diff --git a/mflix/server/python-fastapi/requirements.in b/mflix/server/python-fastapi/requirements.in index 98fe728..6c148aa 100644 --- a/mflix/server/python-fastapi/requirements.in +++ b/mflix/server/python-fastapi/requirements.in @@ -46,8 +46,8 @@ fastapi-cloud-cli~=0.3.1 # Tools for cloud deployment (specific to your pipeline # 6. TESTING & MONITORING # Frameworks for ensuring code quality and production health. # ------------------------------------------------------------------------------ -pytest~=8.4.2 # Primary testing framework -pytest-asyncio~=1.2.0 # Plugin to make asynchronous tests easy with pytest +pytest~=9.0.3 # Primary testing framework (CVE-2025-71176 fix) +pytest-asyncio~=1.3.0 # Plugin to make asynchronous tests easy with pytest (pytest 9 compat) sentry-sdk~=2.42.1 # For error tracking and performance monitoring # ============================================================================== @@ -64,6 +64,9 @@ rich-toolkit~=0.15.1 # Extensions for the 'rich' library filelock>=3.20.3 # Transitive dep via huggingface-hub aiohttp>=3.13.4 # Transitive dep via voyageai (CVE-2026-34525) orjson>=3.11.7 # Transitive dep via langsmith (CVE fix) -langchain-core>=1.2.11 # Transitive dep via langchain-text-splitters (CVE-2026-26013 fix) +langchain-core>=1.2.28 # Transitive dep via langchain-text-splitters (CVE-2026-26013, CVE-2026-40087) +langsmith>=0.7.31 # Transitive dep via langchain (CVE-2026-41182) +langchain-text-splitters>=1.1.2 # Transitive dep via langchain (CVE-2026-41481) +pygments>=2.20.0 # Transitive dep via rich/pytest (CVE-2026-4539) pillow>=12.2.0 # Transitive dep via voyageai (Pillow 12.2.0 security fixes) requests>=2.33.0 # Transitive dep via langsmith/voyageai (CVE-2026-25645 fix) diff --git a/mflix/server/python-fastapi/requirements.txt b/mflix/server/python-fastapi/requirements.txt index d7985ad..73377c7 100644 --- a/mflix/server/python-fastapi/requirements.txt +++ b/mflix/server/python-fastapi/requirements.txt @@ -1,267 +1,100 @@ -# -# This file is autogenerated by pip-compile with Python 3.13 -# by the following command: -# -# pip-compile --output-file=requirements.txt requirements.in -# aiohappyeyeballs==2.6.1 - # via aiohttp aiohttp==3.13.5 - # via - # -r requirements.in - # voyageai aiolimiter==1.2.1 - # via voyageai aiosignal==1.4.0 - # via aiohttp annotated-doc==0.0.4 - # via fastapi annotated-types==0.7.0 - # via pydantic anyio==4.12.1 - # via - # httpx - # starlette - # watchfiles attrs==25.4.0 - # via aiohttp +boolean.py==5.0 +build==1.5.0 +CacheControl==0.14.4 certifi==2026.1.4 - # via - # httpcore - # httpx - # requests - # sentry-sdk charset-normalizer==3.4.4 - # via requests click==8.3.1 - # via - # rich-toolkit - # typer - # typer-slim - # uvicorn +cyclonedx-python-lib==11.7.0 +defusedxml==0.7.1 dnspython==2.8.0 - # via - # -r requirements.in - # email-validator - # pymongo email-validator==2.3.0 - # via - # -r requirements.in - # pydantic fastapi==0.120.4 - # via -r requirements.in fastapi-cli==0.0.20 - # via -r requirements.in fastapi-cloud-cli==0.3.1 - # via -r requirements.in ffmpeg-python==0.2.0 - # via voyageai filelock==3.20.3 - # via - # -r requirements.in - # huggingface-hub frozenlist==1.8.0 - # via - # aiohttp - # aiosignal fsspec==2026.2.0 - # via huggingface-hub future==1.0.0 - # via ffmpeg-python h11==0.16.0 - # via - # httpcore - # uvicorn hf-xet==1.2.0 - # via huggingface-hub httpcore==1.0.9 - # via httpx httptools==0.7.1 - # via uvicorn httpx==0.28.1 - # via - # -r requirements.in - # fastapi-cloud-cli - # huggingface-hub - # langsmith -huggingface-hub==1.4.1 - # via tokenizers +huggingface_hub==1.4.1 idna==3.11 - # via - # anyio - # email-validator - # httpx - # requests - # yarl iniconfig==2.3.0 - # via pytest jsonpatch==1.33 - # via langchain-core jsonpointer==3.0.0 - # via jsonpatch -langchain-core==1.2.11 - # via - # -r requirements.in - # langchain-text-splitters -langchain-text-splitters==1.1.0 - # via voyageai -langsmith==0.6.9 - # via langchain-core +langchain-core==1.3.3 +langchain-protocol==0.0.15 +langchain-text-splitters==1.1.2 +langsmith==0.8.3 +license-expression==30.4.4 markdown-it-py==4.0.0 - # via rich mdurl==0.1.2 - # via markdown-it-py +msgpack==1.1.2 multidict==6.7.1 - # via - # aiohttp - # yarl numpy==2.4.2 - # via voyageai orjson==3.11.7 - # via - # -r requirements.in - # langsmith +packageurl-python==0.17.6 packaging==26.0 - # via - # huggingface-hub - # langchain-core - # langsmith - # pytest pillow==12.2.0 - # via - # -r requirements.in - # voyageai +pip-api==0.0.34 +pip-requirements-parser==32.0.1 +pip-tools==7.5.3 +pip_audit==2.10.0 +platformdirs==4.9.6 pluggy==1.6.0 - # via pytest propcache==0.4.1 - # via - # aiohttp - # yarl -pydantic[email]==2.12.5 - # via - # -r requirements.in - # fastapi - # fastapi-cloud-cli - # langchain-core - # langsmith - # voyageai -pydantic-core==2.41.5 - # via pydantic -pygments==2.19.2 - # via - # pytest - # rich +py-serializable==2.1.0 +pydantic==2.12.5 +pydantic_core==2.41.5 +Pygments==2.20.0 pymongo==4.17.0 - # via -r requirements.in -pytest==8.4.2 - # via - # -r requirements.in - # pytest-asyncio -pytest-asyncio==1.2.0 - # via -r requirements.in +pyparsing==3.3.2 +pyproject_hooks==1.2.0 +pytest==9.0.3 +pytest-asyncio==1.3.0 python-dotenv==1.2.2 - # via - # -r requirements.in - # uvicorn python-multipart==0.0.27 - # via -r requirements.in -pyyaml==6.0.3 - # via - # -r requirements.in - # huggingface-hub - # langchain-core - # uvicorn -requests==2.33.0 - # via - # -r requirements.in - # langsmith - # requests-toolbelt - # voyageai +PyYAML==6.0.3 +requests==2.33.1 requests-toolbelt==1.0.0 - # via langsmith rich==14.2.0 - # via - # -r requirements.in - # rich-toolkit - # typer rich-toolkit==0.15.1 - # via - # -r requirements.in - # fastapi-cli - # fastapi-cloud-cli rignore==0.7.6 - # via fastapi-cloud-cli sentry-sdk==2.42.1 - # via - # -r requirements.in - # fastapi-cloud-cli +setuptools==82.0.1 shellingham==1.5.4 - # via - # huggingface-hub - # typer +sniffio==1.3.1 +sortedcontainers==2.4.0 starlette==0.49.3 - # via - # -r requirements.in - # fastapi tenacity==9.1.3 - # via - # langchain-core - # voyageai tokenizers==0.22.2 - # via voyageai +tomli==2.4.1 +tomli_w==1.2.0 tqdm==4.67.3 - # via huggingface-hub typer==0.20.1 - # via - # -r requirements.in - # fastapi-cli - # fastapi-cloud-cli typer-slim==0.21.1 - # via huggingface-hub -typing-extensions==4.15.0 - # via - # fastapi - # huggingface-hub - # langchain-core - # pydantic - # pydantic-core - # rich-toolkit - # typer - # typer-slim - # typing-inspection typing-inspection==0.4.2 - # via pydantic +typing_extensions==4.15.0 urllib3==2.6.3 - # via - # -r requirements.in - # requests - # sentry-sdk -uuid-utils==0.14.0 - # via - # langchain-core - # langsmith -uvicorn[standard]==0.38.0 - # via - # -r requirements.in - # fastapi-cli - # fastapi-cloud-cli +uuid_utils==0.14.0 +uvicorn==0.38.0 uvloop==0.22.1 - # via - # -r requirements.in - # uvicorn voyageai==0.3.7 - # via -r requirements.in watchfiles==1.1.1 - # via - # -r requirements.in - # uvicorn websockets==15.0.1 - # via - # -r requirements.in - # uvicorn +wheel==0.47.0 xxhash==3.6.0 - # via langsmith yarl==1.22.0 - # via aiohttp zstandard==0.25.0 - # via langsmith