chorse sep bump to resolve open CVEs (#4205)

resolving open CVEs and bumping versions

pr grew kinda large files changed due to the changes in unstructured
ingest -- i had to re run the ingest_fixtures PR workflow and the
markdown fixtures make command

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: ryannikolaidis <1208590+ryannikolaidis@users.noreply.github.com>
Co-authored-by: luke-kucing <luke-kucing@users.noreply.github.com>

Author: 3 people

CHANGELOG.md

@@ -1,10 +1,16 @@
-## 0.18.31-dev2
+## 0.18.31
 
 ### Enhancements
 - Changed default DPI to 350
 - **Add token-based chunking support**: Added `max_tokens`, `new_after_n_tokens`, and `tokenizer` parameters to `chunk_by_title()` and `chunk_elements()` for chunking by token count instead of character count. Uses tiktoken for token counting. Install with `pip install "unstructured[chunking-tokens]"`. (fixes #4127)
 
 ### Fixes
+- Resolved security vulnerabilities in base system dependencies
+  Bumped dependencies to address the following CVEs:
+  **glibc & related (glibc, glibc-locale-posix, ld-linux, libcrypt1, posix-libc-utils, posix-libc-utils-bin)**: CVE-2026-0915, CVE-2026-0861, GHSA-5pf6-63v3-88hw, GHSA-xp56-6525-9chf
+  **pyasn1**: GHSA-63vm-454h-vhhq
+  **py3-setuptools** (Python 3.12/3.13): GHSA-58pv-8j8x-9vj2
+  **ffmpeg (via OpenCV)**: CVE-2025-9951, CVE-2025-1594, CVE-2023-6604, CVE-2023-49502, CVE-2023-6602, CVE-2023-6605, CVE-2025-0518, CVE-2023-6601, CVE-2025-22919, CVE-2023-50010, CVE-2023-50008, CVE-2024-31582, CVE-2025-59729, CVE-2025-59730, CVE-2023-50007
 - **Fix Pandoc exitcode 97 during ODT conversion**: Try with sandbox=True first, fallback without sandbox only if `ALLOW_PANDOC_NO_SANDBOX=true` env var is set (fixes #3997)
 - **Fix `coordinates=True` causing TypeError in hi_res PDF processing**: Filter out `coordinates` and `coordinate_system` from kwargs before passing to `add_element_metadata()` to prevent conflict with explicit parameters (fixes #4126)
 - **Preserve line breaks in code blocks during chunking**: `<pre>` elements now generate `CodeSnippet` elements instead of `Text`, and chunking preserves internal whitespace for code snippets. (fixes #4095)

requirements/base.txt

@@ -83,15 +83,15 @@ olefile==0.47
     # via python-oxmsg
 orderly-set==5.5.0
     # via deepdiff
-packaging==25.0
+packaging==26.0
     # via
     #   marshmallow
     #   unstructured-client
 psutil==7.2.1
     # via -r ./base.in
-pycparser==2.23
+pycparser==3.0
     # via cffi
-pypdf==6.6.0
+pypdf==6.6.1
     # via unstructured-client
 python-dateutil==2.9.0.post0
     # via unstructured-client
@@ -103,7 +103,7 @@ python-oxmsg==0.0.2
     # via -r ./base.in
 rapidfuzz==3.14.3
     # via -r ./base.in
-regex==2025.11.3
+regex==2026.1.15
     # via nltk
 requests==2.32.5
     # via
@@ -118,7 +118,7 @@ six==1.17.0
     #   langdetect
     #   python-dateutil
     #   unstructured-client
-soupsieve==2.8.1
+soupsieve==2.8.3
     # via beautifulsoup4
 tqdm==4.67.1
     # via

requirements/dev.txt

@@ -19,11 +19,12 @@ importlib-metadata==8.7.1
     # via build
 nodeenv==1.10.0
     # via pre-commit
-packaging==25.0
+packaging==26.0
     # via
     #   -c ./base.txt
     #   -c ./test.txt
     #   build
+    #   wheel
 pip-tools==7.5.2
     # via -r ./dev.in
 platformdirs==4.5.1
@@ -50,7 +51,7 @@ typing-extensions==4.15.0
     #   virtualenv
 virtualenv==20.36.1
     # via pre-commit
-wheel==0.45.1
+wheel==0.46.3
     # via pip-tools
 zipp==3.23.0
     # via importlib-metadata

