diff --git a/apps/backend/requirements-dev.txt b/apps/backend/requirements-dev.txt index 0a21b2d3..8db7f4ff 100644 --- a/apps/backend/requirements-dev.txt +++ b/apps/backend/requirements-dev.txt @@ -7,9 +7,9 @@ pytest-asyncio==1.3.0 pytest-cov==7.1.0 # API Contract Testing (Phase 1.6 Task 2) -schemathesis==4.10.2 -openapi-core==0.22.0 -openapi-spec-validator==0.7.2 +schemathesis==4.22.4 +openapi-core==0.23.1 +openapi-spec-validator==0.9.0 # Code Quality mypy==1.20.2 @@ -23,6 +23,6 @@ bandit==1.9.4 # Test Utilities pytest-mock==3.15.1 pytest-timeout==2.4.0 -faker==40.4.0 # Latest stable version for Python 3.11+ +faker==40.31.0 # Latest stable version for Python 3.11+ factory-boy==3.3.3 httpx==0.28.1 # For async test client (already in requirements.txt) diff --git a/apps/backend/requirements.txt b/apps/backend/requirements.txt index ef8dea97..84f8ac9b 100644 --- a/apps/backend/requirements.txt +++ b/apps/backend/requirements.txt @@ -1,5 +1,5 @@ aiofiles==25.1.0 -aiohappyeyeballs==2.6.1 +aiohappyeyeballs==2.7.1 aiohttp==3.14.0 aiosignal==1.4.0 aiosmtplib==5.1.0 @@ -7,65 +7,65 @@ aiosqlite==0.22.1 alembic==1.18.4 amqp==5.3.1 annotated-types==0.7.0 -anyio==4.12.1 +anyio==4.14.2 argon2-cffi-bindings==25.1.0 argon2-cffi==25.1.0 arrow==1.4.0 asyncpg==0.31.0 attrs==25.4.0 -Authlib==1.6.12 +Authlib==1.7.2 backoff==2.2.1 billiard==4.2.4 black==26.5.1 -bleach==6.3.0 +bleach==6.4.0 boolean.py==5.0 -boto3==1.42.91 -botocore==1.42.91 +boto3==1.43.49 +botocore==1.43.49 CacheControl==0.14.4 celery==5.6.3 -certifi==2026.1.4 -cffi==2.0.0 +certifi==2026.6.17 +cffi==2.1.0 charset-normalizer==3.4.7 click-didyoumean==0.3.1 click-plugins==1.1.1.2 click-repl==0.3.0 -click==8.3.3 +click==8.4.2 colorama==0.4.6 -coverage==7.13.5 +coverage==7.15.2 cryptography==46.0.7 -cyclonedx-python-lib==11.6.0 +cyclonedx-python-lib==11.11.0 defusedxml==0.7.1 distro==1.9.0 dnspython==2.8.0 -docker==7.1.0 +docker==7.2.0 dogpile.cache==1.5.0 # ecdsa removed - was vulnerable dependency of python-jose (HIGH severity timing attack vulnerability) email-validator==2.3.0 -Faker==40.4.0 -fastapi==0.128.1 -filelock==3.21.2 +Faker==40.31.0 +fastapi==0.139.0 +filelock==3.30.0 fqdn==1.5.1 frozenlist==1.8.0 graphql-core==3.2.8 -greenlet==3.3.2 +greenlet==3.5.3 h11==0.16.0 -harfile==0.4.0 +harfile==0.5.0 httpcore==1.0.9 -httptools==0.7.1 +httptools==0.8.0 httpx==0.28.1 -hypothesis-graphql==0.12.0 +hypothesis-graphql==0.13.1 hypothesis-jsonschema==0.23.1 -hypothesis==6.151.10 -idna==3.15 +hypothesis==6.156.6 +idna==3.18 iniconfig==2.3.0 isodate==0.7.2 isoduration==20.11.0 itsdangerous==2.2.0 Jinja2==3.1.6 -jiter==0.13.0 +jiter==0.16.0 jmespath==1.1.0 -jsonpointer==3.0.0 -jsonschema-path==0.3.4 +jsonpointer==3.1.1 +jsonschema-path==0.5.0 jsonschema-specifications==2025.9.1 jsonschema==4.26.0 junit-xml==1.9 @@ -73,41 +73,41 @@ kombu==5.6.2 lazy-object-proxy==1.12.0 license-expression==30.4.4 Mako==1.3.12 -markdown-it-py==4.0.0 +markdown-it-py==4.2.0 MarkupSafe==3.0.3 mdurl==0.1.2 more-itertools==10.8.0 -msgpack==1.1.2 +msgpack==1.2.1 multidict==6.7.1 mypy_extensions==1.1.0 mypy==1.20.2 -openai==2.21.0 -openapi-core==0.22.0 -openapi-schema-validator==0.6.3 -openapi-spec-validator==0.7.2 +openai==2.45.0 +openapi-core==0.23.1 +openapi-schema-validator==0.9.0 +openapi-spec-validator==0.9.0 packageurl-python==0.17.6 -packaging==26.0 -parse==1.21.1 +packaging==26.2 +parse==1.22.1 passlib[bcrypt]==1.7.4 -pathable==0.4.4 -pathspec==1.0.4 -pillow==12.2.0 +pathable==0.6.0 +pathspec==1.1.1 +pillow==12.3.0 pip_audit==2.10.0 pip-api==0.0.34 pip-requirements-parser==32.0.1 -platformdirs==4.8.0 +platformdirs==4.10.0 pluggy==1.6.0 -prometheus_client==0.24.1 +prometheus_client==0.25.0 prompt_toolkit==3.0.52 -propcache==0.4.1 +propcache==0.5.2 psutil==7.2.2 psycopg2-binary==2.9.12 py-serializable==2.1.0 pyasn1==0.6.3 pycparser==3.0 -pydantic_core==2.41.5 -pydantic-settings==2.12.0 -pydantic==2.12.5 +pydantic_core==2.47.0 +pydantic-settings==2.14.2 +pydantic==2.13.4 Pygments==2.20.0 PyJWT==2.13.0 pyparsing==3.3.2 @@ -124,47 +124,47 @@ python-dotenv==1.2.2 python-multipart==0.0.30 pytokens==0.4.1 PyYAML==6.0.3 -redis==7.1.1 +redis==7.4.1 referencing>=0.35.1,<0.38.0 -requests==2.33.1 +requests==2.34.2 rfc3339-validator==0.1.4 rfc3987==1.3.8 rich==14.3.4 rpds-py==0.30.0 rsa==4.9.1 ruff==0.15.17 -s3transfer==0.16.0 +s3transfer==0.19.1 schedule==1.2.2 -schemathesis==4.10.2 -sentry-sdk==2.52.0 +schemathesis==4.22.4 +sentry-sdk==2.65.0 setuptools==82.0.1 six==1.17.0 sniffio==1.3.1 sortedcontainers==2.4.0 SQLAlchemy==2.0.49 -sse-starlette==3.2.0 +sse-starlette==3.4.5 starlette-testclient==0.4.1 starlette>=0.40.0,<0.51.0 # FastAPI 0.128.0 requires <0.51.0 (DO NOT UPDATE - Renovate #203 breaks CI) toml==0.10.2 tomli==2.4.1 -tqdm==4.67.3 +tqdm==4.68.4 types-aiofiles==25.1.0.20260508 -types-bleach==6.3.0.20260508 +types-bleach==6.4.0.20260607 types-psutil==7.2.2.20260508 types-python-dateutil==2.9.0.20260508 -types-requests==2.32.4.20260107 -typing_extensions==4.15.0 +types-requests==2.33.0.20260712 +typing_extensions==4.16.0 tzdata==2025.3 uri-template==1.3.0 urllib3==2.7.0 -uvicorn==0.40.0 +uvicorn==0.51.0 vine==5.1.0 -watchfiles==1.1.1 -wcwidth==0.6.0 +watchfiles==1.2.0 +wcwidth==0.8.2 webcolors==25.10.0 webencodings==0.5.1 -websockets==16.0 +websockets==16.1 Werkzeug==3.1.6 # Updated: fix CVE-2025-22215 safe_join() Windows device names -wheel==0.46.3 -yarl==1.22.0 +wheel==0.47.0 +yarl==1.24.2 pytest-benchmark