pin minimum versions for vulnerable transitive deps (high: authlib, pillow, cryptography)

Author: claude

pyproject.toml

@@ -31,10 +31,14 @@ dependencies = [
     "mlflow[genai,mcp]>=2.19.0",
     "pina-mathlab>=0.2.1",
     "transformers[accelerate,sentencepiece,tiktoken]>=4.55.0",
-    "sqlparse>=0.5.3",
+    # security: explicit minimums for vulnerable transitive deps
+    "authlib>=1.6.7",
+    "pillow>=12.1.1",
+    "cryptography>=46.0.5",
+    "langgraph>=1.0.10",
+    "werkzeug>=3.1.6",
+    "sqlparse>=0.5.4",
     "diskcache>=5.6.3",
-    "pillow>=11.0.0",
-    "cryptography>=44.0.1",
     "protobuf>=5.26.1",
     "python-multipart>=0.0.18",
 ]