Skip to content

LCORE-1108: Updated Konflux dependencies #1090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tisnik merged 1 commit into from
Feb 2, 2026
+62 −56
Merged

LCORE-1108: Updated Konflux dependencies #1090

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .tekton/lightspeed-stack-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
],
"requirements_build_files": ["requirements-build.txt"],
"binary": {
"packages": "accelerate,aiohappyeyeballs,aiohttp,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,attrs,autoevals,cffi,charset-normalizer,chevron,click,cryptography,datasets,dill,distro,dnspython,durationpy,faiss-cpu,fire,frozenlist,fsspec,googleapis-common-protos,grpcio,h11,hf-xet,httpcore,httpx,httpx-sse,huggingface-hub,idna,jinja2,jiter,joblib,jsonschema-specifications,lxml,markdown-it-py,mdurl,mpmath,networkx,nltk,numpy,oauthlib,opentelemetry-api,opentelemetry-exporter-otlp,opentelemetry-exporter-otlp-proto-common,opentelemetry-exporter-otlp-proto-grpc,opentelemetry-exporter-otlp-proto-http,opentelemetry-instrumentation,opentelemetry-proto,opentelemetry-sdk,opentelemetry-semantic-conventions,packaging,pandas,pillow,ply,polyleven,prompt-toolkit,propcache,proto-plus,psycopg2-binary,pyaml,pyarrow,pyasn1,pyasn1-modules,pydantic,pydantic-core,pydantic-settings,pygments,pyjwt,python-dateutil,python-dotenv,pytz,pyyaml,referencing,requests,requests-oauthlib,rpds-py,rsa,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,starlette,sympy,threadpoolctl,tiktoken,tokenizers,torch,tornado,tqdm,transformers,triton,typing-extensions,typing-inspection,tzdata,websocket-client,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
"packages": "accelerate,aiohappyeyeballs,aiohttp,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,attrs,autoevals,cffi,charset-normalizer,chevron,click,cryptography,datasets,dill,distro,dnspython,durationpy,faiss-cpu,fire,frozenlist,fsspec,googleapis-common-protos,grpcio,h11,hf-xet,httpcore,httpx,httpx-sse,huggingface-hub,idna,jinja2,jiter,joblib,jsonschema-specifications,lxml,markdown-it-py,mdurl,mpmath,networkx,nltk,numpy,oauthlib,opentelemetry-api,opentelemetry-exporter-otlp,opentelemetry-exporter-otlp-proto-common,opentelemetry-exporter-otlp-proto-grpc,opentelemetry-exporter-otlp-proto-http,opentelemetry-instrumentation,opentelemetry-proto,opentelemetry-sdk,opentelemetry-semantic-conventions,packaging,pandas,pillow,ply,polyleven,prompt-toolkit,propcache,proto-plus,psycopg2-binary,pyaml,pyarrow,pyasn1,pyasn1-modules,pydantic,pydantic-core,pydantic-settings,pygments,python-dateutil,python-dotenv,pytz,pyyaml,referencing,requests,requests-oauthlib,rpds-py,rsa,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,starlette,sympy,threadpoolctl,tiktoken,tokenizers,torch,tornado,transformers,triton,typing-extensions,typing-inspection,tzdata,websocket-client,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
"os": "linux",
"arch": "x86_64,aarch64",
"py_version": 312
Expand Down
2 changes: 1 addition & 1 deletion .tekton/lightspeed-stack-push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ spec:
],
"requirements_build_files": ["requirements-build.txt"],
"binary": {
