fix: override pypdf and uv to patched versions for CVE-2026-40260 and GHSA-pjjw-68hj-v9mw

2026-05-01 07:13:00 +00:00 · 2026-04-13 21:04:37 +08:00
parent a4e7b322c5
commit c8694fbed2
2 changed files with 9 additions and 2 deletions
--- a/uv.lock
+++ b/uv.lock
@@ -13,7 +13,8 @@ resolution-markers = [
 ]

 [options]
-exclude-newer = "2026-04-10T16:00:00Z"
+exclude-newer = "2026-04-10T12:25:00.712108Z"
+exclude-newer-span = "P3D"

 [manifest]
 members = [
@@ -27,9 +28,11 @@ overrides = [
    { name = "langchain-core", specifier = ">=1.2.28,<2" },
    { name = "onnxruntime", marker = "python_full_version < '3.11'", specifier = "<1.24" },
    { name = "pillow", specifier = ">=12.1.1" },
+    { name = "pypdf", specifier = ">=6.10.0,<7" },
    { name = "rich", specifier = ">=13.7.1" },
    { name = "transformers", marker = "python_full_version >= '3.10'", specifier = ">=5.4.0" },
    { name = "urllib3", specifier = ">=2.6.3" },
+    { name = "uv", specifier = ">=0.11.6,<1" },
 ]

 [manifest.dependency-groups]