backend: bump 15 Python deps for ~17 MEDIUM + 1 HIGH + 6 LOW CVEs

[mdmohsin7]

Summary

15 atomic commits, one per package family, closing the Python-only MEDIUM CVEs flagged by the Artifact Registry scan on the deployed backend image (gcr.io/based-hardware/backend@sha256:348e17d6…, revision backend-00984-2nf). One bump (starlette) also closes a HIGH CVE that surfaced after #7126/#7127 merged.

Commit	Package	Was → Now	CVEs (sev)
1	cryptography	46.0.5 → 46.0.7	CVE-2026-39892 (MEDIUM, CVSS 9.8)
2	Jinja2	3.1.4 → 3.1.6	CVE-2024-56201, CVE-2024-56326, CVE-2025-27516 (3× MEDIUM, sandbox escapes)
3	aiohttp	3.13.3 → 3.13.4	CVE-2026-22815, CVE-2026-34515, CVE-2026-34516, CVE-2026-34525 (4× MEDIUM) + CVE-2026-34520 + 5× LOW
4	fonttools	4.53.1 → 4.60.2	CVE-2025-66034 (MEDIUM, CVSS 9.8)
5	Mako	1.3.5 → 1.3.11	CVE-2026-41205 (MEDIUM 7.5)
6	requests	~=2.32.5 → ~=2.33.0	CVE-2026-25645 (MEDIUM 5.5)
7	python-dotenv	1.0.1 → 1.2.2	CVE-2026-28684 (MEDIUM 6.6)
8	filelock	3.15.4 → 3.20.3	CVE-2025-68146, CVE-2026-22701 (2× MEDIUM)
9	marshmallow	3.21.3 → 3.26.2	CVE-2025-68480 (MEDIUM 5.3)
10	python-multipart	0.0.22 → 0.0.26	CVE-2026-40347 (MEDIUM 5.3)
11	streamlit (+ cachetools 5.4 → 5.5)	1.51.0 → 1.54.0	CVE-2026-33682 (MEDIUM 4.8)
12	h2 (+ hyperframe 6.0.1 → 6.1.0, hpack 4.0.0 → 4.1.0)	4.1.0 → 4.3.0	CVE-2025-57804 (MEDIUM)
13	langchain-core	0.3.81 → 0.3.84	CVE-2026-40087 (MEDIUM 5.3, patch only — does not pull 1.x major)
14	langsmith	0.4.37 → 0.7.31	CVE-2026-25528, CVE-2026-41182 (2× MEDIUM)
15	starlette (+ fastapi 0.118 → 0.121)	0.40.0 → 0.49.1	CVE-2025-62727 (HIGH 7.5) + CVE-2025-54121 (MEDIUM 5.3)

Net: 17 MEDIUM + 1 HIGH + 6 LOW CVEs closed, all atomic / independently revertible.

Cascade summary

Cascade	Reason
cachetools 5.4 → 5.5	streamlit 1.54 requires cachetools >=5.5,<7
hyperframe 6.0.1 → 6.1.0	h2 4.3 requires hyperframe >=6.1
hpack 4.0.0 → 4.1.0	h2 4.3 requires hpack >=4.1
fastapi 0.118 → 0.121	fastapi 0.118 caps starlette <0.49; 0.121 is the smallest version that allows starlette 0.49

All cascade bumps held to the minimum version that resolves the conflict.

Notes on starlette + main.py

starlette 0.40 (introduced in #7127) shipped a default 1 MB cap per multipart form part. The startup-time MultiPartParser.max_part_size = 200 MB patch in backend/main.py continues to work in starlette 0.49 — verified via import + override + FastAPI app instantiation smoke test. Per-route caps (tracked in #7130) become available now that we're past starlette 0.45.

Deferred

The langchain ecosystem majors (langgraph 0.6 → 1.x, langgraph-checkpoint 2 → 4, langchain-text-splitters 0.3 → 1.x) remain parked for a separate PR. Those bumps require API migration in backend/utils/llm/ and backend/utils/retrieval/.

Test plan

For each commit:

1. Update requirements.txt
2. Rebuild local Dockerfile.test (Python 3.11-slim, requirements.txt minus the source-built lc3py) — only the pip install layer rebuilds
3. Run a baseline-green subset of unit tests (190 tests across 11 files; same subset as backend: bump 10 Python deps for 1 CRITICAL + 16 HIGH CVEs #7126/backend: bump Python deps with major-version cascades for 7 HIGH CVEs #7127)
4. Confirm bumped package version installed correctly

All 15 commits individually green. Cascade bumps were discovered by attempting the headline bump, reading the resolver error, and pinning the smallest version that resolves it.

Verifying after deploy

• Re-scan rebuilt image; expect the listed CVEs to clear.
• Smoke /health, an auth route, and a multipart upload route (voice-message or persona thumbnail) to confirm the starlette/fastapi bump didn't regress request handling.