"packages": "accelerate,aiohappyeyeballs,aiohttp,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,attrs,autoevals,cffi,charset-normalizer,chevron,click,cryptography,datasets,dill,distro,dnspython,durationpy,faiss-cpu,fire,frozenlist,fsspec,googleapis-common-protos,grpcio,h11,hf-xet,httpcore,httpx,httpx-sse,huggingface-hub,idna,jinja2,jiter,joblib,jsonschema-specifications,lxml,markdown-it-py,mdurl,mpmath,networkx,nltk,numpy,oauthlib,opentelemetry-api,opentelemetry-exporter-otlp,opentelemetry-exporter-otlp-proto-common,opentelemetry-exporter-otlp-proto-grpc,opentelemetry-exporter-otlp-proto-http,opentelemetry-instrumentation,opentelemetry-proto,opentelemetry-sdk,opentelemetry-semantic-conventions,packaging,pandas,pillow,ply,polyleven,prompt-toolkit,propcache,proto-plus,psycopg2-binary,pyaml,pyarrow,pyasn1,pyasn1-modules,pydantic,pydantic-core,pydantic-settings,pygments,pyjwt,python-dateutil,python-dotenv,pytz,pyyaml,referencing,requests,requests-oauthlib,rpds-py,rsa,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,starlette,sympy,threadpoolctl,tiktoken,tokenizers,torch,tornado,tqdm,transformers,triton,typing-extensions,typing-inspection,tzdata,websocket-client,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
"packages": "accelerate,aiohappyeyeballs,aiohttp,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,attrs,autoevals,cffi,charset-normalizer,chevron,click,cryptography,datasets,dill,distro,dnspython,durationpy,faiss-cpu,fire,frozenlist,fsspec,googleapis-common-protos,grpcio,h11,hf-xet,httpcore,httpx,httpx-sse,huggingface-hub,idna,jinja2,jiter,joblib,jsonschema-specifications,lxml,markdown-it-py,mdurl,mpmath,networkx,nltk,numpy,oauthlib,opentelemetry-api,opentelemetry-exporter-otlp,opentelemetry-exporter-otlp-proto-common,opentelemetry-exporter-otlp-proto-grpc,opentelemetry-exporter-otlp-proto-http,opentelemetry-instrumentation,opentelemetry-proto,opentelemetry-sdk,opentelemetry-semantic-conventions,packaging,pandas,pillow,ply,polyleven,prompt-toolkit,propcache,proto-plus,psycopg2-binary,pyaml,pyarrow,pyasn1,pyasn1-modules,pydantic,pydantic-core,pydantic-settings,pygments,python-dateutil,python-dotenv,pytz,pyyaml,referencing,requests,requests-oauthlib,rpds-py,rsa,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,starlette,sympy,threadpoolctl,tiktoken,tokenizers,torch,tornado,transformers,triton,typing-extensions,typing-inspection,tzdata,websocket-client,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
"os": "linux",
"arch": "x86_64,aarch64",
"py_version": 312
Expand Down
8 changes: 6 additions & 2 deletions requirements-build.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,11 @@ packaging==26.0
# wheel
pathspec==1.0.4
# via hatchling
pdm-backend==2.4.6
pdm-backend==2.4.7
# via fastapi
pluggy==1.6.0
# via hatchling
poetry-core==2.3.0
poetry-core==2.3.1
# via
# dunamai
# litellm
Expand All @@ -79,8 +79,10 @@ setuptools-scm==9.2.2
# via
# hatch-vcs
# importlib-metadata
# llama-stack-api
# pluggy
# setuptools-rust
# tqdm
# urllib3
tomlkit==0.14.0
# via uv-dynamic-versioning
Expand Down Expand Up @@ -124,12 +126,14 @@ setuptools==80.10.2
# psutil
# pycparser
# pycryptodomex
# pyjwt
# regex
# semver
# sentence-transformers
# setuptools-rust
# setuptools-scm
# sse-starlette
# tqdm
# tree-sitter
# trl
# trove-classifiers
102 changes: 54 additions & 48 deletions requirements.hashes.source.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ azure-identity==1.25.1 \
blobfile==3.1.0 \
--hash=sha256:2b4c5e766ebb7dfa20e4990cf6ec3d2106bdc91d632fb9377f170a234c5a5c6a \
--hash=sha256:d45b6b1fa3b0920732314c23ddbdb4f494ca12f787c2b6eb6bba6faa51382671
cachetools==6.2.6 \
--hash=sha256:16c33e1f276b9a9c0b49ab5782d901e3ad3de0dd6da9bf9bcd29ac5672f2f9e6 \
--hash=sha256:8c9717235b3c651603fff0076db52d6acbfd1b338b8ed50256092f7ce9c85bda
cachetools==7.0.0 \
--hash=sha256:a9abf18ff3b86c7d05b27ead412e235e16ae045925e531fae38d5fada5ed5b08 \
--hash=sha256:d52fef60e6e964a1969cfb61ccf6242a801b432790fe520d78720d757c81cbd2
Comment on lines +20 to +22
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

