exasol · kratz00 · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026
diff --git a/.gitattributes b/.gitattributes
@@ -14,3 +14,4 @@ setup.py                                  linguist-generated=true
 /.github/workflows/merge-gate.yml         linguist-generated=True
 /.github/workflows/pr-merge.yml           linguist-generated=True
 /.github/workflows/report.yml             linguist-generated=True
+/.github/workflows/slow-checks.yml        linguist-generated=True
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml
diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml
diff --git a/.workflow-patcher.yml b/.workflow-patcher.yml
@@ -26,9 +26,9 @@ workflows:
         content:
           - name: Upload Artifacts
             id: upload-artifacts
-            uses: actions/upload-artifact@v6
+            uses: actions/upload-artifact@v7
             with:
-              name: coverage-python3.10-${{ matrix.backend }}-${{ matrix.exasol-version }}
+              name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow
               path: .coverage
               include-hidden-files: true
       - action: INSERT_AFTER

diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -1,3 +1,22 @@
 # Unreleased
 
 ## Summary
+
+This release fixes vulnerabilities by updating transitive dependencies in the `poetry.lock` file.
+
+| Dependency   | Version | ID                  | Fix Versions | Updated to |
+|--------------|---------|---------------------|--------------|------------|
+| black        | 25.12.0 | CVE-2026-32274      | 26.3.1       | 26.3.1     |
+| cryptography | 46.0.5  | CVE-2026-34073      | 46.0.6       | 46.0.6     |
+| pygments     | 2.19.2  | CVE-2026-4539       | 2.20         | 2.20       |
+| requests     | 2.32.5  | CVE-2026-25645      | 2.33.0       | 2.33.0     |
+| tornado      | 6.5.4   | GHSA-78cv-mqj4-43f7 | 6.5.5        | 6.5.5      |
+| tornado      | 6.5.4   | CVE-2026-31958      | 6.5.5        | 6.5.5      |
+
+To ensure usage of secure packages, it is up to the user to similarly relock their dependencies.
+
+## Security Issues
+
+* #284: Fixed vulnerabilities by re-locking transitive dependencies & updated:
+    * `actions/download-artifact` from v7 to v8
+    * `actions/upload-artifact` from v6 to v7
diff --git a/doc/developer_guide/developer_guide.rst b/doc/developer_guide/developer_guide.rst
@@ -31,9 +31,9 @@ Tests
 Pytest Plugins
 --------------
 
-BFSPY declares a dependency to pytest plugin ``pytest-exasol-backend`` which is
-maintained in GitHub repository `pytest-plugins/pytest_backend
-<https://github.com/exasol/pytest-plugins/tree/main/pytest-backend/>`_.  This
+BFSPY declares a dependency to ``pytest-exasol-backend`` which is
+maintained in GitHub repository `pytest_backend
+<https://github.com/exasol/pytest-backend/>`_.  This
 plugin makes additional fixtures available that are used in the saas
 integration tests of BFSPY, see files in folder `test_service_saas.py
 <https://github.com/exasol/bucketfs-python/blob/main/test/integration/test_service_saas.py>`_.