# NeuralMind - Pinned Production Dependencies
# Generated: 2026-04-22
# Used for: reproducible builds, CI/CD testing
# Install with: pip install -r requirements-pinned.txt

# Core dependencies
chromadb==1.5.8
pyyaml==6.0.3
toml==0.10.2

# Optional: MCP Server
# Bumped from 0.1.0 to 1.23.0 to resolve three GHSA alerts on the MCP SDK:
#   FastMCP validation DoS, Streamable HTTP DoS, DNS-rebinding default.
mcp==1.27.0

# Optional: Development & Testing
# pytest bumped from 7.4.3 to 9.0.3 to fix tmpdir handling vuln (CVE-2025-71176).
# black bumped from 23.12.1 to 26.3.1 to fix ReDoS (CVE-2024-21503) and the
# arbitrary-file-write cache vuln (GHSA-3936-cmfr-pm3m).
pytest==9.0.3
pytest-asyncio==1.3.0
black==26.3.1
ruff==0.15.12
mypy==1.20.2

# External tools (required separately)
# graphify - install from: git clone https://github.com/safishamsi/graphify.git && cd graphify && pip install -e .

# Documentation
# sphinx==7.2.6
# sphinx-rtd-theme==2.0.0

# Benchmarking
tiktoken==0.12.0
matplotlib==3.10.9
