Commit graph

217 commits

Author SHA1 Message Date
Classic298
b295a20b9d
chore: bump Python backend dependencies, drop unused peewee (#25786)
* chore: bump Python backend dependencies, drop unused peewee

Minor/patch + reviewed major bumps across requirements.txt,
requirements-min.txt, pyproject.toml and uv.lock; playwright image bumped in
docker-compose.playwright.yaml. peewee/peewee-migrate removed (zero imports).

Security-relevant: cryptography 46->48, authlib 1.6.10->1.7.2, PyJWT 2.11->2.13,
requests 2.33.1->2.34.2, RestrictedPython 8.1->8.2, pillow 12.1.1->12.2.0.
Reviewed majors: redis 7->8, pymilvus ->2.6.14, azure-search-documents 11->12,
chardet 5->7, unstructured 0.18->0.22, pycrdt 0.12->0.13.

Testing:
- Resolution: `uv lock` resolves the full bumped set with no conflicts; uv.lock
  regenerated to match (peewee dropped, every pin including
  azure-search-documents==12.0.0 resolves).
- Per-dependency contract tests (external tests repo, unit/deps/): 105 files,
  2205 passed / 6 skipped, ruff-clean. One file per dependency pins the symbols,
  signatures and behaviour the backend actually uses, so an API removal/rename in
  a bumped version fails loudly instead of at runtime. Offline/deterministic.
- End-to-end embed->retrieve test driving transformers + sentence-transformers +
  chromadb together through Open WebUI's real RAG path (cached model, in-memory
  chroma, semantic retrieval asserted).
- Install/startup/health resolution gate added to the dep-bump workflow and the
  integration suite (uv/pip resolve + uvicorn /health + Playwright dev visibility).
- Bugs surfaced while testing each got an isolated fix branch + regression test:
  Mistral OCR aiohttp FilePayload (#25779), chroma has_collection (#25780),
  aiocache per-user model-cache key (security), otel semconv deprecation,
  pydub/audioop <3.13 note.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Bump python-multipart 0.0.22 -> 0.0.27 (CVE-2026-42561, CVE-2026-40347)

0.0.22 is affected by two DoS CVEs in the multipart parser that
Starlette/FastAPI run for every multipart/form-data request, so any
authenticated user hitting an upload endpoint can trigger them:
- CVE-2026-42561: unbounded part-header count/size -> CPU exhaustion (fixed 0.0.27)
- CVE-2026-40347: large multipart preamble/epilogue DoS (fixed 0.0.26)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 02:02:18 -05:00
Timothy Jaeryang Baek
c0f1aa2919 refac 2026-06-01 12:24:45 -07:00
rileydes-improving
567c4aabe9
feat: add support for Valkey vector database (#24769)
* feat: add support for Valkey vector database

Signed-off-by: Riley Des <riley.desserre@improving.com>

* feat: add CLIENT SETNAME to Valkey vector store connections

Set client_name on GlideClientConfiguration for both the main client
and batch client so connections are identifiable in CLIENT LIST,
monitoring dashboards, and CloudWatch metrics.

Signed-off-by: Riley Des <riley.desserre@improving.com>

---------

Signed-off-by: Riley Des <riley.desserre@improving.com>
2026-06-01 12:20:01 -07:00
RomualdYT
e0d6074cd2
refactor(firecrawl): use v2 API directly (#23934)
Co-authored-by: Tim Baek <tim@openwebui.com>
2026-04-24 18:32:08 +09:00
Timothy Jaeryang Baek
3d1e355df7 refac 2026-04-24 18:20:10 +09:00
Timothy Jaeryang Baek
752238247c refac 2026-04-24 16:47:30 +09:00
Timothy Jaeryang Baek
89669f3fa1 refac 2026-04-24 14:40:17 +09:00
Timothy Jaeryang Baek
d47993385a refac 2026-04-24 14:35:15 +09:00
Tim Baek
9f61a6f13c fix 2026-04-21 19:37:22 +09:00
Timothy Jaeryang Baek
9a8c4da67d chore: deps bump 2026-04-13 21:46:32 -05:00
Timothy Jaeryang Baek
39ea7bf63d chore: dep bump 2026-04-13 21:45:17 -05:00
Timothy Jaeryang Baek
45f45f5bba chore: bump dep 2026-04-13 13:49:28 -05:00
Timothy Jaeryang Baek
d1a0fbe292 refac 2026-04-13 13:36:54 -05:00
Timothy Jaeryang Baek
1994d65306 fix: bs4 pip install 2026-03-26 17:26:06 -05:00
Timothy Jaeryang Baek
58dcc1b33f refac 2026-03-24 20:06:43 -05:00
Timothy Jaeryang Baek
cb83831041 chore: pin deps 2026-03-24 20:04:12 -05:00
Shamil
85411e4867
chore: align black with Ruff backend formatting (#22766) 2026-03-21 17:42:37 -05:00
Shamil
b73010bb36
feat: add ruff linter & formatter (#22576)
* chore: add ruff linter with base config

* ci: add ruff pre-commit hook

* ci: add ruff github actions workflow

* ci: run ruff only on changed files
2026-03-15 17:22:27 -05:00
Timothy Jaeryang Baek
6862d618ee refac 2026-03-13 20:57:12 -05:00
Timothy Jaeryang Baek
f1c1004225 fix: ddgs 2026-03-11 14:25:18 -05:00
Code with love
265d1b2824
Add support for mariadb-vector as backing vector DB (#21931) 2026-03-08 17:13:14 -05:00
Classic298
2108f420ea
chore: dep bump (#22305)
* chore: dep bump

