From e22e761d6726b13ef4b3a0338c0bdb545fe31124 Mon Sep 17 00:00:00 2001
From: Joe Rattazzi <joerattazzi@microsoft.com>
Date: Mon, 23 Mar 2026 09:07:13 -0700
Subject: [PATCH] fix(security): bump nltk to >=3.9.3 to remediate
 CVE-2025-14009

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 9fd943ea2c..b6e6f568b0 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -57,7 +57,7 @@ aiofiles = "^24.1.0"
 
 # LLM
 openai = "^1.57.0"
-nltk = "3.9.1"
+nltk = ">=3.9.3,<4.0.0"
 tiktoken = "^0.8.0"
 
 # Data-Sci