Skip to content

Commit f63a456

Browse files
committed
security: force urllib3==2.6.3 to patch CVE-2026-21441
This update mitigates the decompression bomb vulnerability discovered in the streaming API. Also upgraded transitive dependencies including pydantic, aiohttp, and authlib to latest stable versions.
1 parent 83588fb commit f63a456

1 file changed

Lines changed: 57 additions & 34 deletions

File tree

requirements.txt

Lines changed: 57 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -6,45 +6,54 @@
66
#
77
aiohappyeyeballs==2.6.1
88
# via aiohttp
9-
aiohttp==3.13.1 ; python_version >= "3.9"
9+
aiohttp==3.13.3 ; python_version >= "3.9"
1010
# via omnipkg (pyproject.toml)
1111
aiosignal==1.4.0
1212
# via aiohttp
1313
annotated-types==0.7.0
1414
# via pydantic
15-
anyio==4.10.0
15+
anyio==4.12.1
1616
# via httpx
17-
attrs==25.3.0
17+
attrs==25.4.0
1818
# via aiohttp
19-
authlib==1.6.5 ; python_version >= "3.7"
19+
authlib==1.6.6 ; python_version >= "3.9"
2020
# via
2121
# omnipkg (pyproject.toml)
2222
# safety
23-
certifi==2025.8.3
23+
blinker==1.9.0
24+
# via flask
25+
certifi==2026.1.4
2426
# via
2527
# httpcore
2628
# httpx
2729
# requests
2830
cffi==2.0.0
2931
# via cryptography
30-
charset-normalizer==3.4.3
32+
charset-normalizer==3.4.4
3133
# via requests
32-
click==8.3.0
34+
click==8.3.1
3335
# via
36+
# flask
3437
# nltk
3538
# safety
3639
# typer
37-
cryptography==46.0.1
40+
cryptography==46.0.3
3841
# via authlib
3942
dparse==0.6.4
4043
# via
4144
# safety
4245
# safety-schemas
43-
filelock==3.20.1 ; python_version >= "3.10"
46+
filelock==3.20.2 ; python_version >= "3.10"
4447
# via
4548
# omnipkg (pyproject.toml)
4649
# safety
47-
frozenlist==1.7.0
50+
flask==3.1.2 ; python_version >= "3.8"
51+
# via
52+
# flask-cors
53+
# omnipkg (pyproject.toml)
54+
flask-cors==6.0.2 ; python_version >= "3.8"
55+
# via omnipkg (pyproject.toml)
56+
frozenlist==1.8.0
4857
# via
4958
# aiohttp
5059
# aiosignal
@@ -54,85 +63,88 @@ httpcore==1.0.9
5463
# via httpx
5564
httpx==0.28.1
5665
# via safety
57-
idna==3.10
66+
idna==3.11
5867
# via
5968
# anyio
6069
# httpx
6170
# requests
6271
# yarl
72+
itsdangerous==2.2.0
73+
# via flask
6374
jinja2==3.1.6
64-
# via safety
65-
joblib==1.5.2
75+
# via
76+
# flask
77+
# safety
78+
joblib==1.5.3
6679
# via nltk
6780
markdown-it-py==4.0.0
6881
# via rich
69-
markupsafe==3.0.2
70-
# via jinja2
71-
marshmallow==4.1.2 ; python_version >= "3.10"
82+
markupsafe==3.0.3
83+
# via
84+
# flask
85+
# jinja2
86+
# werkzeug
87+
marshmallow==4.2.0 ; python_version >= "3.10"
7288
# via
7389
# omnipkg (pyproject.toml)
7490
# safety
7591
mdurl==0.1.2
7692
# via markdown-it-py
77-
multidict==6.6.4
93+
multidict==6.7.0
7894
# via
7995
# aiohttp
8096
# yarl
81-
nltk==3.9.1
97+
nltk==3.9.2
8298
# via safety
8399
packaging==25.0 ; python_version >= "3.10"
84100
# via
85101
# dparse
86102
# omnipkg (pyproject.toml)
87103
# safety
88104
# safety-schemas
89-
propcache==0.3.2
105+
propcache==0.4.1
90106
# via
91107
# aiohttp
92108
# yarl
93-
psutil==7.1.0
109+
psutil==7.2.1
94110
# via omnipkg (pyproject.toml)
95111
pycparser==2.23
96112
# via cffi
97-
pydantic==2.9.2
113+
pydantic==2.12.5
98114
# via
99115
# safety
100116
# safety-schemas
101-
pydantic-core==2.23.4
117+
pydantic-core==2.41.5
102118
# via pydantic
103119
pygments==2.19.2
104120
# via rich
105-
regex==2025.9.18
121+
regex==2025.11.3
106122
# via nltk
107123
requests==2.32.5
108124
# via
109125
# omnipkg (pyproject.toml)
110126
# safety
111-
rich==14.1.0
127+
rich==14.2.0
112128
# via
113129
# omnipkg (pyproject.toml)
114130
# typer
115-
ruamel-yaml==0.18.15
131+
ruamel-yaml==0.19.1
116132
# via
117133
# safety
118134
# safety-schemas
119-
ruamel-yaml-clib==0.2.14
120-
# via ruamel-yaml
121135
safety==3.7.0 ; python_version >= "3.10" and python_version < "3.14"
122136
# via omnipkg (pyproject.toml)
123137
safety-schemas==0.0.16
124138
# via safety
125139
shellingham==1.5.4
126140
# via typer
127-
sniffio==1.3.1
128-
# via anyio
129141
tenacity==9.1.2
130142
# via safety
131143
tomlkit==0.13.3
132144
# via safety
133145
tqdm==4.67.1
134146
# via nltk
135-
typer==0.19.1
147+
typer==0.21.1
136148
# via
137149
# omnipkg (pyproject.toml)
138150
# safety
@@ -145,9 +157,20 @@ typing-extensions==4.15.0
145157
# safety
146158
# safety-schemas
147159
# typer
148-
urllib3==2.6.0
149-
# via requests
150-
uv==0.9.6 ; python_version >= "3.8"
160+
# typing-inspection
161+
typing-inspection==0.4.2
162+
# via pydantic
163+
urllib3==2.6.3
164+
# via
165+
# requests
166+
# urllib3-lts
167+
urllib3-lts==2025.66471.3
168+
# via omnipkg (pyproject.toml)
169+
uv==0.9.22 ; python_version >= "3.8"
151170
# via omnipkg (pyproject.toml)
152-
yarl==1.20.1
171+
werkzeug==3.1.4
172+
# via
173+
# flask
174+
# flask-cors
175+
yarl==1.22.0
153176
# via aiohttp

0 commit comments

Comments
 (0)