fix: Package Upgrade

[Dhanushree-Microsoft]

Purpose

This pull request updates dependencies across both backend and frontend projects to address compatibility, security, and feature improvements. The most notable changes are upgrades to key libraries, introduction of new dependencies, and the addition of override rules for certain packages.

Dependency upgrades and additions (Backend):

• Upgraded semantic-kernel to version 1.40.0 in both src/backend-api/pyproject.toml and src/processor/pyproject.toml for improved AI integration and compatibility. [1] [2]
• Added protobuf>=5.29.0 to backend dependencies for enhanced serialization support. [1] [2]
• Updated python-multipart to 0.0.22 in both backend and frontend requirements for better multipart handling. [1] [2]
• Upgraded openai to >=2.0.0 and mcp to 1.26.0 in src/processor/pyproject.toml for improved AI and processing capabilities.

Dependency upgrades and overrides (Frontend):

• Upgraded axios to 1.13.6 and react-router-dom to 7.13.1 in src/frontend/package.json for improved security and bug fixes. [1] [2]
• Added overrides for form-data and minimatch in src/frontend/package.json to address known issues and ensure compatibility.
• Upgraded rollup to 4.59.0 for improved build tooling.

Dependency override configuration (Backend):

• Introduced [tool.uv] override-dependencies in backend pyproject.toml files to pin av and starlette versions, ensuring stability and compatibility with the codebase. [1] [2]

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• ...

Other Information

[Copilot]

Pull request overview

This PR performs a cross-repo dependency refresh for the backend (Python/uv) and frontend (npm), updating key AI-related libraries and adding override rules intended to keep transitive dependencies stable.

Changes:

• Backend: bump semantic-kernel, add protobuf and update python-multipart, plus introduce uv override rules and regenerate uv.lock.
• Processor: bump mcp/openai/semantic-kernel, add protobuf, add uv override rules, and regenerate uv.lock.
• Frontend: bump axios, react-router-dom, rollup, add npm overrides, update python-multipart, and regenerate package-lock.json.

Reviewed changes

Copilot reviewed 4 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/processor/pyproject.toml	Updates AI/serialization deps and adds uv override-dependencies configuration.
src/processor/uv.lock	Regenerated lockfile reflecting upgraded Python dependencies and overrides.
src/backend-api/pyproject.toml	Updates backend deps (multipart/protobuf/SK) and adds uv override-dependencies.
src/backend-api/uv.lock	Regenerated lockfile reflecting upgraded backend Python dependencies and overrides.
src/frontend/requirements.txt	Updates python-multipart used by the frontend runtime server container.
src/frontend/package.json	Upgrades JS deps and introduces npm overrides for specific transitive packages.
src/frontend/package-lock.json	Regenerated lockfile reflecting npm dependency updates.

Files not reviewed (1)

• src/frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Dhanushree-Microsoft]

@Dhanushree-Microsoft please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@microsoft-github-policy-service agree company="Persistent"

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

[Dhanushree-Microsoft]

@Dhanushree-Microsoft please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@microsoft-github-policy-service agree company="Persistent"