Skip to content

chore (deps): update dependencies #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
a-klos merged 43 commits into from
Feb 9, 2026
Merged

chore (deps): update dependencies #247

a-klos merged 43 commits into from
Feb 9, 2026

Conversation

@a-klos
Copy link
Member

@a-klos a-klos commented Feb 9, 2026

This pull request updates several dependencies across both Python and Node.js projects to newer versions, with a focus on bug fixes, compatibility, and security improvements. The most notable changes are dependency upgrades in both backend (pyproject.toml) and frontend (package-lock.json) codebases.

Python dependency updates:

  • Upgraded python-multipart from 0.0.20 to 0.0.22 in both libs/admin-api-lib/pyproject.toml and libs/extractor-api-lib/pyproject.toml for improved stability and bug fixes. [1] [2]
  • Upgraded unstructured from 0.18.15 to 0.18.18 in libs/extractor-api-lib/pyproject.toml for better document parsing.
  • Upgraded wheel from 0.45.1 to 0.46.0 in libs/extractor-api-lib/pyproject.toml.

Node.js dependency updates:

  • Upgraded js-yaml in several places (including @yarnpkg/parsers, front-matter, and root) to newer patch versions for improved YAML parsing and security. [1] [2] [3]
  • Upgraded glob from 10.4.5 to 10.5.0 for improved file globbing performance and bug fixes.
  • Added the validator package at version 13.15.23 for robust string validation in the frontend.

Other frontend dependency changes:

  • Downgraded tailwindcss from 4.1.18 to 3.4.18 in services/frontend/package-lock.json, possibly for compatibility reasons, and updated its dependencies accordingly.

dependabot bot and others added 30 commits November 18, 2025 07:58
@dependabot
chore: bump js-yaml from 3.14.1 to 3.14.2 in /services/frontend
7b9d1ba 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump glob from 10.4.5 to 10.5.0 in /services/frontend
1b5ab9c 
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 10.5.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump js-yaml from 4.1.0 to 4.1.1
9310007 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump validator from 13.15.15 to 13.15.23 in /services/frontend
9dd6490 
Bumps [validator](https://github.com/validatorjs/validator.js) from 13.15.15 to 13.15.23.
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@13.15.15...13.15.23)

---
updated-dependencies:
- dependency-name: validator
  dependency-version: 13.15.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump glob and npm
24d2f6e 
Removes [glob](https://github.com/isaacs/node-glob). It's no longer used after updating ancestor dependency [npm](https://github.com/npm/cli). These dependencies need to be updated together.


Removes `glob`

Updates `npm` from 11.6.3 to 11.7.0
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.6.3...v11.7.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 
  dependency-type: indirect
- dependency-name: npm
  dependency-version: 11.7.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump filelock from 3.18.0 to 3.20.1 in /services/admin-backend
596522f 
Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.18.0 to 3.20.1.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.18.0...3.20.1)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.20.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump marshmallow from 3.26.1 to 3.26.2 in /services/admin-backend
edb87dc 
Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 3.26.1 to 3.26.2.
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/3.26.2/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.26.1...3.26.2)

---
updated-dependencies:
- dependency-name: marshmallow
  dependency-version: 3.26.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump filelock from 3.18.0 to 3.20.1 in /libs/rag-core-lib
cf4de40 
Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.18.0 to 3.20.1.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.18.0...3.20.1)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.20.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@renovate-bot
fix(deps): update dependency python-multipart to ^0.0.22 [security]
faaf9ca
@renovate-bot
fix(deps): update dependency unstructured to v0.18.18 [security]
4d33a27
@renovate-bot
fix(deps): update dependency wheel to ^0.46.0 [security]
eb74ae4
@dependabot
chore: bump langsmith from 0.4.32 to 0.6.3 in /services/rag-backend
c4ccd5e 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.4.32 to 0.6.3.
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](https://github.com/langchain-ai/langsmith-sdk/commits)

---
updated-dependencies:
- dependency-name: langsmith
  dependency-version: 0.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump tar and npm
6d097bf 
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [npm](https://github.com/npm/cli). These dependencies need to be updated together.


