Skip to content

Update Version and bump requirements #528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 7, 2025
Merged

Update Version and bump requirements #528

merged 5 commits into from
Nov 7, 2025

Conversation

@luke-kucing
Copy link
Contributor

@luke-kucing luke-kucing commented Nov 7, 2025

This branch updates multiple dependencies to address open CVE (Common Vulnerabilities and Exposures) security vulnerabilities and brings the project up to date with the latest unstructured package release.

Key Changes:

  • Version bump: 0.0.89 → 0.0.90
  • Major dependency updates:
    • unstructured: 0.17.2 → 0.18.18
    • torch: 2.7.1 → 2.9.0
    • transformers: 4.52.4 → 4.57.1
    • fastapi: 0.115.12 → 0.121.0
    • cryptography: 45.0.4 → 46.0.3
    • pillow: 11.3.0 → 12.0.0
    • scipy: 1.15.3 → 1.16.3
    • networkx: 3.4.2 → 3.5

Additional improvements:

  • Enhanced Makefile pip-compile workflow for better requirement management
  • Added constraints.txt for improved dependency resolution
  • Streamlined test requirements (reduced from 723 to much fewer lines)

luke-kucing and others added 2 commits November 7, 2025 14:53
@luke-kucing @claude
chore: Bump dependencies to fix open CVEs
e5d5cc7 
Updates requirements to address security vulnerabilities and bring in latest
updates from unstructured package. Major dependency updates include:
- unstructured: 0.17.2 -> 0.18.18
- torch: 2.7.1 -> 2.9.0
- transformers: 4.52.4 -> 4.57.1
- fastapi: 0.115.12 -> 0.121.0
- cryptography: 45.0.4 -> 46.0.3
- pillow: 11.3.0 -> 12.0.0
- scipy: 1.15.3 -> 1.16.3
- networkx: 3.4.2 -> 3.5

Also improves Makefile pip-compile workflow for better requirement management.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@luke-kucing
update the changelog and the __Version__
30bfb50
@socket-security
Copy link

socket-security bot commented Nov 7, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedjupyterlab@​4.4.3 ⏵ 4.4.105910010010090 +21
Updatedpsutil@​7.0.0 ⏵ 7.1.371 +1100100100100
Updatedtornado@​6.5.1 ⏵ 6.5.272 +1100100100100
Updatedipython@​9.3.0 ⏵ 9.7.073 +110010010070
Updatedtorch@​2.7.1 ⏵ 2.9.073100 +210010070
Updatedonnxruntime@​1.22.0 ⏵ 1.23.274 +110010010070
Updatedonnx@​1.18.0 ⏵ 1.19.174 +1100100100100
Updatedtransformers@​4.52.4 ⏵ 4.57.174100 +6100100100
Updateddebugpy@​1.8.14 ⏵ 1.8.1774 +110010010090
Updatednltk@​3.9.1 ⏵ 3.9.274 +1100100100100 +20
Updatedmatplotlib@​3.10.3 ⏵ 3.10.775 +110010010080
Updatedmypy@​1.16.0 ⏵ 1.18.275 +1100100100100
Updatednotebook@​7.4.3 ⏵ 7.4.77510010010070 -10
Updatedscipy@​1.15.3 ⏵ 1.16.376 +110010010070
Updatedpandas@​2.3.0 ⏵ 2.3.376 +1100100100100
Updatedunstructured@​0.17.2 ⏵ 0.18.1881100100100100
Updatedhuggingface-hub@​0.33.0 ⏵ 0.36.082 -4100100100100
Updatedtorchvision@​0.22.1 ⏵ 0.24.082 +1100100100100
Updatedfonttools@​4.58.2 ⏵ 4.60.186 +110010010090
Updatedpillow@​11.3.0 ⏵ 12.0.08610010010070
Updatedblack@​25.1.0 ⏵ 25.9.087100100100100
Updatednbdev@​2.4.2 ⏵ 2.4.688 +1100100100100
Updatedfsspec@​2025.5.1 ⏵ 2025.10.089100100100100
Updatedprompt-toolkit@​3.0.51 ⏵ 3.0.5290 +1100100100100
Updatedpytest@​8.4.0 ⏵ 8.4.290 +1100100100100
Updatedaccelerate@​1.7.0 ⏵ 1.11.091 +1100100100100
Updatedjoblib@​1.5.1 ⏵ 1.5.292 +1100100100100
Updatedhf-xet@​1.1.3 ⏵ 1.2.010010093100100
Updatedjupyterlab-widgets@​3.0.15 ⏵ 3.0.1693 +4100100100100
Updatedgoogle-auth@​2.40.3 ⏵ 2.43.094100100100100
Updatedjupyter-server@​2.16.0 ⏵ 2.17.095 +1100100100100
Updatedfastcore@​1.8.2 ⏵ 1.8.1596100100100100
See 99 more rows in the dashboard

View full report

@luke-kucing
fix: Add disk cleanup step to test_dockerfile CI job
bf04a7f 
The recent dependency updates (torch 2.7.1 → 2.9.0, transformers 4.52.4 → 4.57.1,
etc.) increased the Docker image build size, causing the test_dockerfile job to fail
with "No space left on device" errors.

This adds the same disk cleanup step that's already used in the docker-publish workflow,
freeing up ~17GB by removing dotnet, ghc, and boost which aren't needed for our builds.

Resolves the "ERROR: Could not install packages due to an OSError: [Errno 28] No space
left on device" error in CI.
@luke-kucing luke-kucing merged commit abe7b8e into main Nov 7, 2025
9 checks passed
@luke-kucing luke-kucing deleted the luke/update-cves branch November 7, 2025 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@william-u10d william-u10d william-u10d approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@luke-kucing @william-u10d