From cc223eb03c34b069a025f55ea290497fc0347ed7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 19:06:57 +0000
Subject: [PATCH] deps(deps): bump the security-tools group across 1 directory
 with 2 updates

Bumps the security-tools group with 2 updates in the / directory: [bandit](https://github.com/PyCQA/bandit) and [safety](https://github.com/pyupio/safety).


Updates `bandit` from 1.7.6 to 1.9.4
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.6...1.9.4)

Updates `safety` from 3.0.1 to 3.8.0
- [Release notes](https://github.com/pyupio/safety/releases)
- [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pyupio/safety/compare/3.0.1...3.8.0)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-tools
- dependency-name: safety
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-tools
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 config/requirements.txt | 4 ++--
 requirements/base.txt   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/requirements.txt b/config/requirements.txt
index 2e5bbe8..569caef 100644
--- a/config/requirements.txt
+++ b/config/requirements.txt
@@ -105,8 +105,8 @@ scipy==1.13.1                      # [可选] 漂移检测（KS）—— 1.11.4
 # deepeval==0.20.50                # [可选] LLM 评估
 
 # ===== [可选] 安全扫描 =====
-bandit==1.7.6                      # [稳定层] SAST Python 代码扫描
-safety==3.0.1                      # [稳定层] 依赖 CVE 检查
+bandit==1.9.4                      # [稳定层] SAST Python 代码扫描
+safety==3.8.0                      # [稳定层] 依赖 CVE 检查
 # OWASP ZAP DAST [外部]：daemon 模式（zap.sh -daemon -port 8080）
 # Burp Suite Pro [外部]：商业工具，启 REST API
 # pip-audit                        # CI 临时安装，无需固定
diff --git a/requirements/base.txt b/requirements/base.txt
index 8992cef..c3c6a28 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -50,8 +50,8 @@ reportlab==4.0.7
 python-pptx==0.6.23
 
 # 安全扫描
-bandit==1.7.6
-safety==3.0.1
+bandit==1.9.4
+safety==3.8.0
 
 # WebSocket（通用）
 websocket-client==1.8.0