fix(cdk): upgrade unstructured from 0.10.27 to 0.18.18 to fix CVE-2025-64712

Upgrades the unstructured library to address critical path traversal
vulnerability GHSA-gm8q-m8mv-jj5m (CVSS 9.8) in partition_msg.

Changes:
- Update unstructured dependency from 0.10.27 to 0.18.18
- Add pi-heif dependency required by new unstructured version
- Adapt unstructured_parser.py to new API:
  - Replace removed EXT_TO_FILETYPE/STR_TO_FILETYPE/FILETYPE_TO_MIMETYPE
    with FileType.from_extension()/from_mime_type()/mime_type property
  - Update detect_filetype() parameter from filename= to file_path=
- Update test mocks to match new API surface

Co-Authored-By: unknown <>

Author: devin-ai-integration[bot]

airbyte_cdk/sources/file_based/file_types/unstructured_parser.py

@@ -12,13 +12,7 @@
 import dpath
 import nltk
 import requests
-from unstructured.file_utils.filetype import (
-    EXT_TO_FILETYPE,
-    FILETYPE_TO_MIMETYPE,
-    STR_TO_FILETYPE,
-    FileType,
-    detect_filetype,
-)
+from unstructured.file_utils.filetype import FileType, detect_filetype
 
 from airbyte_cdk.models import FailureType
 from airbyte_cdk.sources.file_based.config.file_based_stream_config import FileBasedStreamConfig
@@ -335,7 +329,7 @@ def _read_file_remotely(
 
         data = self._params_to_dict(format.parameters, strategy)
 
-        file_data = {"files": ("filename", file_handle, FILETYPE_TO_MIMETYPE[filetype])}
+        file_data = {"files": ("filename", file_handle, filetype.mime_type)}
 
         response = requests.post(
             f"{format.api_url}/general/v0/general", headers=headers, data=data, files=file_data
@@ -405,8 +399,11 @@ def _get_filetype(self, file: IOBase, remote_file: RemoteFile) -> Optional[FileT
         2. Use the file name if available
         3. Use the file content
         """
-        if remote_file.mime_type and remote_file.mime_type in STR_TO_FILETYPE:
-            return STR_TO_FILETYPE[remote_file.mime_type]
+        if remote_file.mime_type:
+            try:
+                return FileType.from_mime_type(remote_file.mime_type)
+            except ValueError:
+                pass
 
         # set name to none, otherwise unstructured will try to get the modified date from the local file system
         if hasattr(file, "name"):
@@ -418,7 +415,7 @@ def _get_filetype(self, file: IOBase, remote_file: RemoteFile) -> Optional[FileT
         file_type: FileType | None = None
         try:
             file_type = detect_filetype(
-                filename=remote_file.uri,
+                file_path=remote_file.uri,
             )
         except Exception:
             # Path doesn't exist locally. Try something else...
@@ -434,8 +431,10 @@ def _get_filetype(self, file: IOBase, remote_file: RemoteFile) -> Optional[FileT
             return type_based_on_content
 
         extension = "." + remote_file.uri.split(".")[-1].lower()
-        if extension in EXT_TO_FILETYPE:
-            return EXT_TO_FILETYPE[extension]
+        try:
+            return FileType.from_extension(extension)
+        except ValueError:
+            pass
 
         return None