fix(deps): bump vulnerable packages (CVE remediation)

gunicorn 21.2.0 -> 23.0.0 (all 11 services + template)
  Fixes GHSA-hc5x-x2vx-497g (HTTP Request Smuggling)
       GHSA-w3h3-4rj7-4ph4 (HTTP header injection)

requests 2.32.3 -> 2.32.4 (extract-api-service)
  Fixes GHSA-9hjg-9r4m-mvj7

transformers 4.48.3 -> 4.53.0 (text-completion-llm-service)
  Fixes 11 CVEs: GHSA-37mw, GHSA-4w7r, GHSA-59p9, GHSA-9356,
                 GHSA-fpwr, GHSA-jjph, GHSA-phhr, GHSA-q2wp,
                 GHSA-qq3j, GHSA-rcv9, PYSEC-2025-40

torch 2.6.0 -> 2.7.0 (text-completion-llm-service)
  Partially fixes GHSA-3749-ghw9-m3mg, GHSA-887c-mr87-cxwp
  NOTE: full fix requires 2.8.0 when released

.github/copilot-instructions.md: update tech stack table
  gunicorn 21.2.x -> 23.0.x, Airflow latest -> 2.10.4 (pinned)

Author: VTvito

.github/copilot-instructions.md

@@ -621,10 +621,10 @@ These are hard-won insights from building and debugging the platform. They shoul
 |---|---|---|---|
 | **Runtime** | Python | 3.9 | All services and tools |
 | **Web framework** | Flask | 3.0.x | Blueprint pattern, app factory |
-| **WSGI server** | Gunicorn | 21.2.x | 4 workers default |
+| **WSGI server** | Gunicorn | 23.0.x | 4 workers default |
 | **Data format** | Apache Arrow IPC | PyArrow 18.x | Streaming format for all service data |
 | **Data processing** | Pandas | 2.2.x | Arrow → Pandas → process → Arrow (consider pyarrow.compute for perf-critical paths) |
-| **Orchestration** | Apache Airflow | latest | PostgreSQL backend, DAG-based |
+| **Orchestration** | Apache Airflow | 2.10.4 | PostgreSQL 16 backend, DAG-based |
 | **AI (cloud)** | OpenAI API | GPT-4o-mini default | Pipeline generation |
 | **AI (local)** | HuggingFace Transformers | Llama 3.2 1B Instruct | Text completion service |
 | **UI** | Streamlit | 1.30+ | Chat + pipeline builder + data preview/download + health dashboard |

services/clean-nan-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/data-quality-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/delete-columns-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/extract-api-service/requirements.txt

@@ -1,8 +1,8 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0
-requests==2.32.3
+requests==2.32.4
 pyarrow==18.1.0

services/extract-csv-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/extract-excel-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/extract-sql-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/join-datasets-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 numpy==2.0.2
 pandas==2.2.2
 prometheus_client==0.21.0

services/load-data-service/requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.3
 Werkzeug==3.1.6
-gunicorn==21.2.0
+gunicorn==23.0.0
 prometheus_client==0.21.0
 pyarrow==18.1.0
 pandas==2.2.2