git ls-files | head -20

Repository: lightspeed-core/lightspeed-stack

Length of output: 782

🏁 Script executed:

find . -maxdepth 2 -name "requirements*.txt" -o -name "pyproject.toml" -o -name "setup.py" | head -20

Repository: lightspeed-core/lightspeed-stack

Length of output: 239

🏁 Script executed:

wc -l requirements.hashes.source.txt 2>/dev/null || echo "File not found, searching for it..."
fd -n "requirements.*" . --type f

Repository: lightspeed-core/lightspeed-stack

Length of output: 358

🏁 Script executed:

# Read the specific lines mentioned in the review comment from requirements.hashes.source.txt
sed -n '20,22p; 196,198p; 202,204p; 483,493p; 494,515p; 561,563p; 702,704p; 717,719p; 766,768p' requirements.hashes.source.txt

Repository: lightspeed-core/lightspeed-stack

Length of output: 4043

🏁 Script executed:

# Also check the beginning to see the file structure
head -30 requirements.hashes.source.txt

Repository: lightspeed-core/lightspeed-stack

Length of output: 1919

🏁 Script executed:

# Read pyproject.toml to check dependencies as per the learning
cat pyproject.toml

Repository: lightspeed-core/lightspeed-stack

Length of output: 6008

🏁 Script executed:

#!/bin/bash
# Verify package versions on PyPI
packages=(
  "cachetools==7.0.0"
  "litellm==1.81.6"
  "llama-stack-api==0.4.4"
  "protobuf==6.33.5"
  "psutil==7.2.2"
  "rich==14.3.2"
  "tqdm==4.67.2"
  "wcwidth==0.5.3"
  "pyjwt==2.11.0"
)

echo "=== Verifying PyPI versions ==="
for pkg in "${packages[@]}"; do
  name="${pkg%==*}"
  version="${pkg#*==}"
  echo "Checking $name $version..."
  
  # Use curl to check PyPI JSON API
  response=$(curl -s "https://pypi.org/pypi/$name/$version/json" 2>/dev/null)
  
  if echo "$response" | grep -q "\"version\": \"$version\"" 2>/dev/null; then
    echo "✓ FOUND: $name $version"
  else
    # Try alternative check
    if echo "$response" | grep -q "\"name\": \"$name\"" 2>/dev/null; then
      echo "✓ FOUND: $name $version"
    else
      echo "✗ NOT FOUND: $name $version"
    fi
  fi
done

Repository: lightspeed-core/lightspeed-stack

Length of output: 600

🌐 Web query:

security vulnerabilities cachetools 7.0.0 CVE

💡 Result:

  • There is no “cachetools 7.0.0” release for the PyPI package cachetools (the project’s current releases are in the 6.x line; PyPI shows recent 6.2.x releases, e.g., 6.2.6). [1]
  • No CVEs / direct vulnerabilities are currently associated with cachetools in major vulnerability trackers (e.g., Safety DB and Snyk both report no known security issues for cachetools). [2] [3]

If you meant CacheToolsUtils (a different PyPI project that does have a 7.0 series), say so and I’ll check CVEs/advisories for that package/version specifically. [4]

Sources: [1] [2] [3] [4]

🌐 Web query:

security vulnerabilities litellm 1.81.6 CVE

💡 Result:

No public CVE records I found list LiteLLM 1.81.6 as affected. The published LiteLLM CVEs (so far) are scoped to older versions (either specific versions or “before” / “up to” ranges) that are well below 1.81.6, e.g.:

  • CVE-2024-5225 (SQL injection): affected up to (including) 1.40.2. [1]
  • CVE-2024-2952 (SSTI): affected up to (excluding) 1.34.42. [2]
  • CVE-2024-4888 (arbitrary file deletion): affected up to (excluding) 1.35.19. [3]
  • CVE-2024-9606 (API key leakage in logs): affects LiteLLM before 1.44.12. [4]
  • CVE-2025-0628 (improper authorization / privilege escalation): affects all versions before 1.61.15 (fixed in 1.61.15). [5]
  • CVE-2025-11203 (health endpoint API_KEY disclosure): vendor advisory indicates it’s fixed in 1.63.14. [6]
  • Additional CVEs tied to specific older versions: 1.27.14 (CVE-2024-4890), 1.34.34 (CVE-2024-5710), 1.38.10 (CVE-2024-6587), 1.52.1 (CVE-2025-0330). [7]

If you want, paste your deployment mode (Python library vs proxy server) and enabled endpoints, and I can map which of the above are relevant attack-surface-wise even if your version is newer.

