diff --git a/CHANGELOG.md b/CHANGELOG.md index ed763c8ba6..64a7157619 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## 0.18.16-dev0 +## 0.18.16 ### Enhancement - Speed up function _assign_hash_ids by 34% (codeflash) @@ -6,6 +6,10 @@ ### Features ### Fixes +- Bumped dependencies via pip-compile to address the following CVEs: + - **authlib**: GHSA-pq5p-34cr-23v9 + - **python-3.12/python03**.12-base: CVE-2025-8291, GHSA-49g5-f6qw-8mm7 + - **libcrypto3/libssl3**: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, GHSA-76r2-c3cg-f5r9, GHSA-9mrx-mqmg-gwj9 ## 0.18.15 @@ -17,7 +21,7 @@ ### Fixes -- Bumped dddependencies via pip-compile to address the crit CVE in: +- Bumped dependencies via pip-compile to address the crit CVE in: - deepdiff: 8.6.0 -> 8.6.1: GHSA-mw26-5g2v-hqw3 ## 0.18.14 diff --git a/requirements/base.txt b/requirements/base.txt index 0b0cbc992c..cd904abb86 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -4,13 +4,13 @@ # # pip-compile ./base.in # -anyio==4.10.0 +anyio==4.11.0 # via httpx backoff==2.2.1 # via -r ./base.in -beautifulsoup4==4.13.5 +beautifulsoup4==4.14.2 # via -r ./base.in -certifi==2025.8.3 +certifi==2025.10.5 # via # httpcore # httpx @@ -18,16 +18,16 @@ certifi==2025.8.3 # unstructured-client cffi==2.0.0 # via cryptography -charset-normalizer==3.4.3 +charset-normalizer==3.4.4 # via # -r ./base.in # requests # unstructured-client -click==8.2.1 +click==8.3.0 # via # nltk # python-oxmsg -cryptography==45.0.7 +cryptography==46.0.2 # via unstructured-client dataclasses-json==0.6.7 # via @@ -35,7 +35,7 @@ dataclasses-json==0.6.7 # unstructured-client deepdiff==8.6.1 # via unstructured-client -emoji==2.14.1 +emoji==2.15.0 # via -r ./base.in exceptiongroup==1.3.0 # via anyio @@ -49,7 +49,7 @@ httpcore==1.0.9 # via httpx httpx==0.28.1 # via unstructured-client -idna==3.10 +idna==3.11 # via # anyio # httpx @@ -61,7 +61,7 @@ jsonpath-python==1.0.6 # via unstructured-client langdetect==1.0.9 # via -r ./base.in -lxml==6.0.1 +lxml==6.0.2 # via -r ./base.in marshmallow==3.26.1 # via @@ -73,7 +73,7 @@ mypy-extensions==1.1.0 # unstructured-client nest-asyncio==1.6.0 # via unstructured-client -nltk==3.9.1 +nltk==3.9.2 # via -r ./base.in numpy==2.2.6 # via -r ./base.in @@ -85,11 +85,11 @@ packaging==25.0 # via # marshmallow # unstructured-client -psutil==7.0.0 +psutil==7.1.0 # via -r ./base.in pycparser==2.23 # via cffi -pypdf==6.0.0 +pypdf==6.1.1 # via unstructured-client python-dateutil==2.9.0.post0 # via unstructured-client @@ -101,7 +101,7 @@ python-oxmsg==0.0.2 # via -r ./base.in rapidfuzz==3.14.1 # via -r ./base.in -regex==2025.9.1 +regex==2025.9.18 # via nltk requests==2.32.5 # via @@ -129,6 +129,7 @@ typing-extensions==4.15.0 # -r ./base.in # anyio # beautifulsoup4 + # cryptography # exceptiongroup # pypdf # python-oxmsg diff --git a/requirements/dev.txt b/requirements/dev.txt index 04f217de4c..d759e083a5 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -8,16 +8,16 @@ build==1.3.0 # via pip-tools cfgv==3.4.0 # via pre-commit -click==8.2.1 +click==8.3.0 # via # -c ./base.txt # -c ./test.txt # pip-tools distlib==0.4.0 # via virtualenv -filelock==3.19.1 +filelock==3.20.0 # via virtualenv -identify==2.6.14 +identify==2.6.15 # via pre-commit nodeenv==1.9.1 # via pre-commit @@ -26,9 +26,9 @@ packaging==25.0 # -c ./base.txt # -c ./test.txt # build -pip-tools==7.5.0 +pip-tools==7.5.1 # via -r ./dev.in -platformdirs==4.4.0 +platformdirs==4.5.0 # via # -c ./test.txt # virtualenv @@ -38,9 +38,9 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pyyaml==6.0.2 +pyyaml==6.0.3 # via pre-commit -tomli==2.2.1 +tomli==2.3.0 # via # -c ./test.txt # build @@ -50,7 +50,7 @@ typing-extensions==4.15.0 # -c ./base.txt # -c ./test.txt # virtualenv -virtualenv==20.34.0 +virtualenv==20.35.3 # via pre-commit wheel==0.45.1 # via pip-tools diff --git a/requirements/extra-csv.txt b/requirements/extra-csv.txt index 0928b010ee..8f9cdd9c2a 100644 --- a/requirements/extra-csv.txt +++ b/requirements/extra-csv.txt @@ -8,7 +8,7 @@ numpy==2.2.6 # via # -c ./base.txt # pandas -pandas==2.3.2 +pandas==2.3.3 # via -r ./extra-csv.in python-dateutil==2.9.0.post0 # via diff --git a/requirements/extra-docx.txt b/requirements/extra-docx.txt index 2d353c9daf..50bec141da 100644 --- a/requirements/extra-docx.txt +++ b/requirements/extra-docx.txt @@ -4,7 +4,7 @@ # # pip-compile ./extra-docx.in # -lxml==6.0.1 +lxml==6.0.2 # via # -c ./base.txt # python-docx diff --git a/requirements/extra-odt.txt b/requirements/extra-odt.txt index ca207b8b2e..3a91238dc2 100644 --- a/requirements/extra-odt.txt +++ b/requirements/extra-odt.txt @@ -4,7 +4,7 @@ # # pip-compile ./extra-odt.in # -lxml==6.0.1 +lxml==6.0.2 # via # -c ./base.txt # python-docx diff --git a/requirements/extra-paddleocr.txt b/requirements/extra-paddleocr.txt index f7e3dacea8..ff3c9a3018 100644 --- a/requirements/extra-paddleocr.txt +++ b/requirements/extra-paddleocr.txt @@ -12,21 +12,21 @@ albumentations==2.0.8 # via unstructured-paddleocr annotated-types==0.7.0 # via pydantic -anyio==4.10.0 +anyio==4.11.0 # via # -c ./base.txt # httpx -beautifulsoup4==4.13.5 +beautifulsoup4==4.14.2 # via # -c ./base.txt # unstructured-paddleocr -certifi==2025.8.3 +certifi==2025.10.5 # via # -c ./base.txt # httpcore # httpx # requests -charset-normalizer==3.4.3 +charset-normalizer==3.4.4 # via # -c ./base.txt # requests @@ -38,7 +38,7 @@ exceptiongroup==1.3.0 # anyio fire==0.7.1 # via unstructured-paddleocr -fonttools==4.59.2 +fonttools==4.60.1 # via unstructured-paddleocr h11==0.16.0 # via @@ -52,7 +52,7 @@ httpx==0.28.1 # via # -c ./base.txt # paddlepaddle -idna==3.10 +idna==3.11 # via # -c ./base.txt # anyio @@ -62,7 +62,7 @@ imageio==2.37.0 # via scikit-image lazy-loader==0.4 # via scikit-image -lxml==6.0.1 +lxml==6.0.2 # via # -c ./base.txt # python-docx @@ -115,13 +115,13 @@ protobuf==6.32.1 # paddlepaddle pyclipper==1.3.0.post6 # via unstructured-paddleocr -pydantic==2.11.9 +pydantic==2.12.2 # via albumentations -pydantic-core==2.33.2 +pydantic-core==2.41.4 # via pydantic python-docx==1.2.0 # via unstructured-paddleocr -pyyaml==6.0.2 +pyyaml==6.0.3 # via # albumentations # unstructured-paddleocr @@ -141,7 +141,7 @@ scipy==1.15.3 # via # albumentations # scikit-image -shapely==2.1.1 +shapely==2.1.2 # via unstructured-paddleocr simsimd==6.5.3 # via albucore @@ -153,7 +153,7 @@ soupsieve==2.8 # via # -c ./base.txt # beautifulsoup4 -stringzilla==4.0.10 +stringzilla==4.2.1 # via albucore termcolor==3.1.0 # via fire @@ -174,7 +174,7 @@ typing-extensions==4.15.0 # pydantic-core # python-docx # typing-inspection -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic unstructured-paddleocr==2.10.0 # via -r ./extra-paddleocr.in diff --git a/requirements/extra-pdf-image.txt b/requirements/extra-pdf-image.txt index 262d68e032..b718909ae4 100644 --- a/requirements/extra-pdf-image.txt +++ b/requirements/extra-pdf-image.txt @@ -8,9 +8,9 @@ accelerate==1.10.1 # via unstructured-inference antlr4-python3-runtime==4.9.3 # via omegaconf -cachetools==5.5.2 +cachetools==6.2.1 # via google-auth -certifi==2025.8.3 +certifi==2025.10.5 # via # -c ./base.txt # requests @@ -18,7 +18,7 @@ cffi==2.0.0 # via # -c ./base.txt # cryptography -charset-normalizer==3.4.3 +charset-normalizer==3.4.4 # via # -c ./base.txt # pdfminer-six @@ -27,7 +27,7 @@ coloredlogs==15.0.1 # via onnxruntime contourpy==1.3.2 # via matplotlib -cryptography==45.0.7 +cryptography==46.0.2 # via # -c ./base.txt # pdfminer-six @@ -37,22 +37,22 @@ deprecated==1.2.18 # via pikepdf effdet==0.4.1 # via -r ./extra-pdf-image.in -filelock==3.19.1 +filelock==3.20.0 # via # huggingface-hub # torch # transformers -flatbuffers==25.2.10 +flatbuffers==25.9.23 # via onnxruntime -fonttools==4.59.2 +fonttools==4.60.1 # via matplotlib fsspec==2025.9.0 # via # huggingface-hub # torch -google-api-core[grpc]==2.25.1 +google-api-core[grpc]==2.26.0 # via google-cloud-vision -google-auth==2.40.3 +google-auth==2.41.1 # via # google-api-core # google-cloud-vision @@ -62,15 +62,15 @@ googleapis-common-protos==1.70.0 # via # google-api-core # grpcio-status -grpcio==1.75.0 +grpcio==1.75.1 # via # google-api-core # grpcio-status -grpcio-status==1.75.0 +grpcio-status==1.75.1 # via google-api-core hf-xet==1.1.10 # via huggingface-hub -huggingface-hub==0.35.0 +huggingface-hub==0.35.3 # via # accelerate # timm @@ -79,7 +79,7 @@ huggingface-hub==0.35.0 # unstructured-inference humanfriendly==10.0 # via coloredlogs -idna==3.10 +idna==3.11 # via # -c ./base.txt # requests @@ -87,13 +87,13 @@ jinja2==3.1.6 # via torch kiwisolver==1.4.9 # via matplotlib -lxml==6.0.1 +lxml==6.0.2 # via # -c ./base.txt # pikepdf -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 -matplotlib==3.10.6 +matplotlib==3.10.7 # via unstructured-inference ml-dtypes==0.5.3 # via onnx @@ -119,11 +119,11 @@ numpy==2.2.6 # unstructured-inference omegaconf==2.3.0 # via effdet -onnx==1.19.0 +onnx==1.19.1 # via # -r ./extra-pdf-image.in # unstructured-inference -onnxruntime==1.22.1 +onnxruntime==1.23.1 # via # -r ./extra-pdf-image.in # unstructured-inference @@ -139,7 +139,7 @@ packaging==25.0 # pikepdf # transformers # unstructured-pytesseract -pandas==2.3.2 +pandas==2.3.3 # via unstructured-inference pdf2image==1.17.0 # via -r ./extra-pdf-image.in @@ -148,7 +148,7 @@ pdfminer-six==20250327 # -c ./deps/constraints.txt # -r ./extra-pdf-image.in # unstructured-inference -pi-heif==1.1.0 +pi-heif==1.1.1 # via -r ./extra-pdf-image.in pikepdf==9.11.0 # via -r ./extra-pdf-image.in @@ -174,7 +174,7 @@ protobuf==6.32.1 # onnx # onnxruntime # proto-plus -psutil==7.0.0 +psutil==7.1.0 # via # -c ./base.txt # accelerate @@ -190,9 +190,9 @@ pycparser==2.23 # via # -c ./base.txt # cffi -pyparsing==3.2.4 +pyparsing==3.2.5 # via matplotlib -pypdf==6.0.0 +pypdf==6.1.1 # via # -c ./base.txt # -r ./extra-pdf-image.in @@ -207,7 +207,7 @@ python-multipart==0.0.20 # via unstructured-inference pytz==2025.2 # via pandas -pyyaml==6.0.2 +pyyaml==6.0.3 # via # accelerate # huggingface-hub @@ -218,7 +218,7 @@ rapidfuzz==3.14.1 # via # -c ./base.txt # unstructured-inference -regex==2025.9.1 +regex==2025.9.18 # via # -c ./base.txt # transformers @@ -245,7 +245,7 @@ sympy==1.14.0 # via # onnxruntime # torch -timm==1.0.19 +timm==1.0.20 # via # effdet # unstructured-inference @@ -253,14 +253,14 @@ tokenizers==0.21.4 # via # -c ./deps/constraints.txt # transformers -torch==2.8.0 +torch==2.9.0 # via # accelerate # effdet # timm # torchvision # unstructured-inference -torchvision==0.23.0 +torchvision==0.24.0 # via # effdet # timm @@ -274,6 +274,7 @@ transformers==4.55.4 typing-extensions==4.15.0 # via # -c ./base.txt + # cryptography # grpcio # huggingface-hub # onnx diff --git a/requirements/extra-pptx.txt b/requirements/extra-pptx.txt index 3441ab7552..8e07963237 100644 --- a/requirements/extra-pptx.txt +++ b/requirements/extra-pptx.txt @@ -4,7 +4,7 @@ # # pip-compile ./extra-pptx.in # -lxml==6.0.1 +lxml==6.0.2 # via python-pptx pillow==11.3.0 # via python-pptx diff --git a/requirements/extra-xlsx.txt b/requirements/extra-xlsx.txt index 1bd40d9e8f..6235383d48 100644 --- a/requirements/extra-xlsx.txt +++ b/requirements/extra-xlsx.txt @@ -8,7 +8,7 @@ cffi==2.0.0 # via # -c ./base.txt # cryptography -cryptography==45.0.7 +cryptography==46.0.2 # via # -c ./base.txt # msoffcrypto-tool @@ -28,7 +28,7 @@ olefile==0.47 # msoffcrypto-tool openpyxl==3.1.5 # via -r ./extra-xlsx.in -pandas==2.3.2 +pandas==2.3.3 # via -r ./extra-xlsx.in pycparser==2.23 # via @@ -44,6 +44,10 @@ six==1.17.0 # via # -c ./base.txt # python-dateutil +typing-extensions==4.15.0 + # via + # -c ./base.txt + # cryptography tzdata==2025.2 # via pandas xlrd==2.0.2 diff --git a/requirements/huggingface.txt b/requirements/huggingface.txt index 64d74a4e1d..6f9263585a 100644 --- a/requirements/huggingface.txt +++ b/requirements/huggingface.txt @@ -4,19 +4,19 @@ # # pip-compile ./huggingface.in # -certifi==2025.8.3 +certifi==2025.10.5 # via # -c ./base.txt # requests -charset-normalizer==3.4.3 +charset-normalizer==3.4.4 # via # -c ./base.txt # requests -click==8.2.1 +click==8.3.0 # via # -c ./base.txt # sacremoses -filelock==3.19.1 +filelock==3.20.0 # via # huggingface-hub # torch @@ -27,11 +27,11 @@ fsspec==2025.9.0 # torch hf-xet==1.1.10 # via huggingface-hub -huggingface-hub==0.35.0 +huggingface-hub==0.35.3 # via # tokenizers # transformers -idna==3.10 +idna==3.11 # via # -c ./base.txt # requests @@ -45,7 +45,7 @@ langdetect==1.0.9 # via # -c ./base.txt # -r ./huggingface.in -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 mpmath==1.3.0 # via sympy @@ -60,11 +60,11 @@ packaging==25.0 # -c ./base.txt # huggingface-hub # transformers -pyyaml==6.0.2 +pyyaml==6.0.3 # via # huggingface-hub # transformers -regex==2025.9.1 +regex==2025.9.18 # via # -c ./base.txt # sacremoses @@ -90,7 +90,7 @@ tokenizers==0.21.4 # via # -c ./deps/constraints.txt # transformers -torch==2.8.0 +torch==2.9.0 # via -r ./huggingface.in tqdm==4.67.1 # via diff --git a/requirements/test.txt b/requirements/test.txt index d4c844a383..4f71caccaa 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -8,13 +8,13 @@ annotated-types==0.7.0 # via pydantic autoflake==2.3.1 # via -r ./test.in -black==25.1.0 +black==25.9.0 # via -r ./test.in -click==8.2.1 +click==8.3.0 # via # -c ./base.txt # black -coverage[toml]==7.10.6 +coverage[toml]==7.11.0 # via # -r ./test.in # pytest-cov @@ -32,7 +32,7 @@ flake8-print==5.0.0 # via -r ./test.in freezegun==1.5.5 # via -r ./test.in -grpcio==1.75.0 +grpcio==1.75.1 # via -r ./test.in iniconfig==2.1.0 # via pytest @@ -40,7 +40,7 @@ liccheck==0.9.2 # via -r ./test.in mccabe==0.7.0 # via flake8 -mypy==1.18.1 +mypy==1.18.2 # via -r ./test.in mypy-extensions==1.1.0 # via @@ -56,7 +56,7 @@ pathspec==0.12.1 # via # black # mypy -platformdirs==4.4.0 +platformdirs==4.5.0 # via black pluggy==1.6.0 # via @@ -66,9 +66,9 @@ pycodestyle==2.14.0 # via # flake8 # flake8-print -pydantic==2.11.9 +pydantic==2.12.2 # via -r ./test.in -pydantic-core==2.33.2 +pydantic-core==2.41.4 # via pydantic pyflakes==3.4.0 # via @@ -91,7 +91,9 @@ python-dateutil==2.9.0.post0 # via # -c ./base.txt # freezegun -ruff==0.13.0 +pytokens==0.2.0 + # via black +ruff==0.14.0 # via -r ./test.in semantic-version==2.10.0 # via liccheck @@ -101,7 +103,7 @@ six==1.17.0 # python-dateutil toml==0.10.2 # via liccheck -tomli==2.2.1 +tomli==2.3.0 # via # autoflake # black @@ -126,7 +128,7 @@ typing-extensions==4.15.0 # pydantic # pydantic-core # typing-inspection -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic urllib3==2.5.0 # via diff --git a/unstructured/__version__.py b/unstructured/__version__.py index 52ed62c9c0..c71f847e71 100644 --- a/unstructured/__version__.py +++ b/unstructured/__version__.py @@ -1 +1 @@ -__version__ = "0.18.16-dev0" # pragma: no cover +__version__ = "0.18.16" # pragma: no cover