From 8b494275c260611f457fd7e38919f21a56589a5b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 05:51:50 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
- https://snyk.io/vuln/SNYK-PYTHON-PYPDF-15117508
- https://snyk.io/vuln/SNYK-PYTHON-PYTHONMULTIPART-15117506
---
 requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9ebdd1a494..009b47d52c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -99,7 +99,7 @@ pyrsistent==0.19.3
 pytest==7.3.2
 python-dateutil==2.8.2
 python-dotenv==1.0.0
-python-multipart==0.0.6
+python-multipart==0.0.22
 pytz==2023.3
 PyYAML==6.0
 qdrant-client==1.3.1
@@ -148,7 +148,7 @@ pre-commit==3.3.3
 pytest-cov==4.1.0
 pytest-mock==3.11.1
 transformers==4.30.2
-pypdf==3.11.0
+pypdf==6.6.2
 python-pptx==0.6.21
 Pillow==9.5.0
 EbookLib==0.18
@@ -158,4 +158,5 @@ google-generativeai==0.1.0
 unstructured==0.8.1
 ai21==1.2.6
 typing-extensions==4.5.0
-llama_cpp_python==0.2.7
\ No newline at end of file
+llama_cpp_python==0.2.7
+protobuf>=6.33.5 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file