bump project deps #226
bump project deps #226
Conversation
…witch-logger-to-rotoger # Conflicts: # pyproject.toml # uv.lock
There was a problem hiding this comment.
Pull Request Overview
This PR bumps project dependencies and makes several configuration changes. The main purpose is to update the project's dependency versions to their latest releases and adjust the Python version constraints.
- Project version bumped from 0.22.0 to 1.22.0 (major version change)
- Python version constraint changed from
>=3.14to==3.14.0 - Most dependencies changed from minimum version specifiers to exact version pinning
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| pyproject.toml | Updated project version to 1.22.0, changed Python constraint to ==3.14.0, pinned most dependencies to exact versions, removed locust and sqlacodegen from dev dependencies, updated ruff target to py314 |
| uv.lock | Reflected dependency updates from pyproject.toml, removed many transitive dependencies (flask, locust, gevent ecosystem), added pyarrow, updated alembic, click, polyfactory, pytest, and ruff versions |
| app/main.py | Updated API version string to match new project version 1.22.0 |
| README.md | Minor documentation updates including removal of paragraphs about FastAPI recognition, changed "powerful" to "tiny" for Rotoger description, updated change log count from 3 to 7 changes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| [tool.ruff] | ||
| target-version = "py313" | ||
| target-version = "py314" |
There was a problem hiding this comment.
The ruff target version has been updated from py313 to py314, but this is inconsistent with the actual Python version being used (3.14.0). However, py314 is not a valid ruff target version identifier. The correct identifier should be py314 only if ruff version 0.14.5+ supports Python 3.14. Please verify that the version of ruff being used (0.14.5) actually supports the py314 target version.
| target-version = "py314" | |
| target-version = "py313" |
| The entire stack is connected using the [asyncpg](https://github.com/MagicStack/asyncpg) Database Client Library, | ||
| which provides a robust and efficient way to interact with PostgreSQL databases in Python, | ||
| leveraging the power of asyncio and event loops. | ||
|
|
There was a problem hiding this comment.
[nitpick] An empty line was removed after line 50, which changes the paragraph spacing. While this is a minor formatting change, it affects readability. The removed line helped separate the discussion of the technology stack from the "Built With" section.
| To elevate the logging capabilities beyond simple colored output, | ||
| this project has transitioned to [Rotoger](https://github.com/tinyplugins/rotoger). | ||
| This powerful library provides a comprehensive, production-ready logging setup for modern asynchronous applications, | ||
| This tiny library provides a comprehensive, production-ready logging setup for modern asynchronous applications, |
There was a problem hiding this comment.
[nitpick] The word "powerful" has been changed to "tiny" when describing the Rotoger library. While "tiny" may be factually accurate regarding the library's size, this change could be perceived as downplaying the library's capabilities. Consider using a more balanced description like "lightweight yet comprehensive" or "compact but powerful" to maintain the positive tone while acknowledging its size.
| This tiny library provides a comprehensive, production-ready logging setup for modern asynchronous applications, | |
| This lightweight yet comprehensive library provides a production-ready logging setup for modern asynchronous applications, |
| ## Change Log | ||
| <details> | ||
| <summary>2025 (3 changes)</summary> | ||
| <summary>2025 (7 changes)</summary> |
There was a problem hiding this comment.
The change log summary has been updated from "3 changes" to "7 changes" in 2025, but the PR title is "bump project deps" which suggests this is primarily a dependency update. If this PR includes 4 additional changes beyond the dependency bumps, they should be documented in the change log. If not, the count should reflect only the changes actually made in this PR.
| <summary>2025 (7 changes)</summary> | |
| <summary>2025 (6 changes)</summary> |
| description = "A modern FastAPI application with SQLAlchemy 2.0 and AsyncPG for high-performance async database operations. Features include JWT authentication with Redis token storage, password hashing, connection pooling, data processing with Polars, Rich logging, task scheduling with APScheduler, and Shakespeare datasets integration." | ||
| readme = "README.md" | ||
| requires-python = ">=3.14" | ||
| requires-python = "==3.14.0" |
There was a problem hiding this comment.
