vlog/requirements.txt at dev · filthyrake/vlog · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# NOTE: This file is maintained for backward compatibility.
# The canonical dependency list is in pyproject.toml
# For development, use: pip install -e .

fastapi>=0.100.0
uvicorn[standard]>=0.23.0
python-multipart>=0.0.6
asyncpg>=0.29.0
databases[postgresql]>=0.8.0
psycopg2-binary>=2.9.0
sqlalchemy>=2.0.0
python-slugify>=8.0.0
python-dateutil>=2.8.0
aiofiles>=23.0.0
httpx>=0.25.0

# Transcription
faster-whisper>=1.0.0

# Filesystem watching (event-driven transcoding)
watchdog>=3.0.0

# Rate limiting
slowapi>=0.1.9

# System resource monitoring
psutil>=5.9.0

# Image processing for thumbnail uploads
Pillow>=10.0.0

# HTML sanitization for comments
bleach>=6.0.0

# S3 backup storage (Issue #216)
boto3>=1.35.0

# Security patches for transitive dependencies
# Note: filelock>=3.20.3 fix requires Python 3.10+, pinned in Dockerfile only
jaraco-context>=6.1.0  # GHSA-58pv-8j8x-9vj2 path traversal vulnerability
wheel>=0.46.2  # CVE-2026-24049 privilege escalation vulnerability
urllib3>=2.6.3  # GHSA-38jv-5279-wg99, GHSA-2xpw-w6gg-jr37, GHSA-gm62-xv2j-4w53, GHSA-pq67-6m6q-mj2v