diff --git a/.github/workflows/aicertify-ci.yaml b/.github/workflows/aicertify-ci.yaml index fa18c7c..d9d0937 100644 --- a/.github/workflows/aicertify-ci.yaml +++ b/.github/workflows/aicertify-ci.yaml @@ -9,6 +9,9 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: basic-checks: runs-on: ubuntu-latest diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index d00ba0f..4f94586 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -7,6 +7,9 @@ on: branches: [ main ] workflow_dispatch: +permissions: + contents: read + jobs: pre-commit: runs-on: ubuntu-latest diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 93835ce..4edba27 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,7 +14,7 @@ repos: args: [--fix] - repo: https://github.com/psf/black - rev: 25.1.0 # Will be updated to 25.1.0 after running pre-commit autoupdate + rev: 26.3.1 # Bumped to fix GHSA-3936-cmfr-pm3m (cache filename arbitrary write) hooks: - id: black language_version: python3.12 diff --git a/aicertify/api/__init__.py b/aicertify/api/__init__.py index 70a67a9..beebb09 100644 --- a/aicertify/api/__init__.py +++ b/aicertify/api/__init__.py @@ -7,7 +7,6 @@ import logging - # Re-export public API from specialized modules from aicertify.api.core import load_contract, CustomJSONEncoder diff --git a/aicertify/api/evaluators.py b/aicertify/api/evaluators.py index 1a205b9..5fa7ba7 100644 --- a/aicertify/api/evaluators.py +++ b/aicertify/api/evaluators.py @@ -12,7 +12,6 @@ from typing import Dict, List, Any, Optional, Union from datetime import datetime - # Import models and evaluation components from aicertify.models.contract_models import AiCertifyContract, load_contract diff --git a/aicertify/api/policy.py b/aicertify/api/policy.py index 0cc847f..6df3123 100644 --- a/aicertify/api/policy.py +++ b/aicertify/api/policy.py @@ -12,7 +12,6 @@ from typing import Dict, List, Any, Optional, Union from datetime import datetime - # Import models from aicertify.models.contract_models import AiCertifyContract diff --git a/aicertify/api/reports.py b/aicertify/api/reports.py index 104e291..ea5b917 100644 --- a/aicertify/api/reports.py +++ b/aicertify/api/reports.py @@ -10,7 +10,6 @@ from typing import Dict, List, Any, Optional from datetime import datetime - # Import core utilities from aicertify.api.core import _ensure_valid_evaluation_structure diff --git a/aicertify/api/utils.py b/aicertify/api/utils.py index 479b4e2..cebcfed 100644 --- a/aicertify/api/utils.py +++ b/aicertify/api/utils.py @@ -10,7 +10,6 @@ from typing import Dict, Any, Optional from datetime import datetime - # Import core utilities from aicertify.api.core import CustomJSONEncoder diff --git a/aicertify/evaluators/api.py b/aicertify/evaluators/api.py index 93aa2e3..61e145d 100644 --- a/aicertify/evaluators/api.py +++ b/aicertify/evaluators/api.py @@ -23,7 +23,6 @@ from aicertify.models.evaluation import MetricValue from aicertify.models import Interaction, AiCertifyContract, ModelInfo - # Configure logging logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") logger = logging.getLogger(__name__) diff --git a/aicertify/models/evaluation_models.py b/aicertify/models/evaluation_models.py index c69ce08..03dc7db 100644 --- a/aicertify/models/evaluation_models.py +++ b/aicertify/models/evaluation_models.py @@ -23,7 +23,6 @@ create_compliance_input, ) - # Emit a deprecation warning when this module is imported warnings.warn( "The 'evaluation_models.py' module is deprecated and will be removed in a future release. " diff --git