Files
flowsint/flowsint-api/pyproject.toml
dextmorgn 9fcc60ca63 fix(deps): upgrade Python dependencies to patch 27 known vulnerabilities
pip-audit reported 27 vulnerabilities across 12 packages, including
cryptography PYSEC-2026-36 (CVSS 9.8) used by the vault, a starlette
Host-header path bypass, and python-multipart arbitrary file write.

- cryptography 45.0.7 -> 46.0.7 (pin was capped at <46)
- fastapi 0.115 -> 0.136, pulling starlette 0.46 -> 1.2
- python-multipart 0.0.20 -> 0.0.32
- pyjwt, urllib3, aiohttp, lxml, idna, mako and transitive bumps
- dev tools: pytest 8 -> 9 (requires pytest-httpx >=0.36), black 25 -> 26

All four module test suites pass (458 tests). pip-audit now reports
no known vulnerabilities.
2026-06-05 08:57:19 +02:00

69 lines
1.6 KiB
TOML

[project]
name = "flowsint-api"
version = "1.2.8"
description = "API server for flowsint"
license = "Apache-2.0"
authors = [{ name = "dextmorgn", email = "contact@flowsint.io" }]
requires-python = ">=3.12,<4.0"
dependencies = [
"flowsint-core",
"flowsint-types",
"flowsint-enrichers",
"fastapi[standard]>=0.115.0,<1.0.0",
"uvicorn>=0.32.0,<0.33.0",
"redis>=5.0,<6.0",
"celery>=5.3,<6.0",
"python-dotenv>=1.0,<2.0",
"python-jose[cryptography]>=3.4,<4.0",
"requests>=2.31,<3.0",
"pydantic>=2.0,<3.0",
"neo4j>=5.0,<6.0",
"sqlalchemy>=2.0,<3.0",
"psycopg2-binary>=2.9,<3.0",
"asyncpg>=0.30,<0.31",
"alembic==1.13.0",
"passlib[bcrypt]>=1.7,<2.0",
"bcrypt>=4.0.0,<5.0.0",
"sse-starlette>=1.8,<2.0",
"networkx>=2.6.3,<3.0.0",
"email-validator>=2.2.0,<3.0.0",
"mistralai>=1.9.3,<2.0.0",
"python-multipart>=0.0.27,<0.1.0",
"openpyxl>=3.1.2,<4.0.0",
"jsonschema>=4.25.1,<5.0.0",
]
[dependency-groups]
dev = [
"black>=26.3.1,<27.0",
"isort>=6.0,<7.0",
"flake8>=7.0,<8.0",
"mypy>=1.17,<2.0",
]
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[tool.hatch.build.targets.wheel]
packages = ["app"]
[tool.uv.sources]
flowsint-core = { workspace = true }
flowsint-types = { workspace = true }
flowsint-enrichers = { workspace = true }
[tool.black]
line-length = 88
target-version = ['py311']
[tool.isort]
profile = "black"
multi_line_output = 3
[tool.mypy]
python_version = "3.11"
warn_return_any = true
warn_unused_configs = true
disallow_untyped_defs = true