requirements/extra-chunking-tokens.txt

@@ -1,28 +1,16 @@
 # This file was autogenerated by uv via the following command:
-#    uv pip compile --python-version 3.10 --no-strip-extras extra-chunking-tokens.in -o extra-chunking-tokens.txt --no-emit-package pip --no-emit-package setuptools -c base.txt
+#    uv pip compile --python-version 3.10 --no-strip-extras ./extra-chunking-tokens.in -o ./extra-chunking-tokens.txt --no-emit-package pip --no-emit-package setuptools
 certifi==2026.1.4
-    # via
-    #   -c base.txt
-    #   requests
+    # via requests
 charset-normalizer==3.4.4
-    # via
-    #   -c base.txt
-    #   requests
+    # via requests
 idna==3.11
-    # via
-    #   -c base.txt
-    #   requests
-regex==2025.11.3
-    # via
-    #   -c base.txt
-    #   tiktoken
+    # via requests
+regex==2026.1.15
+    # via tiktoken
 requests==2.32.5
-    # via
-    #   -c base.txt
-    #   tiktoken
+    # via tiktoken
 tiktoken==0.12.0
-    # via -r extra-chunking-tokens.in
+    # via -r ./extra-chunking-tokens.in
 urllib3==2.6.3
-    # via
-    #   -c base.txt
-    #   requests
+    # via requests

requirements/extra-markdown.txt

@@ -1,4 +1,4 @@
 # This file was autogenerated by uv via the following command:
 #    uv pip compile --python-version 3.10 --no-strip-extras ./extra-markdown.in -o ./extra-markdown.txt --no-emit-package pip --no-emit-package setuptools
-markdown==3.10
+markdown==3.10.1
     # via -r ./extra-markdown.in

requirements/extra-paddleocr.txt

@@ -84,17 +84,17 @@ numpy==2.2.6
     #   shapely
     #   tifffile
     #   unstructured-paddleocr
-opencv-contrib-python==4.12.0.88
+opencv-contrib-python==4.13.0.90
     # via unstructured-paddleocr
-opencv-python==4.12.0.88
+opencv-python==4.13.0.90
     # via unstructured-paddleocr
-opencv-python-headless==4.12.0.88
+opencv-python-headless==4.13.0.90
     # via
     #   albucore
     #   albumentations
 opt-einsum==3.3.0
     # via paddlepaddle
-packaging==25.0
+packaging==26.0
     # via
     #   -c ./base.txt
     #   lazy-loader
@@ -143,7 +143,7 @@ shapely==2.1.2
     # via unstructured-paddleocr
 simsimd==6.5.12
     # via albucore
-soupsieve==2.8.1
+soupsieve==2.8.3
     # via
     #   -c ./base.txt
     #   beautifulsoup4