Sources: [1] [2] [3] [4] [5] [6] [7]

🌐 Web query:

security vulnerabilities protobuf 6.33.5 CVE

💡 Result:

protobuf 6.33.5 (PyPI) is primarily relevant because it fixes the most recent protobuf Python CVE:

  • CVE-2026-0994 (DoS via recursion depth bypass in google.protobuf.json_format.ParseDict() with nested Any)
    Affects protobuf ≤ 6.33.4; upgrading to 6.33.5 removes exposure. The CVE description is in NVD. [1][2][3]

Other notable recent protobuf-python CVE (already fixed well before 6.33.5):

  • CVE-2025-4565 (DoS via unbounded recursion in the pure-Python backend when parsing crafted protobuf data)
    Patched in 6.31.1 (and also 4.25.8 / 5.29.5), so 6.33.5 is not affected. [4]

As of the sources above, there are no additional CVEs specifically reported as affecting protobuf 6.33.5 (it appears as a “fixed/upgrade-to” version for the active recursion-related issue). [2][3]

Sources
[1] NVD – CVE-2026-0994: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
[2] Snyk (protobuf PyPI vuln page showing fix version): https://security.snyk.io/package/pip/protobuf/5.29.0
[3] Resolved Security (affected ≤6.33.4): https://www.resolvedsecurity.com/vulnerability-catalog/CVE-2026-0994
[4] GitHub Security Advisory (GHSA-8qvm-5x2c-j2w7 / CVE-2025-4565): GHSA-8qvm-5x2c-j2w7

🌐 Web query:

security vulnerabilities psutil 7.2.2 CVE

💡 Result:

As of Feb 2, 2026, there are no publicly listed CVEs known to affect psutil 7.2.2.

  • psutil 7.2.2 was uploaded to PyPI on Jan 28, 2026. [1]
  • Snyk reports “NO KNOWN SECURITY ISSUES” for the latest versions and notes that while psutil has historical vulnerabilities, they do not affect 7.2.2. [2]
  • The main widely referenced CVE for psutil is CVE-2019-18874 (double free due to refcount mishandling), which affects psutil through 5.6.5—so it does not apply to 7.2.2. [3]

Sources: [1] PyPI release files for psutil 7.2.2, [2] Snyk psutil package page, [3] NVD entry for CVE-2019-18874.

🌐 Web query:

security vulnerabilities pyjwt 2.11.0 CVE

💡 Result:

As of February 2, 2026, I can’t find any CVE that lists PyJWT 2.11.0 as an affected version. The public CVEs associated with PyJWT in recent years are tied to earlier versions:

  • CVE-2024-53861Issuer (iss) validation partial-match bug; affected: 2.10.0 only, fixed: 2.10.1. PyJWT 2.11.0 is not affected. [1]
  • CVE-2022-29217Algorithm confusion / risky algorithm usage when apps accept “all default algorithms”; patch recommended: upgrade to 2.4.0 and explicitly restrict allowed algorithms when decoding. PyJWT 2.11.0 is not affected (it is far newer than the fixed version guidance). [2]
  • CVE-2025-45768 – Reported as “weak encryption” in 2.10.1, but the record is explicitly disputed (supplier notes the key length is chosen by the application). It is not clearly established as a library vulnerability affecting later versions, and NVD’s affected configuration shown is 2.10.1. PyJWT 2.11.0 is not listed as affected. [3][4]

Bottom line: No CVE I found currently implicates PyJWT 2.11.0; the main actionable items are “don’t use 2.10.0” (due to CVE-2024-53861) and ensure your application explicitly restricts accepted algorithms when decoding tokens (the core risk described in CVE-2022-29217). [1][2]

Sources: NVD CVE entries and distro trackers. [1][2][3][4]

🏁 Script executed:

# Check if there's a typo and what the actual latest cachetools version is
curl -s "https://pypi.org/pypi/cachetools/json" | grep -o '"version": "[^"]*"' | head -5

Repository: lightspeed-core/lightspeed-stack

Length of output: 58

🌐 Web query:

cachetools latest version PyPI 2026

💡 Result:

The latest cachetools release on PyPI is 6.2.6, uploaded January 27, 2026. [1]

Critical: cachetools==7.0.0 does not exist on PyPI.

The version specified in the requirements file is invalid. The latest cachetools release is 6.2.6 (released January 27, 2026). Version 7.0.0 does not exist in any release on PyPI. This will cause installation failures.

Update the cachetools entry to use a valid version from the 6.x series (e.g., 6.2.6 or 6.2.0). Review all dependencies in the file to ensure they reference actual released versions on PyPI.

The other dependency versions checked (litellm 1.81.6, protobuf 6.33.5, psutil 7.2.2, pyjwt 2.11.0, and others) show no known security advisories.

