From 07378722e7bafdd5e729db6ce0fab196e1aaabb5 Mon Sep 17 00:00:00 2001
From: Cory Bullinger <cory.bullinger@mongodb.com>
Date: Tue, 27 Jan 2026 07:25:55 -0500
Subject: [PATCH] fix: bump orjson>=3.11.5 and python-multipart>=0.0.22 for
 security fixes

- orjson: CVE fix per Dependabot alert #21
- python-multipart: CVE fix per Dependabot alert #22
---
 mflix/server/python-fastapi/requirements.in  | 2 +-
 mflix/server/python-fastapi/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mflix/server/python-fastapi/requirements.in b/mflix/server/python-fastapi/requirements.in
index 09ec646..a54f67e 100644
--- a/mflix/server/python-fastapi/requirements.in
+++ b/mflix/server/python-fastapi/requirements.in
@@ -15,7 +15,7 @@ watchfiles~=1.1.0       # For hot-reloading in development
 # ------------------------------------------------------------------------------
 pydantic~=2.12.0        # Data validation and settings management
 python-dotenv~=1.1.0    # For loading configuration from .env files
-python-multipart~=0.0.0 # For parsing form data and file uploads
+python-multipart>=0.0.22 # For parsing form data and file uploads
 PyYAML~=6.0.0           # For handling YAML configuration or data
 
 # ==============================================================================
diff --git a/mflix/server/python-fastapi/requirements.txt b/mflix/server/python-fastapi/requirements.txt
index 4b92831..3113cb3 100644
--- a/mflix/server/python-fastapi/requirements.txt
+++ b/mflix/server/python-fastapi/requirements.txt
@@ -155,7 +155,7 @@ python-dotenv==1.1.1
     # via
     #   -r requirements.in
     #   uvicorn
-python-multipart==0.0.20
+python-multipart==0.0.22
     # via -r requirements.in
 pyyaml==6.0.3
     # via