From b0a6a0909c42d398e3b28cdd453611b5324e586b Mon Sep 17 00:00:00 2001 From: Larry Stewart Date: Mon, 8 Jun 2026 10:59:45 -0400 Subject: [PATCH] =?UTF-8?q?chore(deps):=20dependency=20hygiene=20=E2=80=94?= =?UTF-8?q?=20pin=20jsonschema,=20add=20lockfile=20(E5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Pin jsonschema (was >=4.20.0) to ==4.26.0 so all direct deps are pinned. - Add requirements.lock: fully-resolved transitive closure via `uv pip compile` (respects setuptools<81 / marshmallow<4) for reproducible installs; requirements.txt stays the human-edited manifest. - Document opensearch-py and neo4j as optional/experimental: confirmed they are NOT imported under app/ at runtime (only their connection tests use them); Milvus is the active vector store. Full default suite: 298 passed. Closes #24 --- backend/requirements.lock | 272 ++++++++++++++++++++++++++++++++++++++ backend/requirements.txt | 14 +- 2 files changed, 283 insertions(+), 3 deletions(-) create mode 100644 backend/requirements.lock diff --git a/backend/requirements.lock b/backend/requirements.lock new file mode 100644 index 0000000..0fa1385 --- /dev/null +++ b/backend/requirements.lock @@ -0,0 +1,272 @@ +# This file was autogenerated by uv via the following command: +# uv pip compile requirements.txt -o requirements.lock +alembic==1.14.0 + # via -r requirements.txt +amqp==5.3.1 + # via kombu +annotated-types==0.7.0 + # via pydantic +anyio==4.13.0 + # via + # httpx + # openai + # sse-starlette + # starlette + # watchfiles +argon2-cffi==25.1.0 + # via minio +argon2-cffi-bindings==25.1.0 + # via argon2-cffi +attrs==26.1.0 + # via + # jsonschema + # referencing +beautifulsoup4==4.12.3 + # via -r requirements.txt +billiard==4.2.4 + # via celery +celery==5.4.0 + # via -r requirements.txt +certifi==2026.5.20 + # via + # httpcore + # httpx + # minio + # opensearch-py + # requests +cffi==2.0.0 + # via + # argon2-cffi-bindings + # cryptography +charset-normalizer==3.4.7 + # via + # pdfminer-six + # requests +click==8.4.1 + # via + # celery + # click-didyoumean + # click-plugins + # click-repl + # uvicorn +click-didyoumean==0.3.1 + # via celery +click-plugins==1.1.1.2 + # via celery +click-repl==0.3.0 + # via celery +cryptography==48.0.0 + # via + # pdfminer-six + # pyjwt +distro==1.9.0 + # via openai +environs==9.5.0 + # via pymilvus +et-xmlfile==2.0.0 + # via openpyxl +events==0.5 + # via opensearch-py +fastapi==0.115.6 + # via -r requirements.txt +grpcio==1.81.0 + # via pymilvus +h11==0.16.0 + # via + # httpcore + # uvicorn +httpcore==1.0.9 + # via httpx +httptools==0.8.0 + # via uvicorn +httpx==0.28.1 + # via + # -r requirements.txt + # openai +idna==3.18 + # via + # anyio + # httpx + # requests +jiter==0.15.0 + # via openai +jsonschema==4.26.0 + # via -r requirements.txt +jsonschema-specifications==2025.9.1 + # via jsonschema +kombu==5.6.2 + # via celery +lxml==5.3.0 + # via + # -r requirements.txt + # python-docx +mako==1.3.12 + # via alembic +markdown==3.7 + # via -r requirements.txt +markupsafe==3.0.3 + # via mako +marshmallow==3.26.2 + # via + # -r requirements.txt + # environs +milvus-lite==2.4.12 + # via pymilvus +minio==7.2.15 + # via -r requirements.txt +neo4j==5.28.1 + # via -r requirements.txt +numpy==2.4.6 + # via pandas +openai==2.15.0 + # via -r requirements.txt +openpyxl==3.1.5 + # via -r requirements.txt +opensearch-py==2.8.0 + # via -r requirements.txt +packaging==26.2 + # via + # kombu + # marshmallow +pandas==2.2.3 + # via + # -r requirements.txt + # pymilvus +pdfminer-six==20231228 + # via pdfplumber +pdfplumber==0.11.4 + # via -r requirements.txt +pillow==12.2.0 + # via pdfplumber +prompt-toolkit==3.0.52 + # via click-repl +protobuf==7.35.0 + # via pymilvus +psycopg2-binary==2.9.10 + # via -r requirements.txt +pycparser==3.0 + # via cffi +pycryptodome==3.23.0 + # via minio +pydantic==2.10.4 + # via + # -r requirements.txt + # fastapi + # openai + # pydantic-settings +pydantic-core==2.27.2 + # via pydantic +pydantic-settings==2.7.1 + # via -r requirements.txt +pyjwt==2.10.1 + # via -r requirements.txt +pymilvus==2.4.9 + # via -r requirements.txt +pymupdf==1.25.3 + # via -r requirements.txt +pypdfium2==5.9.0 + # via pdfplumber +python-dateutil==2.9.0 + # via + # -r requirements.txt + # celery + # opensearch-py + # pandas +python-docx==1.1.2 + # via -r requirements.txt +python-dotenv==1.0.1 + # via + # -r requirements.txt + # environs + # pydantic-settings + # uvicorn +python-multipart==0.0.18 + # via -r requirements.txt +pytz==2026.2 + # via + # neo4j + # pandas +pyyaml==6.0.3 + # via uvicorn +redis==5.2.1 + # via -r requirements.txt +referencing==0.37.0 + # via + # jsonschema + # jsonschema-specifications +regex==2026.5.9 + # via tiktoken +requests==2.34.2 + # via + # opensearch-py + # tiktoken +rpds-py==2026.5.1 + # via + # jsonschema + # referencing +setuptools==80.10.2 + # via + # -r requirements.txt + # pymilvus +six==1.17.0 + # via python-dateutil +sniffio==1.3.1 + # via openai +soupsieve==2.8.4 + # via beautifulsoup4 +sqlalchemy==2.0.36 + # via + # -r requirements.txt + # alembic +sse-starlette==2.2.1 + # via -r requirements.txt +starlette==0.41.3 + # via + # fastapi + # sse-starlette +tiktoken==0.8.0 + # via -r requirements.txt +tqdm==4.68.1 + # via + # milvus-lite + # openai +typing-extensions==4.15.0 + # via + # alembic + # anyio + # fastapi + # grpcio + # minio + # openai + # pydantic + # pydantic-core + # python-docx + # referencing + # sqlalchemy +tzdata==2026.2 + # via + # celery + # kombu + # pandas +ujson==5.12.1 + # via pymilvus +urllib3==2.7.0 + # via + # minio + # opensearch-py + # requests +uvicorn==0.34.0 + # via -r requirements.txt +uvloop==0.22.1 + # via uvicorn +vine==5.1.0 + # via + # amqp + # celery + # kombu +watchfiles==1.2.0 + # via uvicorn +wcwidth==0.8.1 + # via prompt-toolkit +websockets==16.0 + # via uvicorn diff --git a/backend/requirements.txt b/backend/requirements.txt index 8cac5fd..07bde20 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -1,3 +1,7 @@ +# This is the human-edited dependency manifest (direct deps, all pinned). +# requirements.lock is the fully-resolved transitive lock for reproducibility; +# regenerate it after changing this file: uv pip compile requirements.txt -o requirements.lock + # Build/runtime shim: pymilvus 2.4.9 imports pkg_resources, which setuptools>=81 removed. # Pin below 81 so a fresh venv (esp. Python 3.12+, which omits setuptools by default) keeps pkg_resources. setuptools<81 @@ -10,7 +14,7 @@ python-multipart==0.0.18 # Data validation pydantic==2.10.4 pydantic-settings==2.7.1 -jsonschema>=4.20.0 +jsonschema==4.26.0 # CORS and HTTP httpx==0.28.1 @@ -34,13 +38,17 @@ alembic==1.14.0 # Vector database pymilvus==2.4.9 -# OpenSearch +# OpenSearch — OPTIONAL/EXPERIMENTAL backend. Not imported anywhere under app/ +# at runtime (only exercised by tests/test_opensearch_connection.py). Kept as a +# pinned, documented experimental dependency; Milvus is the active vector store. opensearch-py==2.8.0 # MinIO (S3) minio==7.2.15 -# Neo4j +# Neo4j — OPTIONAL/EXPERIMENTAL backend. Not imported anywhere under app/ at +# runtime (only tests/test_neo4j_connection.py). Pinned + documented; remove if +# the graph-DB backend is abandoned. neo4j==5.28.1 # Task queue