[mdmohsin7]

@morpheus review — Approved ✅

Single-file diff, 19 version pin changes in backend/requirements.txt. Same review checklist as #7126/#7127.

Verified:

• All 15 headline bumps stay within same major version. No major crossings.
• 4 cascade pins (cachetools, hyperframe, hpack, fastapi) each held to minimum version that resolves the constraint. Cascade logic confirmed against upstream dependency specs.
• requests pin correctly uses ~=2.33.0 (compatible release, allows 2.33.x patches).
• langsmith 0.4→0.7 is the biggest jump — pre-1.0, resolver kept langchain-core at 0.3.84 (no forced 1.x migration). Acceptable for 2 MEDIUM CVEs.
• starlette 0.40→0.49 justified by HIGH CVE-2025-62727. MultiPartParser.max_part_size patch verified working in 0.49 per commit message.
• langchain majors correctly deferred for separate API-migration PR.

15 atomic commits, one per package family, each independently revertable. Labels set (backend, python, Security). Clean.

[greptile-apps]

Greptile Summary

This PR bumps 15 Python packages in backend/requirements.txt to remediate 17 MEDIUM + 1 HIGH + 6 LOW CVEs flagged in the deployed Artifact Registry scan, with four cascade bumps driven by the new minimum requirements of the headline packages. No application code is changed. The MultiPartParser.max_part_size = 200 MB override already present in main.py (from #7127) continues to work in starlette 0.49.1 as verified by the author.

Confidence Score: 4/5

Safe to merge; all changes are version bumps with no application code modified and a tested unit-test baseline already green.

Only P2 findings: starlette could be bumped two patch levels further to 0.49.3, and fastapi-cli is stale. No logic errors, no security regressions, no breaking API changes detected across all 15 bumped packages. The large langsmith jump (0.4→0.7) only touches stable Client/traceable APIs, and the marshmallow 3.26 removal of ordered=True has no matches in the codebase.

backend/requirements.txt — starlette pin at 0.49.1 vs latest 0.49.3 patch

Important Files Changed

Filename	Overview
backend/requirements.txt	15 targeted CVE-fix version bumps plus 4 cascade bumps; starlette is pinned to 0.49.1 while 0.49.3 (Middleware type fix) is already available

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["starlette 0.40.0 → 0.49.1\nCVE-2025-62727 HIGH\nCVE-2025-54121 MEDIUM"] -->|"caps starlette <0.49\n→ must bump"| B["fastapi 0.118.0 → 0.121.0\n(cascade)"]
    C["streamlit 1.51.0 → 1.54.0\nCVE-2026-33682 MEDIUM"] -->|"requires cachetools ≥5.5"| D["cachetools 5.4 → 5.5\n(cascade)"]
    E["h2 4.1.0 → 4.3.0\nCVE-2025-57804 MEDIUM"] -->|"requires hyperframe ≥6.1"| F["hyperframe 6.0.1 → 6.1.0\n(cascade)"]
    E -->|"requires hpack ≥4.1"| G["hpack 4.0.0 → 4.1.0\n(cascade)"]
    H["cryptography 46.0.5 → 46.0.7\nCVE-2026-39892 MEDIUM"]
    I["Jinja2 3.1.4 → 3.1.6\n3× MEDIUM sandbox escapes"]
    J["aiohttp 3.13.3 → 3.13.4\n4× MEDIUM + 5× LOW"]
    K["langsmith 0.4.37 → 0.7.31\n2× MEDIUM"]
    L["marshmallow 3.21.3 → 3.26.2\nCVE-2025-68480 MEDIUM"]

Loading

_{Reviews (1): Last reviewed commit: "Bump starlette + fastapi for HIGH CVE-20..." | Re-trigger Greptile}

[greptile-apps]

Two patch releases — 0.49.2 and 0.49.3 — shipped on Nov 1, 2025, three days after 0.49.1. starlette 0.49.3 specifically relaxes the Middleware type strictness, which is directly relevant to the custom TimeoutMiddleware and BYOKMiddleware added via app.add_middleware() in main.py. While the type-relaxation is unlikely to cause a runtime crash, pinning to 0.49.3 closes the gap at no extra cost and is the latest safe 0.49.x release that fastapi 0.121.0 supports.

Suggested change

	starlette==0.49.1
	starlette==0.49.3

[greptile-apps]

fastapi-cli is pinned at 0.0.5 (released Aug 2024) while fastapi was bumped to 0.121.0 and fastapi-cli is now up to 0.0.24. The pin satisfies fastapi's >=0.0.5 requirement so it won't fail on install, but it's 9 minor releases behind and may miss bugfixes relevant to the fastapi dev / fastapi run CLI paths used in local development.

Suggested change

	fastapi-cli==0.0.5
	fastapi-cli==0.0.7