Patch various CVEs

PastelStorm · PastelStorm · commit 27b0286e79a7 · 2025-05-26T13:57:50.000-07:00
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -10,7 +10,7 @@ env:
   DOCKER_BUILD_REPOSITORY: quay.io/unstructured-io/build-unstructured-api
   PACKAGE: "unstructured-api"
   PIPELINE_FAMILY: "general"
-  PIP_VERSION: "22.2.1"
+  PIP_VERSION: "23.3.0"
   PYTHON_VERSION: "3.10"
 
 jobs:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 0.0.85
+* Patch various CVEs
+
 ## 0.0.84
 * Patch h11 CVE
 * bump httpcore version due to h11 dependency
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 PIPELINE_FAMILY := general
 PIPELINE_PACKAGE := general
 PACKAGE_NAME := prepline_${PIPELINE_PACKAGE}
-PIP_VERSION := 23.2.1
+PIP_VERSION := 23.3.0
 ARCH := $(shell uname -m)
 
 .PHONY: help
diff --git a/prepline_general/api/app.py b/prepline_general/api/app.py
@@ -1,10 +1,10 @@
-from fastapi import FastAPI, Request, status, HTTPException
-from fastapi.datastructures import FormData
-from fastapi.responses import JSONResponse
-from fastapi.security import APIKeyHeader
 import logging
 import os
 
+from fastapi import FastAPI, HTTPException, Request, status
+from fastapi.datastructures import FormData
+from fastapi.responses import JSONResponse
+
 from .general import router as general_router
 from .openapi import set_custom_openapi
 
@@ -13,7 +13,7 @@
 app = FastAPI(
     title="Unstructured Pipeline API",
     summary="Partition documents with the Unstructured library",
-    version="0.0.84",
+    version="0.0.85",
     docs_url="/general/docs",
     openapi_url="/general/openapi.json",
     servers=[
diff --git a/prepline_general/api/general.py b/prepline_general/api/general.py
@@ -7,11 +7,9 @@
 import mimetypes
 import os
 import secrets
-import zipfile
 from base64 import b64encode
 from concurrent.futures import ThreadPoolExecutor
 from functools import partial
-from types import TracebackType
 from typing import IO, Any, Dict, List, Mapping, Optional, Sequence, Tuple, Union, cast
 
 import backoff
@@ -33,8 +31,8 @@
 from starlette.datastructures import Headers
 from starlette.types import Send
 
-from prepline_general.api.models.form_params import GeneralFormParams
 from prepline_general.api.filetypes import get_validated_mimetype
+from prepline_general.api.models.form_params import GeneralFormParams
 from unstructured.documents.elements import Element
 from unstructured.partition.auto import partition
 from unstructured.staging.base import (
@@ -53,7 +51,9 @@ def is_compatible_response_type(media_type: str, response_type: type) -> bool:
     return (
         False
         if media_type == "application/json" and response_type not in [dict, list]
-        else False if media_type == "text/csv" and response_type != str else True
+        else False
+        if media_type == "text/csv" and response_type != str
+        else True
     )
 
 
@@ -602,7 +602,7 @@ def return_content_type(filename: str):
 
 
 @router.get("/general/v0/general", include_in_schema=False)
-@router.get("/general/v0.0.84/general", include_in_schema=False)
+@router.get("/general/v0.0.85/general", include_in_schema=False)
 async def handle_invalid_get_request():
     raise HTTPException(
         status_code=status.HTTP_405_METHOD_NOT_ALLOWED, detail="Only POST requests are supported."
@@ -617,7 +617,7 @@ async def handle_invalid_get_request():
     description="Description",
     operation_id="partition_parameters",
 )
-@router.post("/general/v0.0.84/general", include_in_schema=False)
+@router.post("/general/v0.0.85/general", include_in_schema=False)
 def general_partition(
     request: Request,
     # cannot use annotated type here because of a bug described here:
diff --git a/preprocessing-pipeline-family.yaml b/preprocessing-pipeline-family.yaml
@@ -1,2 +1,2 @@
 name: general
-version: 0.0.84
+version: 0.0.85
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -45,7 +45,7 @@ coloredlogs==15.0.1
     # via onnxruntime
 contourpy==1.3.1
     # via matplotlib
-cryptography==44.0.0
+cryptography==44.0.1
     # via
     #   pdfminer-six
     #   unstructured-client
@@ -121,7 +121,7 @@ idna==3.10
     #   anyio
     #   httpx
     #   requests
-jinja2==3.1.5
+jinja2==3.1.6
     # via torch
 joblib==1.4.2
     # via nltk
@@ -358,7 +358,7 @@ tqdm==4.67.1
     #   nltk
     #   transformers
     #   unstructured
-transformers==4.48.2
+transformers==4.50.0
     # via unstructured-inference
 typing-extensions==4.12.2
     # via
diff --git a/requirements/test.txt b/requirements/test.txt
@@ -103,7 +103,7 @@ contourpy==1.3.1
     #   matplotlib
 coverage[toml]==7.6.10
     # via pytest-cov
-cryptography==44.0.0
+cryptography==44.0.1
     # via
     #   -r requirements/base.txt
     #   pdfminer-six
@@ -269,7 +269,7 @@ isoduration==20.11.0
     # via jsonschema
 jedi==0.19.2
     # via ipython
-jinja2==3.1.5
+jinja2==3.1.6
     # via
     #   -r requirements/base.txt
     #   jupyter-server
@@ -828,7 +828,7 @@ traitlets==5.14.3
     #   nbclient
     #   nbconvert
     #   nbformat
-transformers==4.48.2
+transformers==4.50.0
     # via
     #   -r requirements/base.txt
     #   unstructured-inference
diff --git a/scripts/docker-build.sh b/scripts/docker-build.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 DOCKER_REPOSITORY="${DOCKER_REPOSITORY:-quay.io/unstructured-io/unstructured-api}"
 PIPELINE_PACKAGE=${PIPELINE_PACKAGE:-"general"}
 PIPELINE_FAMILY=${PIPELINE_FAMILY:-"general"}
-PIP_VERSION="${PIP_VERSION:-22.2.1}"
+PIP_VERSION="${PIP_VERSION:-23.3.0}"
 DOCKER_IMAGE="${DOCKER_IMAGE:-pipeline-family-${PIPELINE_FAMILY}-dev}"
 DOCKER_PLATFORM="${DOCKER_PLATFORM:-}"
 

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`name: general`
`2`		`-version: 0.0.84`
	`2`	`+version: 0.0.85`