From 2f734d1a30760ed2fe74532170702c8287376022 Mon Sep 17 00:00:00 2001
From: Thomas Juul Dyhr <thomas@dyhr.com>
Date: Wed, 1 Apr 2026 18:25:01 +0200
Subject: [PATCH] =?UTF-8?q?fix(deps):=20bump=20black=20>=3D24.0=20?=
 =?UTF-8?q?=E2=86=92=20>=3D26.3.1=20(CVE-2026-32274)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Black <26.3.1 writes cache files to attacker-controlled paths when
the --python-cell-magics CLI option is passed with untrusted input.
This is a dev-only dependency with low exploitability in CI, but
bumping to the patched version is the correct fix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 47a9dd5..9624c8d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -42,7 +42,7 @@ dev = [
     "pytest-timeout>=2.1",
     "pytest-mock>=3.14",
     "pytest-asyncio>=1.0",
-    "black>=24.0",
+    "black>=26.3.1",
     "ruff>=0.4",
     "mypy>=1.10",
     "types-PyYAML>=6.0.12",