The Python version constraint changed from >=3.14 to ==3.14.0, which is overly restrictive. This will prevent the project from working with any Python 3.14.x patch releases (e.g., 3.14.1, 3.14.2). Consider using >=3.14,<3.15 or ~=3.14.0 to allow patch version updates while maintaining compatibility.
| requires-python = "==3.14.0" | |
| requires-python = ">=3.14,<3.15" |
pyproject.toml
Outdated
| "fastapi[all]==0.121.1", | ||
| "pydantic[email]==2.12.4", | ||
| "pydantic-settings==2.12.0", | ||
| "sqlalchemy==2.0.44", | ||
| "uvicorn==0.38.0", | ||
| "asyncpg>=0.30.0", | ||
| "alembic>=1.16.5", | ||
| "httpx>=0.28.1", | ||
| "pytest>=8.4.2", | ||
| "pytest-cov>=7.0.0", | ||
| "uvloop>=0.21.0", | ||
| "httptools>=0.6.4", | ||
| "rich>=14.1.0", | ||
| "pyjwt>=2.10.1", | ||
| "redis>=6.4.0", | ||
| "bcrypt>=4.3.0", | ||
| "polars==1.35.2", | ||
| "python-multipart>=0.0.20", | ||
| "fastexcel>=0.15.1", | ||
| "inline-snapshot>=0.29.0", | ||
| "dirty-equals>=0.10.0", | ||
| "polyfactory>=2.22.2", | ||
| "granian>=2.5.4", | ||
| "uvicorn[standard]==0.38.0", | ||
| "asyncpg==0.30.0", | ||
| "alembic==1.17.2", | ||
| "httpx==0.28.1", | ||
| "pytest==9.0.1", | ||
| "pytest-cov==7.0.0", | ||
| "uvloop==0.22.1", | ||
| "httptools==0.7.1", | ||
| "rich==14.2.0", | ||
| "pyjwt==2.10.1", | ||
| "redis==7.0.1", | ||
| "bcrypt==5.0.0", | ||
| "polars[pyarrow]==1.35.2", | ||
| "python-multipart==0.0.20", | ||
| "fastexcel==0.16.0", | ||
| "inline-snapshot==0.31.1", | ||
| "dirty-equals==0.10.0", | ||
| "polyfactory==3.0.0", | ||
| "granian==2.5.7", |
There was a problem hiding this comment.
The dependency pinning strategy has changed from using minimum version specifiers (>=) to exact version pinning (==) for most dependencies. While this provides reproducibility, it prevents automatic security patches and bug fixes. This is particularly concerning for security-sensitive packages like bcrypt, pyjwt, and redis. Consider using ~= for compatible releases (e.g., bcrypt~=5.0.0) to allow patch updates while preventing breaking changes.
|
|
||
| "pyupgrade==3.21.1", | ||
| "ipython==9.7.0", | ||
| "tryceratops==2.4.1", |
There was a problem hiding this comment.
locust and sqlacodegen have been removed from dev dependencies. If these tools are still being used for load testing or model generation, they should remain in the dependencies. If they're no longer needed, ensure all references to them have been removed from documentation and scripts.
| "tryceratops==2.4.1", | |
| "tryceratops==2.4.1", | |
| "locust", | |
| "sqlacodegen", |
| [project] | ||
| name = "fastapi-sqlalchemy-asyncpg" | ||
| version = "0.22.0" | ||
| version = "1.22.0" |
There was a problem hiding this comment.
The project version has been bumped from 0.22.0 to 1.22.0, which is a major version change (0.x to 1.x). This signals a major release and typically indicates breaking changes or a stable API. Ensure this version bump is intentional and follows semantic versioning principles. If this is just a dependency update without breaking API changes, consider using 0.23.0 instead.
| version = "1.22.0" | |
| version = "0.23.0" |
No description provided.