🤖 Prompt for AI Agents 
In `@requirements.hashes.source.txt` around lines 20 - 22, The requirements file
pins a non-existent package version "cachetools==7.0.0" which will break
installs; update the entry for cachetools (the line containing
"cachetools==7.0.0") to a valid 6.x release such as "cachetools==6.2.6", replace
the accompanying --hash values with the correct SHA256 hashes for that exact
wheel/sdist (or remove hashes temporarily if you cannot regenerate them), and
scan the rest of requirements.hashes.source.txt to ensure all other package
versions are real on PyPI and their hashes match the chosen artifacts.

certifi==2026.1.4 \
--hash=sha256:9943707519e4add1115f44c2bc244f782c0249876bf51b6599fee1ffbedd685c \
--hash=sha256:ac726dd470482006e014ad384921ed6438c457018f4b3d204aea4281258b2120
Expand Down Expand Up @@ -193,15 +193,15 @@ kubernetes==35.0.0 \
langdetect==1.0.9 \
--hash=sha256:7cbc0746252f19e76f77c0b1690aadf01963be835ef0cd4b56dddf2a8f1dfc2a \
--hash=sha256:cbc1fef89f8d062739774bd51eda3da3274006b3661d199c2655f6b3f6d605a0
litellm==1.81.4 \
--hash=sha256:bd64fd4f11fe39c0c12fbb4a062c040bfb5c966f58717f38780d8a6b1e15169b \
--hash=sha256:be8ebc00ce08589a6851c88a2cb5fb399206844f31d107e37c9852013dd2333d
litellm==1.81.6 \
--hash=sha256:573206ba194d49a1691370ba33f781671609ac77c35347f8a0411d852cf6341a \
--hash=sha256:f02b503dfb7d66d1c939f82e4db21aeec1d6e2ed1fe3f5cd02aaec3f792bc4ae
llama-stack==0.4.3 \
--hash=sha256:423207eae2b640894992a9075ff9dd6300ff904ab06a49fe38cfe0bb809d4669 \
--hash=sha256:70d379ae9dbb5b1d0693f14054d9817aba183ffcd805133f0a4442baee132c6d
llama-stack-api==0.4.3 \
--hash=sha256:89cf8eaf1468b50ac426e14d39beb4f93994e0807b857f729765e4af0e9b53a1 \
--hash=sha256:f6c3e4d81d27a3332983a44f9295567e375136d4a402084958ed247f5676c1ee
llama-stack-api==0.4.4 \
--hash=sha256:3973ca3bacf86916e04e521f77e7909533eec7364d32c3eabc35dc2976dbfe7d \
--hash=sha256:7bbc63330ed186502dcd48f65cae014dbeb788ba5690be738c98693cfcd2f599
llama-stack-client==0.4.3 \
--hash=sha256:97b8cc5032bad4f0cdd1b0ae992cf44f5554679d315b7c40f46deb358c041f50 \
--hash=sha256:cb807be258206e8fedeb5e5ceba7be7108d3badb31d74199406808c3d1679c35
Expand Down Expand Up @@ -480,39 +480,39 @@ peft==0.18.1 \
prometheus-client==0.24.1 \
--hash=sha256:150db128af71a5c2482b36e588fc8a6b95e498750da4b17065947c16070f4055 \
--hash=sha256:7e0ced7fbbd40f7b84962d5d2ab6f17ef88a72504dcf7c0b40737b43b2a461f9
protobuf==6.33.4 \
--hash=sha256:0f12ddbf96912690c3582f9dffb55530ef32015ad8e678cd494312bd78314c4f \
--hash=sha256:1fe3730068fcf2e595816a6c34fe66eeedd37d51d0400b72fabc848811fdc1bc \
--hash=sha256:2fe67f6c014c84f655ee06f6f66213f9254b3a8b6bda6cda0ccd4232c73c06f0 \
--hash=sha256:3df850c2f8db9934de4cf8f9152f8dc2558f49f298f37f90c517e8e5c84c30e9 \
--hash=sha256:757c978f82e74d75cba88eddec479df9b99a42b31193313b75e492c06a51764e \
