[Dependency Review] 2025-12-31

[Coldaine]

Dependency Audit

Date: 2026-01-01 01:25 UTC

Summary

• Dependabot PRs: 0 pending
• Package manager: Needs UV migration (requirements.txt and requirements-dev.txt present, no uv.lock)
• Stale dependencies: 10 flagged

Dependabot PRs

None

Package Manager

Status: Non-compliant

The project uses requirements.txt and requirements-dev.txt instead of the recommended uv workflow with uv.lock. While a pyproject.toml exists, the project is not using UV for dependency management.

Recommendation: Migrate to UV-based dependency management:

• Remove requirements.txt and requirements-dev.txt
• Run uv sync to generate uv.lock
• Update CI/CD to use uv commands

Stale Dependencies

Package	Current	Latest	Gap
fastapi	0.104.1	0.124.2	~20 minor versions behind (Dec 2025)
uvicorn	0.24.0	0.38.0	~14 minor versions behind
pydantic	2.5.0	2.x latest (actively maintained)	Multiple minor versions behind
openai	1.3.7	1.60.1+	~57 minor versions behind
neo4j	5.14.1	5.x/6.x available	Neo4j 6.0 released, major version behind
Pillow	10.1.0	11.x available	Major version behind
pytest	7.4.3	8.x available	Major version behind
black	>=23.12.1	24.x available	Major version behind
ruff	>=0.1.9	0.9.x available	Multiple minor versions behind
redis	5.0.1	5.x latest	Check for minor updates

Stale Pins (Exact Pins ==)

The following packages use exact pins (==) and are significantly outdated:

• fastapi==0.104.1 (current latest: 0.124.2)
• uvicorn==0.24.0 (current latest: 0.38.0)
• pydantic==2.5.0 (multiple minor versions behind)
• openai==1.3.7 (current latest: 1.60.1+)
• neo4j==5.14.1 (Neo4j 6.0 available)
• pytesseract==0.3.10
• Pillow==10.1.0 (v11.x available)
• opencv-python==4.8.1.78
• numpy==1.26.2
• imagehash==4.3.1
• pyautogui==0.9.54
• pynput==1.7.6
• python-xlib==0.33
• mss==9.0.1
• watchdog==3.0.0
• PyYAML==6.0.1
• python-dotenv==1.0.0
• tomli==2.0.1
• python-dateutil==2.8.2
• pytest==7.4.3 (v8.x available)
• pytest-asyncio==0.21.1
• pytest-cov==4.1.0
• httpx==0.25.1
• redis==5.0.1
• loguru==0.7.2
• typer==0.9.0
• rich==13.7.0

Actions

1. Migrate to UV: Replace requirements.txt workflow with uv.lock
2. Update critical dependencies: fastapi, uvicorn, pydantic, openai (breaking changes likely)
3. Review Neo4j upgrade path: Evaluate Neo4j 6.0 compatibility
4. Update dev dependencies: pytest 8.x, black 24.x, ruff latest
5. Consider using version ranges: Replace exact pins with compatible ranges where appropriate
6. Enable Dependabot: Configure .github/dependabot.yml for automated updates

[google-labs-jules]

Jules is on it. When finished, you will see another comment and be able to review a PR.

[google-labs-jules]

Ready for a review! A PR has been created.