This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Topics
+14 more
Affected surfaces
ReleasePort's take
Light signalThe release upgrades the urllib3 dependency from version 2.6.3 to 2.7.0.
Why it matters: Update your dependency manifests to pin urllib3 at 2.7.0; test integration in dev before production deployment.
Summary
AI summaryMinor fixes and improvements.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Dependency | Medium |
urllib3 dependency bumped from version 2.6.3 to 2.7.0. urllib3 dependency bumped from version 2.6.3 to 2.7.0. Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
What's Changed
- chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2511
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.86.4...v0.86.5
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]