a/aicertify/report_generation/flexible_extraction.py b/aicertify/report_generation/flexible_extraction.py index 281e1a4..8f8f8fd 100644 --- a/aicertify/report_generation/flexible_extraction.py +++ b/aicertify/report_generation/flexible_extraction.py @@ -10,7 +10,6 @@ import os from typing import Any, Callable, Dict, List, Optional - # Import models from centralized location from aicertify.models.evaluation import MetricValue diff --git a/aicertify/report_generation/report_models.py b/aicertify/report_generation/report_models.py index c535142..d253911 100644 --- a/aicertify/report_generation/report_models.py +++ b/aicertify/report_generation/report_models.py @@ -10,7 +10,6 @@ from datetime import datetime from pydantic import BaseModel, Field - # Re-export models from the centralized location from aicertify.models.report import ( MetricGroup, diff --git a/poetry.lock b/poetry.lock index 00b30c3..13526fc 100644 --- a/poetry.lock +++ b/poetry.lock @@ -479,55 +479,55 @@ lxml = ["lxml"] [[package]] name = "black" -version = "25.12.0" +version = "26.3.1" description = "The uncompromising code formatter." optional = false python-versions = ">=3.10" groups = ["main", "dev"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "black-25.12.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:f85ba1ad15d446756b4ab5f3044731bf68b777f8f9ac9cdabd2425b97cd9c4e8"}, - {file = "black-25.12.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:546eecfe9a3a6b46f9d69d8a642585a6eaf348bcbbc4d87a19635570e02d9f4a"}, - {file = "black-25.12.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:17dcc893da8d73d8f74a596f64b7c98ef5239c2cd2b053c0f25912c4494bf9ea"}, - {file = "black-25.12.0-cp310-cp310-win_amd64.whl", hash = "sha256:09524b0e6af8ba7a3ffabdfc7a9922fb9adef60fed008c7cd2fc01f3048e6e6f"}, - {file = "black-25.12.0-cp310-cp310-win_arm64.whl", hash = "sha256:b162653ed89eb942758efeb29d5e333ca5bb90e5130216f8369857db5955a7da"}, - {file = "black-25.12.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d0cfa263e85caea2cff57d8f917f9f51adae8e20b610e2b23de35b5b11ce691a"}, - {file = "black-25.12.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1a2f578ae20c19c50a382286ba78bfbeafdf788579b053d8e4980afb079ab9be"}, - {file = "black-25.12.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d3e1b65634b0e471d07ff86ec338819e2ef860689859ef4501ab7ac290431f9b"}, - {file = "black-25.12.0-cp311-cp311-win_amd64.whl", hash = "sha256:a3fa71e3b8dd9f7c6ac4d818345237dfb4175ed3bf37cd5a581dbc4c034f1ec5"}, - {file = "black-25.12.0-cp311-cp311-win_arm64.whl", hash = "sha256:51e267458f7e650afed8445dc7edb3187143003d52a1b710c7321aef22aa9655"}, - {file = "black-25.12.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:31f96b7c98c1ddaeb07dc0f56c652e25bdedaac76d5b68a059d998b57c55594a"}, - {file = "black-25.12.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:05dd459a19e218078a1f98178c13f861fe6a9a5f88fc969ca4d9b49eb1809783"}, - {file = "black-25.12.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c1f68c5eff61f226934be6b5b80296cf6939e5d2f0c2f7d543ea08b204bfaf59"}, - {file = "black-25.12.0-cp312-cp312-win_amd64.whl", hash = "sha256:274f940c147ddab4442d316b27f9e332ca586d39c85ecf59ebdea82cc9ee8892"}, - {file = "black-25.12.0-cp312-cp312-win_arm64.whl", hash = "sha256:169506ba91ef21e2e0591563deda7f00030cb466e747c4b09cb0a9dae5db2f43"}, - {file = "black-25.12.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:a05ddeb656534c3e27a05a29196c962877c83fa5503db89e68857d1161ad08a5"}, - {file = "black-25.12.