From 46060edf9bc594251eb6f6c216e2bf2bd237c6e0 Mon Sep 17 00:00:00 2001
From: vee1e <vermalucky2004@gmail.com>
Date: Mon, 2 Feb 2026 18:26:31 +0530
Subject: [PATCH 1/2] Bump lightgbm and numpy to fix CVE

---
 .gitignore                   | 1 +
 pyproject.toml               | 4 ++--
 stringsifter/rank_strings.py | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index ad724e2..543d883 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ __pycache__/
 *.egg-info/
 *.egg
 *.py[cod]
+uv.lock
diff --git a/pyproject.toml b/pyproject.toml
index 182e6d6..f63ae57 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -16,12 +16,12 @@ include = [
 
 [tool.poetry.dependencies]
 python = '^3.9'
-lightgbm = "~= 3.1"
+lightgbm = ">= 4.6.0"
 scikit-learn = "~= 1.3.0"
 joblib = "~= 1.3.1"
 # Avoid "DeprecationWarning: np.find_common_type is deprecated"
 # https://numpy.org/devdocs/release/1.25.0-notes.html
-numpy = "== 1.24.4"
+numpy = "== 1.26.0"
 # Upstream fasttext does not work with newer pip versions
 # https://github.com/facebookresearch/fastText/issues/512
 #fasttext = {git = "https://github.com/cfculhane/fastText.git#main"}
diff --git a/stringsifter/rank_strings.py b/stringsifter/rank_strings.py
index f36afae..bf3dda4 100644
--- a/stringsifter/rank_strings.py
+++ b/stringsifter/rank_strings.py
@@ -28,6 +28,12 @@ def main(input_strings, cutoff, cutoff_score, scores, batch):
     featurizer = joblib.load(os.path.join(modeldir, "featurizer.pkl"))
     ranker = joblib.load(os.path.join(modeldir, "ranker.pkl"))
 
+    # Workaround for LGBMRanker compatibility with newer lightgbm versions
+    if not hasattr(ranker, "importance_type"):
+        ranker.importance_type = "split"
+    if not hasattr(ranker, "_n_classes") or ranker._n_classes is None:
+        ranker._n_classes = 1
+
     if not batch:
         strings = numpy.array([line.strip() for line in
                                input_strings.readlines()], dtype=object)

From ad483b9dbaee0878c3aeab41d6c045d139186c24 Mon Sep 17 00:00:00 2001
From: vee1e <vermalucky2004@gmail.com>
Date: Mon, 2 Feb 2026 18:56:27 +0530
Subject: [PATCH 2/2] Add type assertion for LGBMRanker compatibility

---
 stringsifter/rank_strings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/stringsifter/rank_strings.py b/stringsifter/rank_strings.py
index bf3dda4..37a5e56 100644
--- a/stringsifter/rank_strings.py
+++ b/stringsifter/rank_strings.py
@@ -29,6 +29,7 @@ def main(input_strings, cutoff, cutoff_score, scores, batch):
     ranker = joblib.load(os.path.join(modeldir, "ranker.pkl"))
 
     # Workaround for LGBMRanker compatibility with newer lightgbm versions
+    assert ranker.__class__.__name__ == "LGBMRanker"
     if not hasattr(ranker, "importance_type"):
         ranker.importance_type = "split"
     if not hasattr(ranker, "_n_classes") or ranker._n_classes is None: