From 19109f279c2dd0e82aa410fdfd747d194b3d1d94 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Wed, 31 Dec 2025 14:38:20 -0600 Subject: [PATCH 1/4] Bump packages to resolve cves --- requirements/base.txt | 86 ++++++++++++++++++------------------ requirements/constraints.txt | 4 +- requirements/test.txt | 60 ++++++++++++------------- 3 files changed, 73 insertions(+), 77 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 547449170..c1329f01e 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -4,17 +4,17 @@ # # pip-compile --no-strip-extras ./requirements/base.in # -accelerate==1.11.0 +accelerate==1.12.0 # via unstructured-inference aiofiles==25.1.0 # via unstructured-client -annotated-doc==0.0.3 +annotated-doc==0.0.4 # via fastapi annotated-types==0.7.0 # via pydantic antlr4-python3-runtime==4.9.3 # via omegaconf -anyio==4.11.0 +anyio==4.12.0 # via # httpx # starlette @@ -22,11 +22,11 @@ backoff==2.2.1 # via # -r requirements/base.in # unstructured -beautifulsoup4==4.14.2 +beautifulsoup4==4.14.3 # via unstructured -cachetools==6.2.1 +cachetools==6.2.4 # via google-auth -certifi==2025.10.5 +certifi==2025.11.12 # via # httpcore # httpx @@ -38,7 +38,7 @@ charset-normalizer==3.4.4 # pdfminer-six # requests # unstructured -click==8.3.0 +click==8.3.1 # via # -r requirements/base.in # nltk @@ -65,26 +65,26 @@ emoji==2.15.0 # via unstructured et-xmlfile==2.0.0 # via openpyxl -fastapi==0.121.0 +fastapi==0.128.0 # via -r requirements/base.in -filelock==3.20.0 +filelock==3.20.1 # via # huggingface-hub # torch # transformers filetype==1.2.0 # via unstructured -flatbuffers==25.9.23 +flatbuffers==25.12.19 # via onnxruntime -fonttools==4.60.1 +fonttools==4.61.1 # via matplotlib -fsspec==2025.10.0 +fsspec==2025.12.0 # via # huggingface-hub # torch google-api-core[grpc]==2.28.1 # via google-cloud-vision -google-auth==2.43.0 +google-auth==2.45.0 # via # google-api-core # google-cloud-vision @@ -131,7 +131,7 @@ idna==3.11 # requests jinja2==3.1.6 # via torch -joblib==1.5.2 +joblib==1.5.3 # via nltk kiwisolver==1.4.9 # via matplotlib @@ -147,11 +147,11 @@ markdown==3.10 # via unstructured markupsafe==3.0.3 # via jinja2 -marshmallow==3.26.1 +marshmallow==3.26.2 # via dataclasses-json -matplotlib==3.10.7 +matplotlib==3.10.8 # via unstructured-inference -ml-dtypes==0.5.3 +ml-dtypes==0.5.4 # via onnx mpmath==1.3.0 # via sympy @@ -159,7 +159,7 @@ msoffcrypto-tool==5.4.2 # via unstructured mypy-extensions==1.1.0 # via typing-inspect -networkx==3.5 +networkx==3.6.1 # via # torch # unstructured @@ -188,7 +188,7 @@ olefile==0.47 # python-oxmsg omegaconf==2.3.0 # via effdet -onnx==1.19.1 +onnx==1.20.0 # via # unstructured # unstructured-inference @@ -216,13 +216,13 @@ pandas==2.3.3 # unstructured-inference pdf2image==1.17.0 # via unstructured -pdfminer-six==20250506 +pdfminer-six==20251230 # via # unstructured # unstructured-inference pi-heif==1.1.1 # via unstructured -pikepdf==10.0.0 +pikepdf==10.1.0 # via unstructured pillow==12.0.0 # via @@ -233,11 +233,11 @@ pillow==12.0.0 # python-pptx # torchvision # unstructured-pytesseract -proto-plus==1.26.1 +proto-plus==1.27.0 # via # google-api-core # google-cloud-vision -protobuf==6.33.0 +protobuf==6.33.2 # via # google-api-core # google-cloud-vision @@ -246,7 +246,7 @@ protobuf==6.33.0 # onnx # onnxruntime # proto-plus -psutil==7.1.3 +psutil==7.2.1 # via # -r requirements/base.in # accelerate @@ -257,28 +257,28 @@ pyasn1==0.6.1 # rsa pyasn1-modules==0.4.2 # via google-auth -pycocotools==2.0.10 +pycocotools==2.0.11 # via effdet pycparser==2.23 # via cffi pycryptodome==3.23.0 # via -r requirements/base.in -pydantic==2.12.4 +pydantic==2.12.5 # via # fastapi # unstructured-client pydantic-core==2.41.5 # via pydantic -pypandoc==1.15 +pypandoc==1.16.2 # via unstructured -pyparsing==3.2.5 +pyparsing==3.3.1 # via matplotlib -pypdf==6.1.3 +pypdf==6.5.0 # via # -r requirements/base.in # unstructured # unstructured-client -pypdfium2==5.0.0 +pypdfium2==5.2.0 # via unstructured-inference python-dateutil==2.9.0.post0 # via @@ -286,11 +286,11 @@ python-dateutil==2.9.0.post0 # pandas python-docx==1.2.0 # via unstructured -python-iso639==2025.2.18 +python-iso639==2025.11.16 # via unstructured python-magic==0.4.27 # via unstructured -python-multipart==0.0.20 +python-multipart==0.0.21 # via unstructured-inference python-oxmsg==0.0.2 # via unstructured @@ -327,7 +327,7 @@ requests-toolbelt==1.0.0 # via unstructured-client rsa==4.9.1 # via google-auth -safetensors==0.6.2 +safetensors==0.7.0 # via # accelerate # timm @@ -339,9 +339,7 @@ six==1.17.0 # html5lib # langdetect # python-dateutil -sniffio==1.3.1 - # via anyio -soupsieve==2.8 +soupsieve==2.8.1 # via beautifulsoup4 starlette==0.41.2 # via @@ -357,14 +355,14 @@ timm==1.0.22 # unstructured-inference tokenizers==0.22.1 # via transformers -torch==2.9.0 +torch==2.9.1 # via # accelerate # effdet # timm # torchvision # unstructured-inference -torchvision==0.24.0 +torchvision==0.24.1 # via # effdet # timm @@ -374,7 +372,7 @@ tqdm==4.67.1 # nltk # transformers # unstructured -transformers==4.57.1 +transformers==4.57.3 # via unstructured-inference typing-extensions==4.15.0 # via @@ -397,19 +395,19 @@ typing-inspect==0.9.0 # via dataclasses-json typing-inspection==0.4.2 # via pydantic -tzdata==2025.2 +tzdata==2025.3 # via pandas -unstructured[all-docs]==0.18.18 +unstructured[all-docs]==0.18.24 # via -r requirements/base.in -unstructured-client==0.42.3 +unstructured-client==0.42.6 # via unstructured unstructured-inference==1.1.1 # via unstructured unstructured-pytesseract==0.3.15 # via unstructured -urllib3==2.5.0 +urllib3==2.6.2 # via requests -uvicorn==0.38.0 +uvicorn==0.40.0 # via -r requirements/base.in webencodings==0.5.1 # via html5lib diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c1b2a25a3..2a2d6bac8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -4,14 +4,12 @@ # # pip-compile --no-strip-extras ./requirements/constraints.in # -anyio==4.11.0 +anyio==4.12.0 # via starlette idna==3.11 # via anyio numpy==1.26.4 # via -r requirements/constraints.in -sniffio==1.3.1 - # via anyio starlette==0.41.2 # via -r requirements/constraints.in typing-extensions==4.15.0 diff --git a/requirements/test.txt b/requirements/test.txt