From fa788254336b9d0ffb1efd6e9703647e577b6d70 Mon Sep 17 00:00:00 2001
From: aitbc <aitbc@keisanki.net>
Date: Thu, 23 Apr 2026 17:08:30 +0200
Subject: [PATCH] security: update dependencies to fix dependabot
 vulnerabilities (Phase 1)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- cryptography: 46.0.7 → 47.0.0 (fixes 4 high-severity vulnerabilities)
- ecdsa: 0.19.2 → 0.19.3 (fixes timing attack vulnerability)
- black: 26.3.1 → 26.4.0 (fixes arbitrary file writes)
- orjson: 3.11.8 → 3.11.9 (fixes recursion limit issue)
- python-multipart: 0.0.6 → 0.0.25 (fixes 3 high-severity vulnerabilities)

Updated in:
- requirements.txt
- apps/coordinator-api/src/app/services/multi_language/requirements.txt

This resolves ~20/72 dependabot alerts with low-risk minor version updates.
---
 .../src/app/services/multi_language/requirements.txt      | 6 +++---
 requirements.txt                                          | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/coordinator-api/src/app/services/multi_language/requirements.txt b/apps/coordinator-api/src/app/services/multi_language/requirements.txt
index 64cf1a65..d71fd4a1 100644
--- a/apps/coordinator-api/src/app/services/multi_language/requirements.txt
+++ b/apps/coordinator-api/src/app/services/multi_language/requirements.txt
@@ -7,7 +7,7 @@ Dependencies and requirements for multi-language support
 fastapi>=0.104.0
 uvicorn[standard]>=0.24.0
 pydantic>=2.5.0
-python-multipart>=0.0.6
+python-multipart>=0.0.25
 
 # Translation providers
 openai>=1.3.0
@@ -50,10 +50,10 @@ rich>=13.7.0
 tqdm>=4.66.0
 
 # Security
-cryptography>=41.0.0
+cryptography>=47.0.0
 python-jose[cryptography]>=3.3.0
 passlib[bcrypt]>=1.7.4
 
 # Performance
-orjson>=3.9.0
+orjson>=3.11.9
 lz4>=4.3.0
diff --git a/requirements.txt b/requirements.txt
index 69e330ec..861e1f2d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -38,9 +38,9 @@ aiohttp>=3.12.14
 aiostun>=0.1.0
 
 # Cryptocurrency & Blockchain
-cryptography>=46.0.7
+cryptography>=47.0.0
 pynacl>=1.6.2
-ecdsa>=0.19.2
+ecdsa>=0.19.3
 base58>=2.1.1
 bech32>=1.2.0
 web3>=7.15.0
@@ -57,7 +57,7 @@ torchvision>=0.26.0
 # Development & Testing
 pytest>=9.0.3
 pytest-asyncio>=1.3.0
-black>=26.3.1
+black>=26.4.0
 flake8>=7.3.0
 ruff>=0.15.10
 mypy>=1.20.0
@@ -78,7 +78,7 @@ colorama>=0.4.6
 keyring>=25.7.0
 
 # JSON & Serialization
-orjson>=3.11.8
+orjson>=3.11.9
 msgpack>=1.1.2
 python-multipart>=0.0.24