name: cf # Recreate: conda env create -f environment.yml # Update pinned snapshot: conda env export --no-builds > environment.yml channels: - conda-forge - defaults dependencies: - python=3.12 - pip - pip: # ── Web UI ──────────────────────────────────────────────────────────────── - streamlit>=1.35 - watchdog # live reload - reportlab>=4.0 # PDF cover letter export - pandas>=2.0 - pyarrow # streamlit data tables - streamlit-paste-button>=0.1.0 # ── Job scraping ────────────────────────────────────────────────────────── - python-jobspy>=1.1 - playwright # browser automation (run: playwright install chromium) - selenium - undetected-chromedriver - webdriver-manager - beautifulsoup4 - requests>=2.33.0 # CVE-2026-25645 - curl_cffi>=0.15.0 # CVE-2026-33752 - fake-useragent # company scraper rotation # ── LLM / AI backends ───────────────────────────────────────────────────── - openai>=1.55.0,<2.0.0 # >=1.55 required for httpx 0.28 compat; <2.0 for langchain-openai - anthropic>=0.80 # direct Anthropic API fallback - ollama # Python client for Ollama management - langchain>=0.2 - langchain-openai - langchain-anthropic - langchain-ollama - langchain-community - langchain-google-genai - google-generativeai - tiktoken # ── Resume matching ─────────────────────────────────────────────────────── - scikit-learn>=1.3 - rapidfuzz - lib-resume-builder-aihawk # ── Notion integration ──────────────────────────────────────────────────── - notion-client>=3.0 # ── Calendar integrations ───────────────────────────────────────────────── - caldav>=1.3 - icalendar>=5.0 - google-api-python-client>=2.0 - google-auth>=2.0 # ── Document handling ───────────────────────────────────────────────────── - pypdf>=6.12.0 # 12 CVEs in 6.7.x (CVE-2026-27628 through CVE-2026-48156) - pdfminer-six - pyyaml>=6.0 - python-dotenv>=1.2.2 # CVE-2026-28684 # ── Auth / licensing ────────────────────────────────────────────────────── - PyJWT>=2.13.0 # 2.11 has sig bypass CVEs (PYSEC-2026-120/175-179); used for cloud session routing # ── Rate limiting ───────────────────────────────────────────────────────── - slowapi>=0.1.9 # per-user rate limiting on LLM endpoints # ── Utilities ───────────────────────────────────────────────────────────── - sqlalchemy - tqdm - loguru - rich - tenacity - httpx # ── Security pins (transitive deps with known CVEs) ─────────────────────── - starlette>=1.0.1 # PYSEC-2026-161 (FastAPI foundation) - python-multipart>=0.0.27 # CVE-2026-40347/42561 file upload parsing - aiohttp>=3.14.0 # 12 CVEs (CVE-2026-34513 through CVE-2026-34993) - tornado>=6.5.5 # CVE-2026-35536 - cryptography>=46.0.7 # PYSEC-2026-35/36 - langsmith>=0.8.0 # CVE-2026-41182/45134 - gitpython>=3.1.50 # CVE-2026-42215/42284/44244 - lxml>=6.1.0 # PYSEC-2026-87 (XXE) - idna>=3.15 # CVE-2026-45409 - markdownify>=0.14.1 # CVE-2025-46656 # ── Testing ─────────────────────────────────────────────────────────────── - pytest>=9.0 - pytest-cov - pytest-mock # Documentation - mkdocs>=1.5 - mkdocs-material>=9.5