* revert: Brotli dependency bump (1.2.0 -> 1.1.0)
2026-03-07 17:12:22 -06:00
Timothy Jaeryang Baek
850a864b02 refac 2026-02-12 16:54:32 -06:00
Timothy Jaeryang Baek
3567054325 refac 2026-02-09 18:22:28 -06:00
Classic298
55169e69c0
chore: Dep bump (#21261)
* Update pyproject.toml

* Update requirements-min.txt

* Update package versions in requirements.txt

Updated various package versions in requirements.txt to latest releases.
2026-02-09 16:15:39 -06:00
Classic298
60f2f8c1c4
Update pyproject.toml (#21087) 2026-02-02 09:21:39 -06:00
Classic298
643c661a6f
chore: Updates minor/patch versions for 21 Python backend dependencies (#21059) 2026-01-31 16:51:08 -06:00
Classic298
716f2986b9
dep bump (#20735) 2026-01-17 21:44:32 +04:00
Timothy Jaeryang Baek
3a57233dd4 chore: aiohttp 2026-01-09 18:10:27 +04:00
Classic298
f5455d48c4
Chore: dup bump for NPM and PIP (#20386)
* Update pyproject.toml

* Update aiohttp version to 3.13.3

* Update aiohttp version to 3.13.3

* Update pyproject.toml

* Update requirements.txt

* Update package.json
2026-01-05 22:34:25 +04:00
Classic298
a2f8e41fbc
chore: dep bump (#20315)
* dep bump

* update
2026-01-03 18:14:25 +04:00
Classic298
b3371033be
chore(deps): update and synchronize backend dependencies (#20225)
* chore(deps): update and synchronize backend dependencies

- Updated dependencies in requirements files and pyproject.toml to latest versions.
- Preserved pinned versions for av, pinecone, and pyarrow.
- Added missing dependencies to pyproject.toml to match requirements.txt.
- Ensured all dependency versions are synchronized across files.

* Update pyproject.toml
2025-12-30 14:05:56 +04:00
Timothy Jaeryang Baek
267cc14d2d chore: rm google-generativeai 2025-12-29 00:42:49 +04:00
Timothy Jaeryang Baek
117b1bfa65 refac 2025-12-22 19:06:15 +04:00
Timothy Jaeryang Baek
5c5f87a63c fix: python pip install dep issue 2025-12-22 09:42:50 +04:00
Classic298
60c93b4ccc
chore: dep bump (#20077)
* Update pyproject.toml

* Update requirements-min.txt

* Update requirements.txt
2025-12-21 10:52:06 -05:00
Classic298
cd170735c5
chore: dep bump (#20012)
* Update requirements-min.txt

* Update pyproject.toml

* Update requirements.txt

* Update pyproject.toml

* Update requirements.txt

* Update requirements-min.txt
2025-12-20 07:30:30 -05:00
Classic298
dce52f33c0
chore: small dep bump (#19972)
* Update requirements.txt

* Update pyproject.toml
2025-12-15 13:31:40 -05:00
Classic298
1c62be4406
chore: dep bump (#19937)
* Update requirements.txt

* Update requirements-min.txt

* Update pyproject.toml
2025-12-13 14:42:08 -05:00
Timothy Jaeryang Baek
db95e96688 chore: dep 2025-12-10 23:59:52 -05:00
Classic298
44e41806f2
chore: dep bump across many dependencies (#19850)
* Update pyproject.toml (#101)

* Update pyproject.toml

* Update requirements.txt

* Update requirements-min.txt

* Upgrade Playwright version to 1.57.0

* Update langchain-community version to 0.3.29

* Update requirements.txt

* Update requirements-min.txt
2025-12-09 15:28:21 -05:00
Classic298
dcdbafa5ae
chore: bump pymilvus (#19773)
* Update pymilvus version to 2.6.5

* Update pyproject.toml
2025-12-06 08:03:42 -05:00
Classic298
cdd75ade50
BREAKING/CAUTION: chore: chromadb dep bump - needs testing (#19780)
* Update requirements.txt

* Update requirements-min.txt

* Update pyproject.toml
2025-12-06 08:03:04 -05:00
Classic298
d27e019af3
chore: update qdrant dependency to fix Startup Warning (#19757)
* Update pyproject.toml

* Update requirements.txt
2025-12-04 14:58:04 -05:00
Classic298
4f50571b53
Chore: dep bump (#19667)
* Update pyproject.toml

* Update requirements-min.txt

* Update requirements.txt

---------

Co-authored-by: Tim Baek <tim@openwebui.com>
2025-12-02 02:34:57 -05:00
Classic298
d071cdf7d4
chore: update transformers dependency to fix issue #19512 (#19513)
* Update pyproject.toml

* Update requirements.txt

* Update requirements.txt

* Update pyproject.toml
2025-11-26 16:41:56 -05:00
Classic298
4b21704498
chore: Update pymilvus dep (#19507)
* Update requirements.txt

* Update pyproject.toml
2025-11-26 16:41:20 -05:00
Classic298
9fca4969db
chore: dep bump pypdf to ver 6.4.0 (#19508)
* Update pyproject.toml

* Update requirements.txt
2025-11-26 16:41:12 -05:00
Classic298
4df5b7eb2e
fix: update dependency to prevent rediss:// failure (#19488)
* Update pyproject.toml

* Update requirements.txt

* Update requirements-min.txt
2025-11-25 16:28:58 -05:00
Timothy Jaeryang Baek
363ef194d8 chore: bump python-socketio==5.14.0 2025-11-25 05:49:30 -05:00