From d4c29c9c8f5ffaf4fbb28c4f00216ed256c192cc Mon Sep 17 00:00:00 2001
From: Ashwin Hegde <ashwin.hegde3@gmail.com>
Date: Mon, 17 Nov 2025 23:44:00 +0530
Subject: [PATCH] chore: fix security vulnerability CVE-2024-8859 &
 CVE-2024-47874

---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index bd3a7fe965..d9f3743bb3 100644
--- a/setup.py
+++ b/setup.py
@@ -82,7 +82,7 @@
     "docker >= 5.0.3",
     "fastapi >= 0.71.0, <=0.114.0",
     "httpx >=0.23.0, <=0.28.1",  # Optional dependency of fastapi
-    "starlette >= 0.17.1",
+    "starlette >= 0.40.0",
     "uvicorn[standard] >= 0.16.0",
 ]
 
@@ -94,7 +94,7 @@
 ]
 
 autologging_extra_require = [
-    "mlflow>=1.27.0,<=2.16.0; python_version<'3.13'",
+    "mlflow>=1.27.0,<=2.17.0; python_version<'3.13'",
     "mlflow>=1.27.0; python_version>='3.13'",
 ]