ "name": "agentops-accelerator", "source": "../../plugins/agentops", "description": "Copilot agent skills for running standardized evaluation workflows with AgentOps Toolkit and Microsoft Foundry agents.", - "version": "0.3.21", + "version": "0.3.22", "keywords": [ "agentops", "evaluation", diff --git a/CHANGELOG.md b/CHANGELOG.md index 87b911d4..2988c414 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ This format follows [Keep a Changelog](https://keepachangelog.com/) and adheres ## [Unreleased] +## [0.3.22] - 2026-06-12 + ### Security - **E2E agent container dependencies no longer resolve vulnerable Starlette or mem0ai versions.** The sample FastAPI service now pins patched FastAPI and diff --git a/plugins/agentops/package.json b/plugins/agentops/package.json index 105e5b4e..60f253cd 100644 --- a/plugins/agentops/package.json +++ b/plugins/agentops/package.json @@ -2,7 +2,7 @@ "name": "agentops-accelerator", "displayName": "AgentOps Accelerator — Skills for GitHub Copilot", "description": "Copilot agent skills for running standardized evaluation workflows with AgentOps Accelerator and Microsoft Foundry agents.", - "version": "0.3.21", + "version": "0.3.22", "publisher": "AgentOpsAccelerator", "icon": "icon.png", "license": "MIT", diff --git a/plugins/agentops/plugin.json b/plugins/agentops/plugin.json index fbd9382f..97353826 100644 --- a/plugins/agentops/plugin.json +++ b/plugins/agentops/plugin.json @@ -1,7 +1,7 @@ { "name": "agentops-accelerator", "description": "Copilot agent skills for running standardized evaluation workflows with AgentOps Accelerator and Microsoft Foundry agents.", - "version": "0.3.21", + "version": "0.3.22", "author": { "name": "AgentOps Accelerator", "url": "https://github.com/Azure/agentops"