index 1f92115a4..2c2dc597b 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -4,7 +4,7 @@ # # pip-compile --no-strip-extras ./requirements/test.in # -anyio==4.11.0 +anyio==4.12.0 # via # httpx # jupyter-server @@ -16,7 +16,7 @@ argon2-cffi-bindings==25.1.0 # via argon2-cffi arrow==1.4.0 # via isoduration -asttokens==3.0.0 +asttokens==3.0.1 # via # nbdev # stack-data @@ -30,15 +30,15 @@ attrs==25.4.0 # referencing babel==2.17.0 # via jupyterlab-server -beautifulsoup4==4.14.2 +beautifulsoup4==4.14.3 # via nbconvert -black==25.9.0 +black==25.12.0 # via -r requirements/test.in bleach[css]==6.3.0 # via nbconvert build==1.3.0 # via nbdev -certifi==2025.10.5 +certifi==2025.11.12 # via # httpcore # httpx @@ -47,7 +47,7 @@ cffi==2.0.0 # via argon2-cffi-bindings charset-normalizer==3.4.4 # via requests -click==8.3.0 +click==8.3.1 # via # -r requirements/test.in # black @@ -55,9 +55,9 @@ comm==0.2.3 # via # ipykernel # ipywidgets -coverage[toml]==7.11.1 +coverage[toml]==7.13.1 # via pytest-cov -debugpy==1.8.17 +debugpy==1.8.19 # via ipykernel decorator==5.2.1 # via ipython @@ -65,13 +65,13 @@ deepdiff==8.6.1 # via -r requirements/test.in defusedxml==0.7.1 # via nbconvert -execnb==0.1.15 +execnb==0.1.16 # via nbdev -execnet==2.1.1 +execnet==2.1.2 # via pytest-xdist executing==2.2.1 # via stack-data -fastcore==1.8.15 +fastcore==1.10.0 # via # execnb # ghapi @@ -105,7 +105,7 @@ ipykernel==7.1.0 # jupyter # jupyter-console # jupyterlab -ipython==9.7.0 +ipython==9.8.0 # via # execnb # ipykernel @@ -138,7 +138,7 @@ jsonschema-specifications==2025.9.1 # via jsonschema jupyter==1.1.1 # via -r requirements/test.in -jupyter-client==8.6.3 +jupyter-client==8.7.0 # via # ipykernel # jupyter-console @@ -169,7 +169,7 @@ jupyter-server==2.17.0 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterlab==4.4.10 +jupyterlab==4.5.1 # via # jupyter # notebook @@ -183,6 +183,8 @@ jupyterlab-widgets==3.0.16 # via ipywidgets lark==1.3.1 # via rfc3987-syntax +librt==0.7.5 + # via mypy markupsafe==3.0.3 # via # jinja2 @@ -193,21 +195,21 @@ matplotlib-inline==0.2.1 # ipython mccabe==0.7.0 # via flake8 -mistune==3.1.4 +mistune==3.2.0 # via nbconvert -mypy==1.18.2 +mypy==1.19.1 # via -r requirements/test.in mypy-extensions==1.1.0 # via # black # mypy -nbclient==0.10.2 +nbclient==0.10.4 # via nbconvert nbconvert==7.16.6 # via # jupyter # jupyter-server -nbdev==2.4.6 +nbdev==2.4.7 # via -r requirements/test.in nbformat==5.10.4 # via @@ -216,7 +218,7 @@ nbformat==5.10.4 # nbconvert nest-asyncio==1.6.0 # via ipykernel -notebook==7.4.7 +notebook==7.5.1 # via jupyter notebook-shim==0.2.4 # via @@ -248,7 +250,7 @@ pathspec==0.12.1 # mypy pexpect==4.9.0 # via ipython -platformdirs==4.5.0 +platformdirs==4.5.1 # via # black # jupyter-core @@ -262,7 +264,7 @@ prompt-toolkit==3.0.52 # via # ipython # jupyter-console -psutil==7.1.3 +psutil==7.2.1 # via ipykernel ptyprocess==0.7.0 # via @@ -285,7 +287,7 @@ pygments==2.19.2 # pytest pyproject-hooks==1.2.0 # via build -pytest==8.4.2 +pytest==9.0.2 # via # pytest-cov # pytest-mock @@ -331,20 +333,18 @@ rfc3986-validator==0.1.1 # jupyter-events