feat: DIA-1757: upgrade libraries to address security vulns (#285)

HumanSignal · Dec 19, 2024 · 95b846a · 95b846a
1 parent 731a46a
commit 95b846a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 24 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -31,15 +31,14 @@ aiokafka = "^0.11.0"
 # https://github.com/python-poetry/poetry/issues/834
 # they also can't be installed as a `group`, because those are for dev dependencies only and could not be included if this package was pip-installed
 redis-om = "*"
-fastapi = ">=0.104.1,<0.110.0"
+fastapi = "^0.115.6"
 celery = {version = "^5.3.6", extras = ["redis"]}
 kombu = ">=5.4.0rc2" # Pin version to fix https://github.com/celery/celery/issues/8030. TODO: remove when this fix will be included in celery
 uvicorn = "*"
 pydantic-settings = "^2.2.1"
 label-studio-sdk = {url = "https://github.com/HumanSignal/label-studio-sdk/archive/83ec0f8a270e86ceabe8a8b846d404f1113ebd33.zip"}
-kafka-python = "^2.0.2"
-# https://github.com/geerlingguy/ansible-role-docker/issues/462#issuecomment-2144121102
-requests = "2.31.0"
+kafka-python-ng = "^2.2.3"
+requests = "^2.32.0"
 litellm = "^1.47.2"
 pandarallel = "^1.6.5"
 instructor = "^1.4.3"