--hash=sha256:8f11ffae31ec67fc2554c2ef891dcb561dae9a2a3ed941f9e134c2db06657dbc \
--hash=sha256:918966612c8232fc6c24c78e1cd89784307f5814ad7506c308ee3cf86662850d \
--hash=sha256:955478a89559fa4568f5a81dce77260eabc5c686f9e8366219ebd30debf06aa6 \
--hash=sha256:c7c64f259c618f0bef7bee042075e390debbf9682334be2b67408ec7c1c09ee6 \
--hash=sha256:dc2e61bca3b10470c1912d166fe0af67bfc20eb55971dcef8dfa48ce14f0ed91
psutil==7.2.1 \
--hash=sha256:05cc68dbb8c174828624062e73078e7e35406f4ca2d0866c272c2410d8ef06d1 \
--hash=sha256:08a2f175e48a898c8eb8eace45ce01777f4785bc744c90aa2cc7f2fa5462a266 \
--hash=sha256:0d67c1822c355aa6f7314d92018fb4268a76668a536f133599b91edd48759442 \
--hash=sha256:2ceae842a78d1603753561132d5ad1b2f8a7979cb0c283f5b52fb4e6e14b1a79 \
--hash=sha256:35630d5af80d5d0d49cfc4d64c1c13838baf6717a13effb35869a5919b854cdf \
--hash=sha256:3fce5f92c22b00cdefd1645aa58ab4877a01679e901555067b1bd77039aa589f \
--hash=sha256:494c513ccc53225ae23eec7fe6e1482f1b8a44674241b54561f755a898650679 \
--hash=sha256:5e38404ca2bb30ed7267a46c02f06ff842e92da3bb8c5bfdadbd35a5722314d8 \
--hash=sha256:81442dac7abfc2f4f4385ea9e12ddf5a796721c0f6133260687fec5c3780fa49 \
--hash=sha256:923f8653416604e356073e6e0bccbe7c09990acef442def2f5640dd0faa9689f \
--hash=sha256:93f3f7b0bb07711b49626e7940d6fe52aa9940ad86e8f7e74842e73189712129 \
--hash=sha256:99a4cd17a5fdd1f3d014396502daa70b5ec21bf4ffe38393e152f8e449757d67 \
--hash=sha256:ab2b98c9fc19f13f59628d94df5cc4cc4844bc572467d113a8b517d634e362c6 \
--hash=sha256:b1b0671619343aa71c20ff9767eced0483e4fc9e1f489d50923738caf6a03c17 \
--hash=sha256:b2e953fcfaedcfbc952b44744f22d16575d3aa78eb4f51ae74165b4e96e55f42 \
--hash=sha256:ba9f33bb525b14c3ea563b2fd521a84d2fa214ec59e3e6a2858f78d0844dd60d \
--hash=sha256:cfbe6b40ca48019a51827f20d830887b3107a74a79b01ceb8cc8de4ccb17b672 \
--hash=sha256:d34d2ca888208eea2b5c68186841336a7f5e0b990edec929be909353a202768a \
--hash=sha256:ea46c0d060491051d39f0d2cff4f98d5c72b288289f57a21556cc7d504db37fc \
--hash=sha256:f7583aec590485b43ca601dd9cea0dcd65bd7bb21d30ef4ddbf4ea6b5ed1bdd3 \
--hash=sha256:f78baafb38436d5a128f837fab2d92c276dfb48af01a240b861ae02b2413ada8
protobuf==6.33.5 \
--hash=sha256:3093804752167bcab3998bec9f1048baae6e29505adaf1afd14a37bddede533c \
--hash=sha256:69915a973dd0f60f31a08b8318b73eab2bd6a392c79184b3612226b0a3f8ec02 \
--hash=sha256:6ddcac2a081f8b7b9642c09406bc6a4290128fce5f471cddd165960bb9119e5c \
--hash=sha256:8afa18e1d6d20af15b417e728e9f60f3aa108ee76f23c3b2c07a2c3b546d3afd \
--hash=sha256:8f04fa32763dcdb4973d537d6b54e615cc61108c7cb38fe59310c3192d29510a \
--hash=sha256:9b71e0281f36f179d00cbcb119cb19dec4d14a81393e5ea220f64b286173e190 \
--hash=sha256:a3157e62729aafb8df6da2c03aa5c0937c7266c626ce11a278b6eb7963c4e37c \
--hash=sha256:a5cb85982d95d906df1e2210e58f8e4f1e3cdc088e52c921a041f9c9a0386de5 \
--hash=sha256:cbf16ba3350fb7b889fca858fb215967792dc125b35c7976ca4818bee3521cf0 \
