LCORE-1326: Update dependencies + CVE fix

[tisnik]

Description

LCORE-1326: Update dependencies + CVE fix (Tornado)

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-1326

Summary by CodeRabbit

• Chores
  • Updated build dependencies and package hashes for improved stability and security.
  • Adjusted configuration files to optimize the build and installation process with refined dependency specifications.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0e276aeb-f00f-4656-b138-5dd848a4cbac

📥 Commits

Reviewing files that changed from the base of the PR and between b4daa8e and 9cb80c6.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .tekton/lightspeed-stack-pull-request.yaml
• .tekton/lightspeed-stack-push.yaml
• requirements-build.txt
• requirements.hashes.source.txt
• requirements.hashes.wheel.txt

---

Walkthrough

Updates Python build dependencies and their cryptographic hashes across Tekton pipeline configurations and requirements files. Adds build, wheel, and pyproject-hooks packages to binary dependencies; downgrades maturin; refreshes hashes for multiple packages across source and wheel manifests.

Changes

Cohort / File(s)	Summary
Tekton Pipeline Configuration .tekton/lightspeed-stack-pull-request.yaml, .tekton/lightspeed-stack-push.yaml	Updated binary.packages lists in prefetch configurations; added "build", "wheel", and "pyproject-hooks" to the package set with ordering adjustments.
Build Requirements requirements-build.txt	Downgraded maturin from 1.12.6 to 1.10.2; added commented entries for pip, pybuild-deps, xdg, pip-tools, and tornado without altering runtime behavior.
Source Hashes requirements.hashes.source.txt	Updated dependency hashes and versions for multiple packages including chardet (7.0.1 → 7.1.0), filelock (3.25.1 → 3.25.2), google-cloud-aiplatform (1.140.0 → 1.141.0); added new hash entries for tornado, pybuild-deps, and xdg; refreshed hashes for existing packages.
Wheel Hashes requirements.hashes.wheel.txt	Added new package entries for build==1.4.0, pyproject-hooks==1.2.0, and wheel==0.46.3 with hashes; updated hashes for cffi, pandas, pycparser, pyyaml, setuptools, and other packages; removed old tornado and setuptools hash entries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly matches the PR's primary objectives of updating dependencies and addressing a CVE fix for Tornado, as evidenced by the changes across requirements files and configuration updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}