# pip-audit baseline — known fixable CVEs as of 2026-05-10.
#
# Every entry here is a vulnerability that pip-audit already knows has a
# fix released upstream. They are ignored ONLY because Dependabot (see
# .github/dependabot.yml) has not yet PR'd the bump. Each entry MUST stay
# annotated with the package and fix version so the next reviewer can tell
# at a glance whether it's still pending.
#
# Workflow:
#   1. Dependabot opens a PR bumping the package.
#   2. PR lands → uv.lock has the fix version.
#   3. Remove the corresponding line(s) from this file.
#   4. CI now blocks any regression below that fix version.
#
# Never add a CVE here without a comment. Never add a CVE here to make
# the build green without first opening a tracking issue / PR.
#
# Format: one CVE id per line; lines starting with '#' and blank lines
# are ignored.

# aiohttp 3.13.3 → 3.13.4 (transitive via docling / fastapi-stack)
CVE-2026-34515
CVE-2026-34513
CVE-2026-34516
CVE-2026-34517
CVE-2026-34519
CVE-2026-34518
CVE-2026-34520
CVE-2026-34525
CVE-2026-22815
CVE-2026-34514

# authlib 1.6.9 → 1.6.11 (transitive via fastmcp auth flow)
CVE-2026-41425

# cryptography 46.0.5 → 46.0.7 (transitive; pulled in by many TLS clients)
CVE-2026-34073
CVE-2026-39892

# fastmcp 3.1.1 → 3.2.0 (direct, mcp extra)
CVE-2025-64340
CVE-2026-27124

# lxml 6.0.2 → 6.1.0 (transitive via docling)
CVE-2026-41066

# pillow 12.1.1 → 12.2.0 (transitive via docling)
CVE-2026-40192
CVE-2026-42308
CVE-2026-42309
CVE-2026-42310
CVE-2026-42311

# pygments 2.19.2 → 2.20.0 (transitive via rich / structlog rendering)
CVE-2026-4539

# pytest 9.0.2 → 9.0.3 (dev-only; resolver already allows the fix)
CVE-2025-71176

# python-multipart 0.0.22 → 0.0.27 (direct, workshop extra)
CVE-2026-40347
CVE-2026-42561

# requests 2.32.5 → 2.33.0 (direct, rag extra)
CVE-2026-25645

# transformers 4.57.6 → 5.0.0rc3 (transitive via docling — major bump pending)
CVE-2026-1839

# urllib3 2.6.3 → 2.7.0 (transitive via requests / httpx; landed 2026-05-11)
CVE-2026-44431
CVE-2026-44432
