From 3c51ad1848316b0a05e8cf20154636fcf53b7084 Mon Sep 17 00:00:00 2001
From: Cory Bullinger <cory.bullinger@mongodb.com>
Date: Wed, 17 Dec 2025 08:10:33 -0500
Subject: [PATCH 1/2] Upgrade filelock to v3.20.1 per dependabot alert

---
 mflix/server/python-fastapi/requirements.in  | 8 +++++++-
 mflix/server/python-fastapi/requirements.txt | 8 +++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/mflix/server/python-fastapi/requirements.in b/mflix/server/python-fastapi/requirements.in
index b1542a4..a9284aa 100644
--- a/mflix/server/python-fastapi/requirements.in
+++ b/mflix/server/python-fastapi/requirements.in
@@ -55,4 +55,10 @@ sentry-sdk~=2.42.0      # For error tracking and performance monitoring
 # Libraries for rich console output and debugging.
 # ------------------------------------------------------------------------------
 rich~=14.2.0            # For rich, formatted terminal output
-rich-toolkit~=0.15.0    # Extensions for the 'rich' library
\ No newline at end of file
+rich-toolkit~=0.15.0    # Extensions for the 'rich' library
+
+# ==============================================================================
+# 8. TRANSITIVE DEPENDENCY CONSTRAINTS
+# Minimum versions for indirect dependencies.
+# ------------------------------------------------------------------------------
+filelock>=3.20.1        # Transitive dep via huggingface-hub
\ No newline at end of file
diff --git a/mflix/server/python-fastapi/requirements.txt b/mflix/server/python-fastapi/requirements.txt
index e2a8635..35fa81b 100644
--- a/mflix/server/python-fastapi/requirements.txt
+++ b/mflix/server/python-fastapi/requirements.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.13
 # by the following command:
 #
-#    pip-compile requirements.in
+#    pip-compile --output-file=requirements.txt requirements.in
 #
 aiohappyeyeballs==2.6.1
     # via aiohttp
@@ -52,8 +52,10 @@ fastapi-cli==0.0.14
     # via -r requirements.in
 fastapi-cloud-cli==0.3.1
     # via -r requirements.in
-filelock==3.20.0
-    # via huggingface-hub
+filelock==3.20.1
+    # via
+    #   -r requirements.in
+    #   huggingface-hub
 frozenlist==1.8.0
     # via
     #   aiohttp

From b40064bf5a4692d4f76f80c442ea5a553eb00bb4 Mon Sep 17 00:00:00 2001
From: Cory Bullinger <cory.bullinger@mongodb.com>
Date: Wed, 17 Dec 2025 08:15:31 -0500
Subject: [PATCH 2/2] Regenerate requirements.txt

---
 mflix/server/python-fastapi/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mflix/server/python-fastapi/requirements.txt b/mflix/server/python-fastapi/requirements.txt
index 35fa81b..456da2f 100644
--- a/mflix/server/python-fastapi/requirements.txt
+++ b/mflix/server/python-fastapi/requirements.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.13
 # by the following command:
 #
-#    pip-compile --output-file=requirements.txt requirements.in
+#    pip-compile requirements.in
 #
 aiohappyeyeballs==2.6.1
     # via aiohttp