Removes `tar`

Updates `npm` from 11.6.3 to 11.8.0
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.6.3...v11.8.0)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 
  dependency-type: indirect
- dependency-name: npm
  dependency-version: 11.8.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump protobuf from 5.29.5 to 5.29.6 in /libs/rag-core-lib
66d254e 
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 5.29.5 to 5.29.6.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 5.29.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump python-multipart in /libs/admin-api-lib
51dcb0b 
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.20 to 0.0.22.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.20...0.0.22)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.22
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump protobuf from 6.32.0 to 6.33.5 in /services/admin-backend
dea7552 
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 6.32.0 to 6.33.5.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 6.33.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump protobuf from 6.32.1 to 6.33.5 in /services/rag-backend
d928aa6 
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 6.32.1 to 6.33.5.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 6.33.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump protobuf from 5.29.5 to 5.29.6 in /libs/rag-core-api
166e823 
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 5.29.5 to 5.29.6.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 5.29.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump unstructured in /libs/extractor-api-lib
737073f 
Bumps [unstructured](https://github.com/Unstructured-IO/unstructured) from 0.18.15 to 0.18.18.
- [Release notes](https://github.com/Unstructured-IO/unstructured/releases)
- [Changelog](https://github.com/Unstructured-IO/unstructured/blob/main/CHANGELOG.md)
- [Commits](Unstructured-IO/unstructured@0.18.15...0.18.18)

---
updated-dependencies:
- dependency-name: unstructured
  dependency-version: 0.18.18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump wheel from 0.45.1 to 0.46.2 in /libs/extractor-api-lib
ebce94e 
Bumps [wheel](https://github.com/pypa/wheel) from 0.45.1 to 0.46.2.
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.45.1...0.46.2)

---
updated-dependencies:
- dependency-name: wheel
  dependency-version: 0.46.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore: bump protobuf from 6.33.4 to 6.33.5 in /libs/extractor-api-lib
22dae9d 
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 6.33.4 to 6.33.5.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 6.33.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@a-klos
Merge remote-tracking branch 'origin/pr/162' into test/open-prs-2026-…
996044a 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/164' into test/open-prs-2026-…
f2dbfa4 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/167' into test/open-prs-2026-…
e461d23 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/171' into test/open-prs-2026-…
484f4a9 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/182' into test/open-prs-2026-…
d147fbf 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/186' into test/open-prs-2026-…
78abcdb 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/187' into test/open-prs-2026-…
0cd78e6 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/189' into test/open-prs-2026-…
84fd24b 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/213' into test/open-prs-2026-…
17d5d07 
…02-09-all
a-klos added 12 commits February 9, 2026 22:19
@a-klos
Merge remote-tracking branch 'origin/pr/219' into test/open-prs-2026-…
11acd7f 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/226' into test/open-prs-2026-…
1410616 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/227' into test/open-prs-2026-…
c2e1957 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/234' into test/open-prs-2026-…
d1cbdb1 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/237' into test/open-prs-2026-…
11118a9 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/238' into test/open-prs-2026-…
8d7f3c8 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/239' into test/open-prs-2026-…
3093be9 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/241' into test/open-prs-2026-…
5154f20 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/242' into test/open-prs-2026-…
a8a6ecf 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/243' into test/open-prs-2026-…
86699e9 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/244' into test/open-prs-2026-…
2308613 
…02-09-all
@a-klos
Merge remote-tracking branch 'origin/pr/246' into test/open-prs-2026-…
bb25e0d 
…02-09-all
@a-klos a-klos merged commit f78867f into main Feb 9, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robodev-r2d2 robodev-r2d2 robodev-r2d2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@a-klos @robodev-r2d2 @renovate-bot