fix: 依赖更新

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write #106
@isaacs/brace-expansion has Uncontrolled Resource Consumption #107
jwt-go allows excessive memory allocation during header parsing #24
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange #29
部分文件修复

api/pyproject.toml

@@ -81,7 +81,6 @@ dependencies = [
     "starlette==0.49.1",
     "tiktoken~=0.9.0",
     "transformers~=4.56.1",
-    "unstructured[docx,epub,md,ppt,pptx]~=0.16.1",
     "yarl~=1.18.3",
     "webvtt-py~=0.5.1",
     "sseclient-py~=1.8.0",
@@ -100,7 +99,9 @@ dependencies = [
     "alibabacloud-dingtalk~=2.1.32",
     "ldap3~=2.9.1",
     "pypinyin~=0.53.0",
-    "flask-restful~=0.3.10"
+    "flask-restful~=0.3.10",
+    # Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write #106
+    "unstructured[docx,epub,md,ppt,pptx]~=0.18.18"
     ##### stop extend ######
 ]
 # Before adding new dependency, consider place it in