fix(deps): vuln minor: torch · patch: pytest [toto2]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• toto2 (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
torch	2.4.0	2.12.0	minor	Direct	5 CRITICAL, 13 HIGH, 20 MEDIUM, 10 LOW
pytest	8.0	8.0.2	patch	Direct	2 MEDIUM

---

Security Details

🚨 Critical & High Severity (18 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
torch	PYSEC-2024-259	critical	-	2.4.0	2.5.0
torch	GHSA-53q9-r3pm-6pq6	CRITICAL	PyTorch: torch.load with weights_only=True leads to remote code execution	2.4.0	2.6.0
torch	CVE-2025-32434	CRITICAL	PyTorch: torch.load with weights_only=True leads to remote code execution	2.4.0	-
torch	PYSEC-2025-41	CRITICAL	-	2.4.0	2.6.0
torch	CVE-2024-48063	critical	-	2.4.0	-
torch	PYSEC-2026-139	high	-	2.4.0	-
torch	CVE-2025-55558	high	-	2.4.0	-
torch	CVE-2025-55557	high	-	2.4.0	-
torch	PYSEC-2025-208	high	-	2.4.0	2.7.1
torch	PYSEC-2025-204	high	-	2.4.0	2.9.0
torch	PYSEC-2025-203	high	-	2.4.0	2.9.0
torch	CVE-2025-55551	high	-	2.4.0	-
torch	PYSEC-2025-205	high	-	2.4.0	2.7.1
torch	PYSEC-2025-207	high	-	2.4.0	2.7.1
torch	CVE-2025-55552	high	-	2.4.0	-
torch	CVE-2025-55553	high	-	2.4.0	-
torch	PYSEC-2025-209	high	-	2.4.0	2.7.1
torch	CVE-2025-55560	high	-	2.4.0	-

ℹ️ Other Vulnerabilities (32)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
torch	PYSEC-2025-196	medium	-	2.4.0	-
torch	CVE-2025-3136	medium	-	2.4.0	-
torch	CVE-2025-55554	medium	-	2.4.0	-
torch	PYSEC-2025-206	medium	-	2.4.0	2.9.0
torch	CVE-2025-3001	medium	-	2.4.0	-
torch	PYSEC-2025-192	medium	-	2.4.0	-
torch	PYSEC-2025-195	medium	-	2.4.0	-
torch	PYSEC-2025-197	medium	-	2.4.0	-
torch	CVE-2025-3121	medium	-	2.4.0	-
torch	PYSEC-2025-194	medium	-	2.4.0	-
torch	CVE-2025-3000	medium	-	2.4.0	-
torch	CVE-2025-46148	medium	-	2.4.0	-
torch	PYSEC-2025-198	medium	-	2.4.0	2.7.0
torch	CVE-2025-2998	medium	-	2.4.0	-
pytest	CVE-2025-71176	MODERATE	-	8.0	-
pytest	GHSA-6w46-j5rx-g56g	MODERATE	pytest has vulnerable tmpdir handling	8.0	9.0.3
torch	GHSA-887c-mr87-cxwp	MODERATE	PyTorch Improper Resource Shutdown or Release vulnerability	2.4.0	2.8.0
torch	CVE-2025-3730	MODERATE	-	2.4.0	-
torch	GHSA-vgrw-7cvw-pwgx	MODERATE	PyTorch is vulnerable to memory corruption through its unpack_sequence function	2.4.0	2.9.1
torch	PYSEC-2025-193	MODERATE	-	2.4.0	-
torch	CVE-2025-2999	MODERATE	-	2.4.0	-
torch	GHSA-f4hp-rmr7-r7v8	MODERATE	PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function	2.4.0	-
torch	PYSEC-2025-191	LOW	-	2.4.0	-
torch	GHSA-c678-jfcj-6jmf	LOW	PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument	2.4.0	-
torch	GHSA-rrmf-rvhw-rf47	LOW	PyTorch is vulnerable to memory corruption through its torch.jit.script function	2.4.0	-
torch	GHSA-3749-ghw9-m3mg	LOW	PyTorch susceptible to local Denial of Service	2.4.0	2.7.1-rc1
torch	GHSA-x3gm-94wq-g975	LOW	PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module	2.4.0	-
torch	GHSA-qfhq-4f3w-5fph	LOW	PyTorch is vulnerable to memory corruption through its torch.lstm_cell function	2.4.0	2.10.0
torch	PYSEC-2025-189	LOW	-	2.4.0	-
torch	CVE-2025-63396	low	-	2.4.0	-
torch	PYSEC-2025-210	low	-	2.4.0	-
torch	PYSEC-2025-190	LOW	-	2.4.0	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System