From 6c9959c10f3756cd6d0621084a3aa0bd9bf473df Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 5 Dec 2025 12:34:41 +0000 Subject: [PATCH] fix: backend/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PEEWEE-14157229 - https://snyk.io/vuln/SNYK-PYTHON-UNSTRUCTURED-14157218 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-14151620 --- backend/requirements.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/requirements.txt b/backend/requirements.txt index a82da19665e..eebcb4d732e 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -12,7 +12,7 @@ passlib[bcrypt]==1.7.4 requests==2.31.0 aiohttp==3.9.5 -peewee==3.17.3 +peewee==3.18.3 peewee-migrate==1.12.2 psycopg2-binary==2.9.9 PyMySQL==1.1.0 @@ -36,7 +36,7 @@ sentence-transformers==2.7.0 pypdf==4.2.0 docx2txt==0.8 python-pptx==0.6.23 -unstructured==0.11.8 +unstructured==0.18.18 Markdown==3.6 pypandoc==1.13 pandas==2.2.2 @@ -58,4 +58,5 @@ PyJWT[crypto]==2.8.0 black==24.4.2 langfuse==2.27.3 youtube-transcript-api==0.6.2 -pytube \ No newline at end of file +pytube +werkzeug>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file