Merge pull request #45 from NVIDIA-AI-Blueprints/antoniomtz/fix-high-severity-dependabot-alerts

fix: remediate high-severity Dependabot security alerts

Author: antoniomtz

pyproject.toml

@@ -11,12 +11,12 @@ dependencies = [
   "uvicorn[standard]==0.38.0",
   "starlette==0.49.3",
   "fastapi==0.121.0",
-  "python-multipart==0.0.20",
+  "python-multipart==0.0.22",
   "openai==2.7.1",
   "python-dotenv==1.2.1",
   "requests==2.32.5",
   "httpx==0.28.1",
-  "pillow==12.0.0",
+  "pillow==12.1.1",
   "pyyaml==6.0.3",
 ]
 
@@ -25,6 +25,9 @@ packages = ["src/backend"]
 
 [tool.uv]
 managed = true
+constraint-dependencies = [
+  "urllib3>=2.6.3",
+]
 dev-dependencies = [
   "pytest==8.4.2",
   "pytest-mock==3.14.0",

src/ui/package.json

@@ -32,7 +32,7 @@
     "class-variance-authority": "^0.7.1",
     "date-fns": "^4.1.0",
     "fast-equals": "^5.3.2",
-    "next": "15.4.10",
+    "next": "15.5.10",
     "react": "19.2.3",
     "react-day-picker": "^9.11.0",
     "react-dom": "19.2.3"
@@ -44,14 +44,14 @@
     "@types/react": "^19",
     "@types/react-dom": "^19",
     "eslint": "^9",
-    "eslint-config-next": "15.4.10",
+    "eslint-config-next": "15.5.10",
     "tailwindcss": "^4",
     "typescript": "^5"
   },
   "pnpm": {
     "overrides": {
       "js-yaml": "4.1.1",
-      "tar": ">=7.5.2"
+      "tar": ">=7.5.8"
     }
   }
 }