Bump dependencies to fix pip-audit CVEs

kutcode · claude · kutcode · commit 7a374729629d · 2026-04-02T16:20:49.000-04:00
- fastapi 0.115.6 → 0.135.3 (fixes starlette CVEs) - python-multipart 0.0.20 → 0.0.22 (CVE-2026-24486) - pdfplumber 0.11.4 → 0.11.9 (fixes pdfminer-six CVEs) - PyJWT 2.10.1 → 2.12.0 (CVE-2026-32597) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -1,7 +1,7 @@
 # Web framework
-fastapi==0.115.6
+fastapi==0.135.3
 uvicorn[standard]==0.34.0
-python-multipart==0.0.20
+python-multipart==0.0.22
 
 # Database
 sqlalchemy==2.0.36
@@ -12,7 +12,7 @@ greenlet==3.2.5
 
 # Document parsing
 python-docx==1.1.2
-pdfplumber==0.11.4
+pdfplumber==0.11.9
 
 # AI / Embeddings
 sentence-transformers==3.3.1
@@ -27,4 +27,4 @@ eval_type_backport==0.3.1
 alembic==1.14.1
 
 # Authentication
-PyJWT[crypto]==2.10.1
+PyJWT[crypto]==2.12.0
