# Arena API Gateway Requirements
# SECURITY UPDATE 2026-02-02: Updated all vulnerable dependencies
# Core dependencies for the dynamic API architecture

# Web Framework (SECURITY UPDATE: Patched CORS bypass CVE)
fastapi==0.135.2
uvicorn[standard]==0.42.0
starlette==0.52.1

# Authentication & Security
python-jose[cryptography]==3.5.0
passlib[bcrypt]==1.7.4
python-multipart==0.0.22

# HTTP Client for Service Calls (CRITICAL: CVE-2024-23334 Directory Traversal PATCHED)
aiohttp==3.13.4
httpx==0.28.1

# Monitoring & Observability
prometheus-client==0.24.1
structlog==25.5.0
sentry-sdk[fastapi]==2.56.0

# Rate Limiting
redis==7.4.0
aioredis==2.0.1

# Data Validation (SECURITY UPDATE)
pydantic==2.12.5
pydantic-settings==2.13.1

# Testing
pytest==9.0.2
pytest-asyncio==1.3.0
pytest-cov==7.1.0
# httpx already listed above for testing

# Code Quality
ruff>=0.8.0
mypy==1.19.1

# Security Scanning
bandit==1.9.4
safety==3.7.0

# Performance Testing
locust==2.43.3

# Environment Management
python-dotenv==1.2.2

# Logging
rich==14.3.3

# Development Tools
pre-commit==4.5.1

# Documentation
mkdocs==1.6.1
mkdocs-material==9.7.6

# Container & Orchestration
kubernetes==35.0.0

# AI/ML Safety (SECURITY UPDATE)
transformers==5.4.0
torch==2.11.0
scikit-learn==1.8.0
pandas==3.0.1
numpy==2.4.4

# Compliance & Audit (CRITICAL SECURITY UPDATE: Crypto vulnerabilities patched)
cryptography==46.0.6
bcrypt==5.0.0

# CHANGES FROM PREVIOUS VERSION:
# - fastapi: 0.104.1 -> 0.115.6 (CORS bypass fix)
# - starlette: 0.27.0 -> 0.45.2 (security updates)
# - aiohttp: 3.9.1 -> 3.11.11 (CVE-2024-23334 CRITICAL FIX)
# - cryptography: 41.0.7 -> 44.0.0 (multiple CVE fixes)
# - pydantic: 2.5.0 -> 2.10.5 (security improvements)
# - transformers: 4.35.2 -> 4.48.3 (security updates)
# - torch: 2.1.1 -> 2.5.1 (security updates)
# - All other packages updated to latest secure versions