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9ec77439ef3e34896995503865a85732c94396edcc739f302c5673a2315e1e7f"}, - {file = "black-25.12.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e509c858adf63aa61d908061b52e580c40eae0dfa72415fa47ac01b12e29baf"}, - {file = "black-25.12.0-cp313-cp313-win_amd64.whl", hash = "sha256:252678f07f5bac4ff0d0e9b261fbb029fa530cfa206d0a636a34ab445ef8ca9d"}, - {file = "black-25.12.0-cp313-cp313-win_arm64.whl", hash = "sha256:bc5b1c09fe3c931ddd20ee548511c64ebf964ada7e6f0763d443947fd1c603ce"}, - {file = "black-25.12.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:0a0953b134f9335c2434864a643c842c44fba562155c738a2a37a4d61f00cad5"}, - {file = "black-25.12.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:2355bbb6c3b76062870942d8cc450d4f8ac71f9c93c40122762c8784df49543f"}, - {file = "black-25.12.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9678bd991cc793e81d19aeeae57966ee02909877cb65838ccffef24c3ebac08f"}, - {file = "black-25.12.0-cp314-cp314-win_amd64.whl", hash = "sha256:97596189949a8aad13ad12fcbb4ae89330039b96ad6742e6f6b45e75ad5cfd83"}, - {file = "black-25.12.0-cp314-cp314-win_arm64.whl", hash = "sha256:778285d9ea197f34704e3791ea9404cd6d07595745907dd2ce3da7a13627b29b"}, - {file = "black-25.12.0-py3-none-any.whl", hash = "sha256:48ceb36c16dbc84062740049eef990bb2ce07598272e673c17d1a7720c71c828"}, - {file = "black-25.12.0.tar.gz", hash = "sha256:8d3dd9cea14bff7ddc0eb243c811cdb1a011ebb4800a5f0335a01a68654796a7"}, + {file = "black-26.3.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:86a8b5035fce64f5dcd1b794cf8ec4d31fe458cf6ce3986a30deb434df82a1d2"}, + {file = "black-26.3.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:5602bdb96d52d2d0672f24f6ffe5218795736dd34807fd0fd55ccd6bf206168b"}, + {file = "black-26.3.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:6c54a4a82e291a1fee5137371ab488866b7c86a3305af4026bdd4dc78642e1ac"}, + {file = "black-26.3.1-cp310-cp310-win_amd64.whl", hash = "sha256:6e131579c243c98f35bce64a7e08e87fb2d610544754675d4a0e73a070a5aa3a"}, + {file = "black-26.3.1-cp310-cp310-win_arm64.whl", hash = "sha256:5ed0ca58586c8d9a487352a96b15272b7fa55d139fc8496b519e78023a8dab0a"}, + {file = "black-26.3.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:28ef38aee69e4b12fda8dba75e21f9b4f979b490c8ac0baa7cb505369ac9e1ff"}, + {file = "black-26.3.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:bf9bf162ed91a26f1adba8efda0b573bc6924ec1408a52cc6f82cb73ec2b142c"}, + {file = "black-26.3.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:474c27574d6d7037c1bc875a81d9be0a9a4f9ee95e62800dab3cfaadbf75acd5"}, + {file = "black-26.3.1-cp311-cp311-win_amd64.whl", hash = "sha256:5e9d0d86df21f2e1677cc4bd090cd0e446278bcbbe49bf3659c308c3e402843e"}, + {file = "black-26.3.1-cp311-cp311-win_arm64.whl", hash = "sha256:9a5e9f45e5d5e1c5b5c29b3bd4265dcc90e8b92cf4534520896ed77f791f4da5"}, + {file = "black-26.3.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b5e6f89631eb88a7302d416594a32faeee9fb8fb848290da9d0a5f2903519fc1"}, + {file = "black-26.3.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:41cd2012d35b47d589cb8a16faf8a32ef7a336f56356babd9fcf70939ad1897f"}, + {file = "black-26.3.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0f76ff19ec5297dd8e66eb64deda23631e642c9393ab592826fd4bdc97a4bce7"}, + {file = "black-26.3.1-cp312-cp312-win_amd64.whl", hash = "sha256:ddb113db38838eb9f043623ba274cfaf7d51d5b0c22ecb30afe58b1bb8322983"}, + {file = "black-26.3.1-cp312-cp312-win_arm64.whl", hash = "sha256:dfdd51fc3e64ea4f35873d1b3fb25326773d55d2329ff8449139ebaad7357efb"}, + {file = "black-26.3.