requirements/extra-pdf-image.txt

@@ -52,7 +52,7 @@ google-auth==2.47.0
     # via
     #   google-api-core
     #   google-cloud-vision
-google-cloud-vision==3.11.0
+google-cloud-vision==3.12.0
     # via -r ./extra-pdf-image.in
 googleapis-common-protos==1.72.0
     # via
@@ -124,9 +124,9 @@ onnxruntime==1.23.2
     # via
     #   -r ./extra-pdf-image.in
     #   unstructured-inference
-opencv-python==4.12.0.88
+opencv-python==4.13.0.90
     # via unstructured-inference
-packaging==25.0
+packaging==26.0
     # via
     #   -c ./base.txt
     #   accelerate
@@ -144,7 +144,7 @@ pdfminer-six==20260107
     # via
     #   -r ./extra-pdf-image.in
     #   unstructured-inference
-pi-heif==1.1.1
+pi-heif==1.2.0
     # via -r ./extra-pdf-image.in
 pikepdf==10.2.0
     # via -r ./extra-pdf-image.in
@@ -174,21 +174,21 @@ psutil==7.2.1
     # via
     #   -c ./base.txt
     #   accelerate
-pyasn1==0.6.1
+pyasn1==0.6.2
     # via
     #   pyasn1-modules
     #   rsa
 pyasn1-modules==0.4.2
     # via google-auth
 pycocotools==2.0.11
     # via effdet
-pycparser==2.23
+pycparser==3.0
     # via
     #   -c ./base.txt
     #   cffi
-pyparsing==3.3.1
+pyparsing==3.3.2
     # via matplotlib
-pypdf==6.6.0
+pypdf==6.6.1
     # via
     #   -c ./base.txt
     #   -r ./extra-pdf-image.in
@@ -199,7 +199,7 @@ python-dateutil==2.9.0.post0
     #   -c ./base.txt
     #   matplotlib
     #   pandas
-python-multipart==0.0.21
+python-multipart==0.0.22
     # via unstructured-inference
 pytz==2025.2
     # via pandas
@@ -214,7 +214,7 @@ rapidfuzz==3.14.3
     # via
     #   -c ./base.txt
     #   unstructured-inference
-regex==2025.11.3
+regex==2026.1.15
     # via
     #   -c ./base.txt
     #   transformers
@@ -249,14 +249,14 @@ tokenizers==0.21.4
     # via
     #   -c ././deps/constraints.txt
     #   transformers
-torch==2.9.1
+torch==2.10.0
     # via
     #   accelerate
     #   effdet
     #   timm
     #   torchvision
     #   unstructured-inference
-torchvision==0.24.1
+torchvision==0.25.0
     # via
     #   effdet
     #   timm
@@ -278,7 +278,7 @@ typing-extensions==4.15.0
     #   torch
 tzdata==2025.3
     # via pandas
-unstructured-inference==1.1.4
+unstructured-inference==1.1.7
     # via -r ./extra-pdf-image.in
 unstructured-pytesseract==0.3.15
     # via -r ./extra-pdf-image.in

requirements/extra-xlsx.txt

@@ -26,7 +26,7 @@ openpyxl==3.1.5
     # via -r ./extra-xlsx.in
 pandas==2.3.3
     # via -r ./extra-xlsx.in
-pycparser==2.23
+pycparser==3.0
     # via
     #   -c ./base.txt
     #   cffi

requirements/huggingface.txt

@@ -51,7 +51,7 @@ numpy==2.2.6
     # via
     #   -c ./base.txt
     #   transformers
-packaging==25.0
+packaging==26.0
     # via
     #   -c ./base.txt
     #   huggingface-hub
@@ -60,7 +60,7 @@ pyyaml==6.0.3
     # via
     #   huggingface-hub
     #   transformers
-regex==2025.11.3
+regex==2026.1.15
     # via
     #   -c ./base.txt
     #   sacremoses
@@ -86,7 +86,7 @@ tokenizers==0.21.4
     # via
     #   -c ././deps/constraints.txt
     #   transformers
-torch==2.9.1
+torch==2.10.0
     # via -r ./huggingface.in
 tqdm==4.67.1
     # via

requirements/test.txt

@@ -4,13 +4,13 @@ annotated-types==0.7.0
     # via pydantic
 autoflake==2.3.1
     # via -r ./test.in
-black==25.12.0
+black==26.1.0
     # via -r ./test.in
 click==8.3.1
     # via
     #   -c ./base.txt
     #   black
-coverage[toml]==7.13.1
+coverage[toml]==7.13.2
     # via
     #   -r ./test.in
     #   pytest-cov
@@ -45,7 +45,7 @@ mypy-extensions==1.1.0
     #   -c ./base.txt
     #   black
     #   mypy
-packaging==25.0
+packaging==26.0
     # via
     #   -c ./base.txt
     #   black
@@ -89,9 +89,9 @@ python-dateutil==2.9.0.post0
     # via
     #   -c ./base.txt
     #   freezegun
-pytokens==0.3.0
+pytokens==0.4.0
     # via black
-ruff==0.14.11
+ruff==0.14.14
     # via -r ./test.in
 semantic-version==2.10.0
     # via liccheck