rfc3987-syntax==1.1.0 # via jsonschema -rpds-py==0.28.0 +rpds-py==0.30.0 # via # jsonschema # referencing -send2trash==1.8.3 +send2trash==2.0.0 # via jupyter-server six==1.17.0 # via # astunparse # python-dateutil # rfc3339-validator -sniffio==1.3.1 - # via anyio -soupsieve==2.8 +soupsieve==2.8.1 # via beautifulsoup4 stack-data==0.6.3 # via ipython @@ -354,7 +354,7 @@ terminado==0.18.1 # jupyter-server-terminals tinycss2==1.4.0 # via bleach -tornado==6.5.2 +tornado==6.5.4 # via # ipykernel # jupyter-client @@ -383,11 +383,11 @@ typing-extensions==4.15.0 # beautifulsoup4 # mypy # referencing -tzdata==2025.2 +tzdata==2025.3 # via arrow uri-template==1.3.0 # via jsonschema -urllib3==2.5.0 +urllib3==2.6.2 # via requests watchdog==6.0.0 # via nbdev From b56750d8a1607faca0bcd9490c7dedd6171cf4e9 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Wed, 31 Dec 2025 14:38:54 -0600 Subject: [PATCH 2/4] bump version --- prepline_general/api/__version__.py | 2 +- preprocessing-pipeline-family.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prepline_general/api/__version__.py b/prepline_general/api/__version__.py index 8a4d4ffeb..7cd18c1c9 100644 --- a/prepline_general/api/__version__.py +++ b/prepline_general/api/__version__.py @@ -1 +1 @@ -__version__ = "0.0.90" # pragma: no cover +__version__ = "0.0.91" # pragma: no cover diff --git a/preprocessing-pipeline-family.yaml b/preprocessing-pipeline-family.yaml index 6a5492b15..7b5199b7e 100644 --- a/preprocessing-pipeline-family.yaml +++ b/preprocessing-pipeline-family.yaml @@ -1,2 +1,2 @@ name: general -version: 0.0.90 +version: 0.0.91 From 7f8f4b1157b22fc40dcaa9a7ba3f044c31619441 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Wed, 31 Dec 2025 14:42:20 -0600 Subject: [PATCH 3/4] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cbebab3b..8529bfc6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 0.0.91 +* Upgrade packages to resolve CVEs + ## 0.0.90 * Upgrade version to pull in latest unstructured verison and bump versions of dependancies. From 5d0b9d8828cc87a8283608bbdf8da9e6e0f11bf5 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Wed, 31 Dec 2025 15:34:52 -0600 Subject: [PATCH 4/4] Additional cleanup for CI --- .github/workflows/ci.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1fd165d5..35e83ae8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -121,7 +121,23 @@ jobs: - name: Free up disk space run: | # Clear some space (https://github.com/actions/runner-images/issues/2840) - sudo rm -rf /usr/share/dotnet /opt/ghc /usr/local/share/boost + echo "Disk usage before cleanup:" + df -h + + # Remove unnecessary pre-installed software + sudo rm -rf /usr/share/dotnet + sudo rm -rf /opt/ghc + sudo rm -rf /usr/local/share/boost + sudo rm -rf /usr/local/lib/android + sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo rm -rf /usr/local/.ghcup + sudo rm -rf /usr/share/swift + + # Clean up docker to ensure we start fresh + docker system prune -af --volumes + + echo "Disk usage after cleanup:" + df -h - name: Test Dockerfile run: | python${{ env.PYTHON_VERSION }} -m venv .venv