--hash=sha256:d71b040839446bac0f4d162e758bea99c8251161dae9d0983a3b88dee345153b
psutil==7.2.2 \
--hash=sha256:0746f5f8d406af344fd547f1c8daa5f5c33dbc293bb8d6a16d80b4bb88f59372 \
--hash=sha256:076a2d2f923fd4821644f5ba89f059523da90dc9014e85f8e45a5774ca5bc6f9 \
--hash=sha256:11fe5a4f613759764e79c65cf11ebdf26e33d6dd34336f8a337aa2996d71c841 \
--hash=sha256:1a571f2330c966c62aeda00dd24620425d4b0cc86881c89861fbc04549e5dc63 \
--hash=sha256:1a7b04c10f32cc88ab39cbf606e117fd74721c831c98a27dc04578deb0c16979 \
--hash=sha256:1fa4ecf83bcdf6e6c8f4449aff98eefb5d0604bf88cb883d7da3d8d2d909546a \
--hash=sha256:2edccc433cbfa046b980b0df0171cd25bcaeb3a68fe9022db0979e7aa74a826b \
--hash=sha256:7b6d09433a10592ce39b13d7be5a54fbac1d1228ed29abc880fb23df7cb694c9 \
--hash=sha256:8c233660f575a5a89e6d4cb65d9f938126312bca76d8fe087b947b3a1aaac9ee \
--hash=sha256:917e891983ca3c1887b4ef36447b1e0873e70c933afc831c6b6da078ba474312 \
--hash=sha256:ab486563df44c17f5173621c7b198955bd6b613fb87c71c161f827d3fb149a9b \
--hash=sha256:ae0aefdd8796a7737eccea863f80f81e468a1e4cf14d926bd9b6f5f2d5f90ca9 \
--hash=sha256:b0726cecd84f9474419d67252add4ac0cd9811b04d61123054b9fb6f57df6e9e \
--hash=sha256:b58fabe35e80b264a4e3bb23e6b96f9e45a3df7fb7eed419ac0e5947c61e47cc \
--hash=sha256:c7663d4e37f13e884d13994247449e9f8f574bc4655d509c3b95e9ec9e2b9dc1 \
--hash=sha256:e452c464a02e7dc7822a05d25db4cde564444a67e58539a00f929c51eddda0cf \
--hash=sha256:e78c8603dcd9a04c7364f1a3e670cea95d51ee865e4efb3556a3a63adef958ea \
--hash=sha256:eb7e81434c8d223ec4a219b5fc1c47d0417b12be7ea866e24fb5ad6e84b3d988 \
--hash=sha256:ed0cace939114f62738d808fdcecd4c869222507e266e574799e9c0faa17d486 \
--hash=sha256:eed63d3b4d62449571547b60578c5b2c4bcccc5387148db46e0c2313dad0ee00 \
--hash=sha256:fd04ef36b4a6d599bbdb225dd1d3f51e00105f6d48a28f006da7f9822f2606d8
pycparser==3.0 \
--hash=sha256:600f49d217304a5902ac3c37e1281c9fe94e4d0489de643a9504c5cdfdfc6b29 \
--hash=sha256:b727414169a36b7d524c1c3e31839a521725078d7b2ff038656844266160a992
Expand Down Expand Up @@ -558,6 +558,9 @@ pycryptodomex==3.23.0 \
--hash=sha256:f489c4765093fb60e2edafdf223397bc716491b2b69fe74367b70d6999257a5c \
--hash=sha256:fdfac7cda115bca3a5abb2f9e43bc2fb66c2b65ab074913643803ca7083a79ea \
--hash=sha256:febec69c0291efd056c65691b6d9a339f8b4bc43c6635b8699471248fe897fea
pyjwt==2.11.0 \
--hash=sha256:35f95c1f0fbe5d5ba6e43f00271c275f7a1a4db1dab27bf708073b75318ea623 \
--hash=sha256:94a6bde30eb5c8e04fee991062b534071fd1439ef58d2adc9ccb823e7bcd0469
pythainlp==5.2.0 \
--hash=sha256:04c6e4bdd806204be742f139b1f2e666411c4509c270dfff1a8b5afa69d36d2b \
--hash=sha256:fd64d6b3d33973782390822e74b8e2c9b867760eeed19d0d218945165b431e35
Expand Down Expand Up @@ -696,9 +699,9 @@ regex==2026.1.15 \
--hash=sha256:fd65af65e2aaf9474e468f9e571bd7b189e1df3a61caa59dcbabd0000e4ea839 \
--hash=sha256:fe2fda4110a3d0bc163c2e0664be44657431440722c5c5315c65155cab92f9e5 \
