Skip to content

chore(deps): audit and update dependency constraint comments (#2471) #2492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mrveiss wants to merge 1 commit into from
Closed

chore(deps): audit and update dependency constraint comments (#2471) #2492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions autobot-backend/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ vanna>=0.7.0 # Issue #723: Natural language to SQL via Vanna.ai
# Issue #858: Additional runtime dependencies for Python 3.13
xxhash>=3.6.0 # Hash functions for LLM caching
structlog>=25.5.0 # Structured logging for service auth
llama-index>=0.13.0,<0.14.0 # RAG framework (pinned for API compatibility)
llama-index-llms-ollama>=0.7.0,<1.0.0 # Ollama LLM integration (0.7.0+ for core 0.13.0)
llama-index-embeddings-ollama>=0.7.0,<1.0.0 # Ollama embeddings (0.7.0+ for core 0.13.0)
llama-index-vector-stores-chroma>=0.5.0,<1.0.0 # ChromaDB vector store
llama-index>=0.13.0,<0.15.0 # RAG framework; 0.14.x verified compatible with sub-packages (verified 2026-03-26)
llama-index-llms-ollama>=0.7.0,<1.0.0 # Ollama LLM integration (0.7.0+ for core >=0.13.0)
llama-index-embeddings-ollama>=0.7.0,<1.0.0 # Ollama embeddings (0.7.0+ for core >=0.13.0)
llama-index-vector-stores-chroma>=0.5.0,<1.0.0 # ChromaDB vector store (0.5.0+ for core >=0.13.0)
# LangChain 1.x ecosystem — migrated from 0.3.x to fix SSRF CVE (#1572)
langchain>=1.2.0,<2.0.0 # Issue #1572: Migrated to 1.x (was 0.3.x)
langchain-core>=1.2.11,<2.0.0 # Issue #1572: SSRF CVE fix requires >=1.2.11
Expand Down
2 changes: 1 addition & 1 deletion autobot-slm-backend/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ typing_extensions>=4.0.0 # For Python 3.8 compatibility
# Authentication
PyJWT[crypto]>=2.8.0
passlib[bcrypt]>=1.7.4
bcrypt>=4.0.0,<5.0.0 # bcrypt 5.0.0 incompatible with passlib
bcrypt>=4.0.0,<5.0.0 # bcrypt 5.0.0 raises ValueError for >72-byte passwords, breaking passlib 1.7.4 (unmaintained, verified 2026-03-26)
python-multipart>=0.0.22 # SECURITY UPDATE - arbitrary file write fix

# Async utilities
Expand Down
3 changes: 2 additions & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ tenacity>=8.5.0
# Async SSH for PKI certificate distribution (Issue #166)
asyncssh>=2.22.0

# TensorFlow 2.19.1 supports protobuf <6.0.0dev (verified from PyPI metadata)
# TensorFlow 2.19.1 requires protobuf<6.0.0dev (verified 2026-03-26 from PyPI metadata)
# TF 2.20+ requires protobuf>=5.28.0; TF 2.21+ requires protobuf>=6.31.1 — upgrade TF first before widening
# Bumped to 5.29.6+ for JSON recursion depth bypass fix
protobuf>=5.29.6,<6.0.0

Expand Down
Loading