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:855822d90f884905362f602880ed8b5df1b7e3ee7d0db2502d4388a954cc8c54"}, + {file = "black-26.3.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:8a33d657f3276328ce00e4d37fe70361e1ec7614da5d7b6e78de5426cb56332f"}, + {file = "black-26.3.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f1cd08e99d2f9317292a311dfe578fd2a24b15dbce97792f9c4d752275c1fa56"}, + {file = "black-26.3.1-cp313-cp313-win_amd64.whl", hash = "sha256:c7e72339f841b5a237ff14f7d3880ddd0fc7f98a1199e8c4327f9a4f478c1839"}, + {file = "black-26.3.1-cp313-cp313-win_arm64.whl", hash = "sha256:afc622538b430aa4c8c853f7f63bc582b3b8030fd8c80b70fb5fa5b834e575c2"}, + {file = "black-26.3.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:2d6bfaf7fd0993b420bed691f20f9492d53ce9a2bcccea4b797d34e947318a78"}, + {file = "black-26.3.1-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:f89f2ab047c76a9c03f78d0d66ca519e389519902fa27e7a91117ef7611c0568"}, + {file = "black-26.3.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b07fc0dab849d24a80a29cfab8d8a19187d1c4685d8a5e6385a5ce323c1f015f"}, + {file = "black-26.3.1-cp314-cp314-win_amd64.whl", hash = "sha256:0126ae5b7c09957da2bdbd91a9ba1207453feada9e9fe51992848658c6c8e01c"}, + {file = "black-26.3.1-cp314-cp314-win_arm64.whl", hash = "sha256:92c0ec1f2cc149551a2b7b47efc32c866406b6891b0ee4625e95967c8f4acfb1"}, + {file = "black-26.3.1-py3-none-any.whl", hash = "sha256:2bd5aa94fc267d38bb21a70d7410a89f1a1d318841855f698746f8e7f51acd1b"}, + {file = "black-26.3.1.tar.gz", hash = "sha256:2c50f5063a9641c7eed7795014ba37b0f5fa227f3d408b968936e24bc0566b07"}, ] [package.dependencies] click = ">=8.0.0" mypy-extensions = ">=0.4.3" packaging = ">=22.0" -pathspec = ">=0.9.0" +pathspec = ">=1.0.0" platformdirs = ">=2" -pytokens = ">=0.3.0" +pytokens = ">=0.4.0,<0.5.0" [package.extras] colorama = ["colorama (>=0.4.3)"] d = ["aiohttp (>=3.10)"] jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"] -uvloop = ["uvloop (>=0.15.2)"] +uvloop = ["uvloop (>=0.15.2)", "winloop (>=0.5.0)"] [[package]] name = "brotli" @@ -935,15 +935,15 @@ files = [ [[package]] name = "click" -version = "8.3.3" +version = "8.1.8" description = "Composable command line interface toolkit" optional = false -python-versions = ">=3.10" +python-versions = ">=3.7" groups = ["main", "dev"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "click-8.3.3-py3-none-any.whl", hash = "sha256:a2bf429bb3033c89fa4936ffb35d5cb471e3719e1f3c8a7c3fff0b8314305613"}, - {file = "click-8.3.3.tar.gz", hash = "sha256:398329ad4837b2ff7cbe1dd166a4c0f8900c3ca3a218de04466f38f6497f18a2"}, + {file = "click-8.1.8-py3-none-any.whl", hash = "sha256:63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2"}, + {file = "click-8.1.8.tar.gz", hash = "sha256:ed53c9d8990d83c2a27deae68e4ee337473f6330c040a31d4225c9574d16096a"}, ] [package.dependencies] @@ -1230,20 +1230,21 @@ vision = ["Pillow (>=9.4.0)"] [[package]] name = "deepeval" -version = "2.9.3" +version = "2.9.7" description = "The LLM Evaluation Framework" optional = false python-versions = "<4.0,>=3.9" groups = ["main"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "deepeval-2.9.3-py3-none-any.whl", hash = "sha256:69a1696fc19875c29a916b69bebe719f43b423e7a98b71b3506c98138826e28b"}, - {file = "deepeval-2.9.3.tar.gz", hash = "sha256:d8c50f94ba253748ba1980666797939d933b13de8334e6f3d1eeb8686af2047e"}, + {file = "deepeval-2.9.7-py3-none-any.whl", hash = "sha256:1e998c75bb555d6ee5684c02303861ca1c93931feacc93437022e5309217430c"}, + {file = "deepeval-2.9.7.tar.gz", hash = "sha256:d20982e5ba809365234538af8e81fb70b1cb50fd4c84bfa0ceddb2ada781f057"}, ] [package.dependencies] aiohttp = "*" anthropic = ">=0.49.0,<0.50.0" +click = ">=8.0.0,<8.2.0" google-genai = ">=1.9.0,<2.0.0" grpcio = ">=1.67.1,<2.0.0" nest_asyncio = "*" @@ -1266,7 +1267,7 @@ setuptools = "*" tabulate = ">=0.9.0,<0.10.0" tenacity = "<=9.0.0" tqdm = ">=4.66.1,<5.0.0" -typer = "*" +typer = ">=0.9,<1.0.0" wheel = "*" [[package]] @@ -1420,25 +1421,28 @@ testing = ["hatch", "pre-commit", "pytest", "tox"] [[package]] name = "fastapi" -version = "0.115.14" +version = "0.136.1" description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production" optional = false -python-versions = ">=3.8" +python-versions = ">=3.10" groups = ["main"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "fastapi-0.115.14-py3-none-any.whl", hash = "sha256:6c0c8bf9420bd58f565e585036d971872472b4f7d3f6c73b698e10cffdefb3ca"}, - {file = "fastapi-0.115.14.tar.gz", hash = "sha256:b1de15cdc1c499a4da47914db35d0e4ef8f1ce62b624e94e0e5824421df99739"}, + {file = "fastapi-0.136.1-py3-none-any.whl", hash = "sha256:a6e9d7eeada96c93a4d69cb03836b44fa34e2854accb7244a1ece36cd4781c3f"}, + {file = "fastapi-0.136.1.tar.gz", hash = "sha256:7af665ad7acfa0a3baf8983d393b6b471b9da10ede59c60045f49fbc89a0fa7f"}, ] [package.dependencies] -pydantic = ">=1.7.4,<1.8 || >1.8,<1.8.1 || >1.8.1,<2.0.0 || >2.0.0,<2.0.1 || >2.0.1,<2.1.0 || >2.1.0,<3.0.0" -starlette = ">=0.40.0,<0.47.0" +annotated-doc = ">=0.0.2" +pydantic = ">=2.9.0" +starlette = ">=0.46.0" typing-extensions = ">=4.8.0" +typing-inspection = ">=0.4.2" [package.extras] -all = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.5)", "httpx (>=0.23.0)", "itsdangerous (>=1.1.0)", "jinja2 (>=3.1.5)", "orjson (>=3.2.1)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "pyyaml (>=5.3.1)", "ujson (>=4.0.1,!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0)", "uvicorn[standard] (>=0.12.0)"] -standard = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.5)", "httpx (>=0.23.0)", "jinja2 (>=3.1.5)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"] +all = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "httpx (>=0.23.0,<1.0.0)", "itsdangerous (>=1.1.0)", "jinja2 (>=3.1.5)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "pyyaml (>=5.3.1)", "uvicorn[standard] (>=0.12.0)"] +standard = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "fastar (>=0.9.0)", "httpx (>=0.23.0,<1.0.0)", "jinja2 (>=3.1.5)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"] +standard-no-fastapi-cloud-cli = ["email-validator (>=2.0.0)", "fastapi-cli[standard-no-fastapi-cloud-cli] (>=0.0.8)", "httpx (>=0.23.0,<1.0.0)", "jinja2 (>=3.1.5)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"] [[package]] name = "fastavro" @@ -4844,21 +4848,21 @@ image = ["Pillow (>=8.0.0)"] [[package]] name = "pytest" -version = "8.4.2" +version = "9.0.3" description = "pytest: simple powerful testing with Python" optional = false -python-versions = ">=3.9" +python-versions = ">=3.10" groups = ["main", "dev"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79"}, - {file = "pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01"}, + {file = "pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9"}, + {file = "pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c"}, ] [package.dependencies] colorama = {version = ">=0.4", markers = "sys_platform == \"win32\""} -iniconfig = ">=1" -packaging = ">=20" +iniconfig = ">=1.0.1" +packaging = ">=22" pluggy = ">=1.5,<2" pygments = ">=2.7.2" @@ -4867,19 +4871,20 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "requests [[package]] name = "pytest-asyncio" -version = "0.25.3" +version = "1.3.0" description = "Pytest support for asyncio" optional = false -python-versions = ">=3.9" +python-versions = ">=3.10" groups = ["main", "dev"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "pytest_asyncio-0.25.3-py3-none-any.whl", hash = "sha256:9e89518e0f9bd08928f97a3482fdc4e244df17529460bc038291ccaf8f85c7c3"}, - {file = "pytest_asyncio-0.25.3.tar.gz", hash = "sha256:fc1da2cf9f125ada7e710b4ddad05518d4cee187ae9412e9ac9271003497f07a"}, + {file = "pytest_asyncio-1.3.0-py3-none-any.whl", hash = "sha256:611e26147c7f77640e6d0a92a38ed17c3e9848063698d5c93d5aa7aa11cebff5"}, + {file = "pytest_asyncio-1.3.0.tar.gz", hash = "sha256:d7f52f36d231b80ee124cd216ffb19369aa168fc10095013c6b014a34d3ee9e5"}, ] [package.dependencies] -pytest = ">=8.2,<9" +pytest = ">=8.2,<10" +typing-extensions = {version = ">=4.12", markers = "python_version < \"3.13\""} [package.extras] docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1)"] @@ -5992,19 +5997,20 @@ sqlcipher = ["sqlcipher3_binary"] [[package]] name = "starlette" -version = "0.46.2" +version = "1.0.0" description = "The little ASGI library that shines." optional = false -python-versions = ">=3.9" +python-versions = ">=3.10" groups = ["main"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "starlette-0.46.2-py3-none-any.whl", hash = "sha256:595633ce89f8ffa71a015caed34a5b2dc1c0cdb3f0f1fbd1e69339cf2abeec35"}, - {file = "starlette-0.46.2.tar.gz", hash = "sha256:7f7361f34eed179294600af672f565727419830b54b7b084efe44bb82d2fccd5"}, + {file = "starlette-1.0.0-py3-none-any.whl", hash = "sha256:d3ec55e0bb321692d275455ddfd3df75fff145d009685eb40dc91fc66b03d38b"}, + {file = "starlette-1.0.0.tar.gz", hash = "sha256:6a4beaf1f81bb472fd19ea9b918b50dc3a77a6f2e190a12954b25e6ed5eea149"}, ] [package.dependencies] anyio = ">=3.6.2,<5" +typing-extensions = {version = ">=4.10.0", markers = "python_version < \"3.13\""} [package.extras] full = ["httpx (>=0.27.0,<0.29.0)", "itsdangerous", "jinja2", "python-multipart (>=0.0.18)", "pyyaml"] @@ -6383,21 +6389,21 @@ tutorials = ["matplotlib", "pandas", "tabulate"] [[package]] name = "typer" -version = "0.25.1" +version = "0.23.1" description = "Typer, build great CLIs. Easy to code. Based on Python type hints." optional = false -python-versions = ">=3.10" +python-versions = ">=3.9" groups = ["main"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ - {file = "typer-0.25.1-py3-none-any.whl", hash = "sha256:75caa44ed46a03fb2dab8808753ffacdbfea88495e74c85a28c5eefcf5f39c89"}, - {file = "typer-0.25.1.tar.gz", hash = "sha256:9616eb8853a09ffeabab1698952f33c6f29ffdbceb4eaeecf571880e8d7664cc"}, + {file = "typer-0.23.1-py3-none-any.whl", hash = "sha256:3291ad0d3c701cbf522012faccfbb29352ff16ad262db2139e6b01f15781f14e"}, + {file = "typer-0.23.1.tar.gz", hash = "sha256:2070374e4d31c83e7b61362fd859aa683576432fd5b026b060ad6b4cd3b86134"}, ] [package.dependencies] annotated-doc = ">=0.0.2" -click = ">=8.2.1" -rich = ">=13.8.0" +click = ">=8.0.0" +rich = ">=10.11.0" shellingham = ">=1.3.0" [[package]] @@ -6422,7 +6428,7 @@ version = "4.15.0" description = "Backported and Experimental Type Hints for Python 3.9+" optional = false python-versions = ">=3.9" -groups = ["main"] +groups = ["main", "dev"] markers = "sys_platform == \"win32\" or sys_platform == \"emscripten\" or sys_platform != \"win32\" and sys_platform != \"emscripten\"" files = [ {file = "typing_extensions-4.15.0-py3-none-any.whl", hash = "sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548"}, @@ -7381,4 +7387,4 @@ cffi = ["cffi (>=1.17,<2.0)", "cffi (>=2.0.0b)"] [metadata] lock-version = "2.1" python-versions = ">=3.12,<3.13" -content-hash = "9b62f360f569591c741b51021d38035130a74f39f2b70aa5609320d31620e04e" +content-hash = "989f8bdc56a823a2f3f58b2544e16fa603ad786cf696ea5b572e67795b197c7a" diff --git a/pyproject.toml b/pyproject.toml index 3d2cf04..59107f0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -45,25 +45,25 @@ classifiers = [ ] dependencies = [ "langfair @ git+https://github.com/mantric/langfair-mantric.git@python-3.12-support", - "fastapi>=0.115.8,<0.116.0", + "fastapi>=0.119.0,<1.0", "uvicorn>=0.34.0,<0.35.0", "opa-python-client>=0.1.0", "requests>=2.33.0,<3.0.0", "python-dotenv>=1.2.2", "pandas>=2.2.0", - "langchain-openai>=0.0.5", + "langchain-openai>=0.3.0,<0.4", "pydantic-ai (>=0.0.24,<0.0.25)", "markdown (>=3.8.1,<4.0)", "reportlab (>=4.3.1,<5.0.0)", "yfinance (>=0.2.54,<0.3.0)", - "pytest (>=8.3.4,<9.0.0)", + "pytest (>=9.0.3,<10.0.0)", "datasets (>=3.3.2,<4.0.0)", "huggingface-hub (>=0.34.0,<1.0)", "deepeval (>=2.4.8,<3.0.0)", "colorlog (>=6.9.0,<7.0.0)", "pydantic (>=2.10.6,<3.0.0)", "rich (>=13.9.4,<14.0.0)", - "black (>=25.1.0,<26.0.0)", + "black (>=26.3.1,<27.0.0)", "h11>=0.14.0", "torch>=2.7.0", "transformers>=4.53.0", @@ -79,16 +79,20 @@ dependencies = [ "pillow>=12.2.0", # 4 advisories (PSD OOB write, FITS GZIP bomb, font overflow) "pypdf>=6.10.2", # 14 advisories (multiple RAM-exhaust, infinite-loop fixes) "nltk>=3.9.4", # 1 critical zip slip + 4 high (downloader path traversal, AFO, XSS) - "langchain-core>=0.3.85,<0.4", # 1 critical serialization injection + 4 high; stay on 0.3.x stable + # LangChain ecosystem stays on 0.3.x because langfair-mantric pins langchain ^0.3.7. + # The 1.x advisories (langchain-core <1.2.22, langchain-text-splitters <1.1.2, + # langchain-openai <1.1.14) are upstream-blocked until langfair is updated to + # allow LangChain 1.x. Tracked separately. + "langchain-core>=0.3.85,<0.4", # 1 critical serialization + 1 high (overly-broad load allowlists) "langchain>=0.3.30,<0.4", # 1 high (unsafe deserialization); match langchain-core line - "langchain-text-splitters>=0.3.9,<0.4", # 1 high XXE + SSRF in HTMLHeaderTextSplitter + "langchain-text-splitters>=0.3.9,<0.4", # XXE fix on the 0.3.x line "langchain-community>=0.3.27,<0.4", # 1 high XXE "langsmith>=0.7.31", # 1 high deserialization + token-redaction bypass "pyasn1>=0.6.3", # 2 high DoS (unbounded recursion) "protobuf>=5.29.6,<6", # 1 high JSON recursion depth bypass; pin to 5.x to avoid major bump "banks>=2.4.2", # 1 critical RCE via Jinja2 SSTI - # starlette upgrade deferred — fastapi 0.115.x caps starlette<0.47; - # the range-header DoS (GHSA-7f5h-v6xp-fcq8) requires bumping fastapi too. + "starlette>=0.49.1", # 1 high O(n^2) range-header DoS + 1 medium multipart DoS + "langchain-openai>=0.3.0,<0.4", # 1 low SSRF (image token counting DNS rebinding bypass) "sentencepiece>=0.2.1", # 1 high heap overflow "orjson>=3.11.6", # 1 high unbounded recursion "brotli>=1.2.0", # 1 high DoS @@ -117,10 +121,10 @@ build-backend = "poetry.core.masonry.api" packages = [{ include = "aicertify" }] [tool.poetry.group.dev.dependencies] -pytest-asyncio = "^0.25.3" +pytest-asyncio = ">=1.0.0,<2.0.0" ruff = "^0.5.5" pre-commit = "^4.2.0" -black = ">=25.1.0,<26.0.0" +black = ">=26.3.1,<27.0.0" [tool.ruff] line-length = 88