--hash=sha256:febd38857b09867d3ed3f4f1af7d241c5c50362e25ef43034995b77a50df494e
rich==14.3.1 \
--hash=sha256:b8c5f568a3a749f9290ec6bddedf835cec33696bfc1e48bcfecb276c7386e4b8 \
--hash=sha256:da750b1aebbff0b372557426fb3f35ba56de8ef954b3190315eb64076d6fb54e
rich==14.3.2 \
--hash=sha256:08e67c3e90884651da3239ea668222d19bea7b589149d8014a21c633420dbb69 \
--hash=sha256:e712f11c1a562a11843306f5ed999475f09ac31ffb64281f73ab29ffdda8b3b8
semver==3.0.4 \
--hash=sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746 \
--hash=sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602
Expand All @@ -711,6 +714,9 @@ sse-starlette==3.2.0 \
termcolor==3.3.0 \
--hash=sha256:348871ca648ec6a9a983a13ab626c0acce02f515b9e1983332b17af7979521c5 \
--hash=sha256:cf642efadaf0a8ebbbf4bc7a31cec2f9b5f21a9f726f4ccbb08192c9c26f43a5
tqdm==4.67.2 \
--hash=sha256:649aac53964b2cb8dec76a14b405a4c0d13612cb8933aae547dd144eacc99653 \
--hash=sha256:9a12abcbbff58b6036b2167d9d3853042b9d436fe7330f06ae047867f2f8e0a7
tree-sitter==0.25.2 \
--hash=sha256:0628671f0de69bb279558ef6b640bcfc97864fe0026d840f872728a86cd6b6cd \
--hash=sha256:0c8b6682cac77e37cfe5cf7ec388844957f48b7bd8d6321d0ca2d852994e10d5 \
Expand Down Expand Up @@ -757,6 +763,6 @@ urllib3==2.6.3 \
uvicorn==0.40.0 \
--hash=sha256:839676675e87e73694518b5574fd0f24c9d97b46bea16df7b8c05ea1a51071ea \
--hash=sha256:c6c8f55bc8bf13eb6fa9ff87ad62308bbbc33d0b67f84293151efe87e0d5f2ee
wcwidth==0.5.0 \
--hash=sha256:1efe1361b83b0ff7877b81ba57c8562c99cf812158b778988ce17ec061095695 \
--hash=sha256:f89c103c949a693bf563377b2153082bf58e309919dfb7f27b04d862a0089333
wcwidth==0.5.3 \
--hash=sha256:53123b7af053c74e9fe2e92ac810301f6139e64379031f7124574212fb3b4091 \
--hash=sha256:d584eff31cd4753e1e5ff6c12e1edfdb324c995713f75d26c29807bb84bf649e
4 changes: 0 additions & 4 deletions requirements.hashes.wheel.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,6 @@ pydantic-settings==2.12.0 \
--hash=sha256:1f1d9882776a999776b4364623ff2715a409f7910722ac14bac2b08db58bfcdd
pygments==2.19.2 \
--hash=sha256:3c7239b5a90a9339df2ddb3d4fd8fdaa79eb1cffa183937fe92ff1042f94f0d0
pyjwt==2.10.1 \
--hash=sha256:d7a2859c48ba7b92b238f283e68c7700befdd8ed1ed8b4ba6495b27b7ea1b414
python-dateutil==2.9.0.post0 \
--hash=sha256:9f85618b077d3ffc8beecb57c9444d7e4a25143764ed73647ea6cdf407fd58c0
python-dotenv==1.2.1 \
Expand Down Expand Up @@ -270,8 +268,6 @@ tornado==6.5.4 \
--hash=sha256:91a7119280c0c1424b107e725ae0ace234323d057220647e84e17156fe1d8acd \
--hash=sha256:cac9ee0f7c9664b7d3736fa6cd93e752c583161a929fc2a4abc3a014192ac2f5 \
--hash=sha256:d59e284efd19f3cad7ee1a1188d2fc7bb483253fd08bc3e9c034f063414a7037
tqdm==4.67.1 \
--hash=sha256:1cdccba6e6e9ca388c44f874f4983c32fa9d8b314f8571e4e5231e0cc412eb3d
transformers==4.57.3 \
--hash=sha256:25a28e64a3ad117a1560eca50f41504d035606259902d421d933282f5d3a352e
triton==3.5.0 \
Expand Down
Loading