X9X0 · dependabot · Dec 15, 2025
diff --git a/client/requirements.txt b/client/requirements.txt
@@ -1,34 +1,34 @@
 # GUI Framework
-PyQt6==6.6.1
-PyQt6-Qt6==6.6.1
-PyQt6-Charts==6.6.0
-PyQt6-Charts-Qt6==6.6.0
-pyqtgraph==0.13.3
+PyQt6==6.10.1
+PyQt6-Qt6==6.10.1
+PyQt6-Charts==6.10.0
+PyQt6-Charts-Qt6==6.10.1
+pyqtgraph==0.14.0
 
 # Networking
-requests==2.32.4  # Security: Fixes CVE-2024-47081 (netrc leak), CVE-2024-35195 (verify=False persistence)
+requests==2.32.5  # Security: Fixes CVE-2024-47081 (netrc leak), CVE-2024-35195 (verify=False persistence)
 websockets==12.0
-aiohttp==3.12.14  # Security: Fixes CVE-2024-23334 (directory traversal), CVE-2024-30251 (DoS), CVE-2024-52304 (request smuggling), CVE-2024-27306 (XSS), CVE-2024-23829 (HTTP parser), CVE-2025-53643 (smuggling)
+aiohttp==3.13.2  # Security: Fixes CVE-2024-23334 (directory traversal), CVE-2024-30251 (DoS), CVE-2024-52304 (request smuggling), CVE-2024-27306 (XSS), CVE-2024-23829 (HTTP parser), CVE-2025-53643 (smuggling)
 
 # SSH and Deployment
 paramiko==3.4.0
-scp==0.14.5
+scp==0.15.0
 
 # Network Discovery
 # scapy removed due to security vulnerability with no patch (pickle deserialization RCE, <=2.6.1)
 # Not used in codebase - was planned for network scanning but never implemented
-zeroconf==0.132.2
+zeroconf==0.148.0
 
 # Data Handling
 numpy==1.26.3
-pandas==2.2.0
-h5py==3.10.0
+pandas==2.3.3
+h5py==3.15.1
 
 # Configuration
-pydantic==2.5.3
-pydantic-settings==2.1.0
-python-dotenv==1.0.0
+pydantic==2.12.5
+pydantic-settings==2.12.0
+python-dotenv==1.2.1
 
 # Utilities
-python-dateutil==2.8.2
+python-dateutil==2.9.0.post0
 qasync
diff --git a/server/requirements.txt b/server/requirements.txt
@@ -1,35 +1,35 @@
 # Web Framework
 fastapi>=0.115.0  # Security: Fixes PYSEC-2024-38 (ReDoS), upgrades starlette to fix GHSA-f96h-pmfr-66vw, GHSA-2c2j-9gv5-cj73
-uvicorn[standard]==0.27.0
+uvicorn[standard]==0.38.0
 websockets==12.0
 python-multipart>=0.0.18  # Required for FastAPI file uploads (Form/File parameters). Security: Fixes GHSA-2jv5-9r88-3w3p (ReDoS), GHSA-59g5-xgcq-4qw3 (DoS)
 
 # Equipment Communication
-pyvisa==1.14.1
-pyvisa-py==0.7.1
+pyvisa==1.15.0
+pyvisa-py==0.8.1
 pyserial==3.5
 
 # USB/Device Access
-pyusb==1.2.1
+pyusb==1.3.1
 
 # Data Handling
 numpy==1.26.3
-pandas==2.2.0
-h5py==3.10.0
-scipy==1.11.4
+pandas==2.3.3
+h5py==3.15.1
+scipy==1.16.3
 
 # Configuration
-pydantic==2.5.3
-pydantic-settings==2.1.0
-python-dotenv==1.0.0
-email-validator==2.1.0
+pydantic==2.12.5
+pydantic-settings==2.12.0
+python-dotenv==1.2.1
+email-validator==2.3.0
 
 # Utilities
-python-dateutil==2.8.2
+python-dateutil==2.9.0.post0
 psutil==5.9.8
-apscheduler==3.10.4
-zeroconf==0.132.2
-requests==2.32.4  # HTTP library for Pi discovery. Security: Fixes GHSA-9wx4-h78v-vm56 (cert verification), GHSA-9hjg-9r4m-mvj7 (netrc leak)
+apscheduler==3.11.1
+zeroconf==0.148.0
+requests==2.32.5  # HTTP library for Pi discovery. Security: Fixes GHSA-9wx4-h78v-vm56 (cert verification), GHSA-9hjg-9r4m-mvj7 (netrc leak)
 docker==7.1.0  # Docker Python API for running Pi diagnostics on host
 
 # Testing
@@ -38,7 +38,7 @@ pytest-asyncio==0.23.3
 
 # Security & Authentication
 bcrypt==4.1.3         # Password hashing
-httpx==0.27.0         # Async HTTP client for OAuth2
+httpx==0.28.1         # Async HTTP client for OAuth2
 PyJWT==2.10.1         # JWT token handling
 pyotp==2.9.0          # TOTP multi-factor authentication
 qrcode[pil]==8.2      # QR code generation with PIL support

diff --git a/shared/requirements.txt b/shared/requirements.txt
@@ -1,3 +1,3 @@
 # Shared dependencies between client and server
-pydantic==2.5.3
-python-dateutil==2.8.2
+pydantic==2.12.5
+python-dateutil==2.9.0.post0