# HexStrike AI — Core dependencies (Windows-compatible)
# Full requirements.txt has heavy Linux deps (angr, pwntools, mitmproxy)
# that won't install cleanly on Windows. This file covers the API server.

flask>=3.1.3,<4.0.0
requests>=2.31.0,<3.0.0
psutil>=5.9.0,<6.0.0
aiohttp>=3.8.0,<4.0.0
beautifulsoup4>=4.12.0,<5.0.0
# Optional native deps (Cairo/Pango); PDF export gracefully degrades if missing
weasyprint>=60.0

flask-limiter>=3.5.0,<4.0.0
fastmcp>=3.2.0,<4.0.0

# Transitive dep pins (CVEs)
h11>=0.16.0                 # CVE-2025-43859
h2>=4.3.0                   # CVE-2025-57804
cryptography>=46.0.6        # CVE-2024-12797, CVE-2026-26007, CVE-2026-34073
brotli>=1.2.0               # CVE-2025-6176
