fix(deps): resolve all 14 open Dependabot security alerts (#275)

- backend: pin langsmith>=0.8.0 (0.7.31->0.8.4), langchain-classic>=1.0.7 (1.0.2->1.0.7)
- evaluation: pin langsmith>=0.8.0 (0.7.31->0.8.4), gitpython>=3.1.50 (3.1.45->3.1.50)
- frontend: pin gitpython>=3.1.50 (3.1.44->3.1.50)
- nextjs-frontend: yarn resolutions to override next@16.2.6 hard-pinned postcss@8.4.31->8.5.10

Signed-off-by: Jack Luar <jluar@precisioninno.com>

Author: luarss

backend/pyproject.toml

@@ -14,6 +14,7 @@ dependencies = [
     "httpx>=0.28.1",
     "huggingface-hub>=1.3.0",
     "langchain>=1.2.12",
+    "langchain-classic>=1.0.7",
     "langchain-community>=0.4.1",
     "langchain-google-genai>=4.2.1",
     "langchain-google-vertexai>=3.2.2",
@@ -22,6 +23,7 @@ dependencies = [
     "langchain-ollama>=1.0.1",
     "langgraph>=1.1.0",
     "langgraph-checkpoint>=4.0.0",
+    "langsmith>=0.8.0",
     "markdown==3.8.2",
     "myst-parser==4.0.1",
     "nest-asyncio>=1.6.0",

backend/uv.lock

@@ -11,12 +11,14 @@ dependencies = [
     "google-auth>=2.47.0",
     "google-auth-httplib2==0.2.0",
     "google-auth-oauthlib==1.2.0",
+    "gitpython>=3.1.50",
     "gspread==6.1.2",
     "python-dotenv==1.2.2",
     "requests==2.33.0",
     "streamlit>=1.40.0",
     "deepeval==3.0.0",
     "langchain-google-vertexai>=3.2.2",
+    "langsmith>=0.8.0",
     "asyncio==3.4.3",
     "huggingface-hub==0.26.2",
     "instructor[vertexai]==1.5.2",

evaluation/pyproject.toml

@@ -40,5 +40,8 @@
   },
   "eslintConfig": {
     "extends": "next"
+  },
+  "resolutions": {
+    "postcss": "^8.5.10"
   }
 }

evaluation/uv.lock

@@ -2723,7 +2723,7 @@ ms@^2.1.1, ms@^2.1.3:
   resolved "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"
   integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
 
-nanoid@^3.3.11, nanoid@^3.3.6:
+nanoid@^3.3.11:
   version "3.3.12"
   resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.12.tgz#ab3d912e217a6d0a514f00a72a16543a28982c05"
   integrity sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==
@@ -2905,7 +2905,7 @@ path-parse@^1.0.7:
   resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz"
   integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
-picocolors@^1.0.0, picocolors@^1.0.1, picocolors@^1.1.1:
+picocolors@^1.0.1, picocolors@^1.1.1:
   version "1.1.1"
   resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz"
   integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
@@ -2925,16 +2925,7 @@ postcss-value-parser@^4.2.0:
   resolved "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz"
   integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
 
-postcss@8.4.31:
-  version "8.4.31"
-  resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz"
-  integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
-  dependencies:
-    nanoid "^3.3.6"
-    picocolors "^1.0.0"
-    source-map-js "^1.0.2"
-
-postcss@^8.4.41, postcss@^8.5.10:
+postcss@8.4.31, postcss@^8.4.41, postcss@^8.5.10:
   version "8.5.10"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.10.tgz#8992d8c30acf3f12169e7c09514a12fed7e48356"
   integrity sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==
@@ -3322,7 +3313,7 @@ side-channel@^1.1.0:
     side-channel-map "^1.0.1"
     side-channel-weakmap "^1.0.2"
 
-source-map-js@^1.0.2, source-map-js@^1.2.1:
+source-map-js@^1.2.1:
   version "1.2.1"
   resolved "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz"
   integrity sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==

frontend/nextjs-frontend/package.json

@@ -8,6 +8,7 @@ version = "1.0.0"
 requires-python = ">=3.12"
 dependencies = [
   "fastapi[standard]==0.115.14",
+  "gitpython>=3.1.50",
   "streamlit>=1.54.0",
   "requests==2.33.0",
   "requests-oauthlib==2.0.0",