chore(deps): bump simpleeval from 0.9.13 to 1.0.5 in /airbyte-ci/connectors/connector_ops

[dependabot]

Bumps simpleeval from 0.9.13 to 1.0.5.

Release notes

Sourced from simpleeval's releases.

1.0.5

Fixes Security issues with "dangerous" modules & functions leaking through as attributes of other names, see:

Fixes CVE-2026-32640

GHSA-44vg-5wv2-h2hg

Breaking Change:

• Modules & Submodules now are not directly usable as names or as attributes of other items, if you still need this functionality, then use the new ModuleWrapper, or subclass SimpleEval to bypass it.

1.0.2 - packaging tweak

No functional changes - but release with the pip version removed from requirements.

1.0.1

Update the packaging / build after the 1.0.0 release.

No new features since 1.0.0

See the 1.0.0 release notes for details.

1.0.0

What's new in this release?

• Fix a sandbox escape via generators and _frame methods.
• Supporting dictionary comprehensions
• A custom exception rather than KeyError when names not found
• Dropping support for old python versions - if you need pre 3.9, then you can use an older version
• Various cleanups & tidying warnings, deprecation warnings etc.

---

So 1.0 as a 'this is the way it works'. It's been basically stable for years now, I've just never called it that - hopefully now this draws a line in what's possible without breaking changes.

---

There's lots of ideas to make it better - but that's better as a new 2.x branch with allowing a few breaking changes (mostly for security).

Commits

• a4659fa Merge pull request #171 from danthedeckie/remove-module-access
• 7c9180c version number bump
• cffa9f6 Much stricter lockdown via _check_disallowed_items plus adding ModuleWrapper
• 4e7f4b8 Add ByamB4 to contributors list
• 1654cbf Disallow module access & disallowed function access via attributes.
• 9cb4a7b Add a few additional DISALLOW_FUNCTIONS
• 0425898 Merge pull request #169 from danthedeckie/update-readme
• 618bcf4 update build tools / config
• 8828943 bump version, and update copyright year
• 97570fe lint string joining fixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.