Dependency Registry
Last Updated: 2025-12-26 Lock File:
uv.lock(232 packages resolved)
This document tracks all direct dependencies, their version constraints, and current locked versions for reproducibility and audit purposes.
Quick Status
| Category | Count | Status |
|---|---|---|
| Core | 12 | All latest stable |
| Dev | 10 | All latest stable |
| Docs | 3 | All latest stable |
| HF (optional) | 3 | All latest stable |
Core Dependencies
Production dependencies required for the main application.
| Package | Constraint | Locked | PyPI Latest | Purpose |
|---|---|---|---|---|
| fastapi | >=0.127.0 |
0.127.1 | 0.127.1 | ASGI web framework |
| uvicorn | >=0.40.0 |
0.40.0 | 0.40.0 | ASGI server |
| pydantic | >=2.12.0 |
2.12.5 | 2.12.5 | Data validation |
| pydantic-settings | >=2.12.0 |
2.12.0 | 2.12.0 | Settings management |
| pydantic-ai | >=1.39.0 |
1.39.0 | 1.39.0 | Structured LLM outputs |
| httpx | >=0.28.0 |
0.28.1 | 0.28.1 | Async HTTP client |
| structlog | >=25.5.0 |
25.5.0 | 25.5.0 | Structured logging |
| orjson | >=3.11.0 |
3.11.5 | 3.11.5 | Fast JSON serialization |
| pandas | >=2.3.0 |
2.3.3 | 2.3.3 | Data analysis |
| numpy | >=2.4.0 |
2.4.0 | 2.4.0 | Numerical computing |
| scikit-learn | >=1.8.0 |
1.8.0 | 1.8.0 | ML utilities (cosine similarity) |
| pyyaml | >=6.0.0 |
6.0.3 | 6.0.3 | YAML parsing |
Dev Dependencies
Development and testing dependencies ([project.optional-dependencies.dev]).
| Package | Constraint | Locked | PyPI Latest | Purpose |
|---|---|---|---|---|
| pytest | >=9.0.0 |
9.0.2 | 9.0.2 | Test framework |
| pytest-cov | >=7.0.0 |
7.0.0 | 7.0.0 | Coverage reporting |
| pytest-asyncio | >=1.3.0 |
1.3.0 | 1.3.0 | Async test support |
| pytest-xdist | >=3.8.0 |
3.8.0 | 3.8.0 | Parallel test execution |
| hypothesis | >=6.148.0 |
6.148.8 | 6.148.8 | Property-based testing |
| mypy | >=1.19.0 |
1.19.1 | 1.19.1 | Static type checking |
| types-pyyaml | >=6.0.0 |
6.0.12.20250915 | 6.0.12.20250915 | PyYAML type stubs |
| ruff | >=0.14.0 |
0.14.10 | 0.14.10 | Linting + formatting |
| pre-commit | >=4.5.0 |
4.5.1 | 4.5.1 | Git hooks |
| respx | >=0.22.0 |
0.22.0 | 0.22.0 | HTTPX mocking |
Docs Dependencies
Documentation generation ([project.optional-dependencies.docs]).
| Package | Constraint | Locked | PyPI Latest | Purpose |
|---|---|---|---|---|
| mkdocs | >=1.6.0 |
1.6.1 | 1.6.1 | Documentation generator |
| mkdocs-material | >=9.5.0 |
9.7.1 | 9.7.1 | Material theme |
| mkdocstrings | >=0.27.0 |
1.0.0 | 1.0.0 | API docs from docstrings |
HuggingFace Dependencies (Optional)
Heavy ML dependencies for local embeddings ([project.optional-dependencies.hf]).
| Package | Constraint | Locked | PyPI Latest | Purpose |
|---|---|---|---|---|
| torch | >=2.4.0 |
2.9.1 | 2.9.1 | Deep learning framework |
| transformers | >=4.51.0 |
4.57.3 | 4.57.3 | HuggingFace models |
| sentence-transformers | >=2.7.0 |
5.2.0 | 5.2.0 | Embedding models |
Python Version
requires-python = ">=3.11"
Tested on: Python 3.11, 3.12
Package Manager
[tool.uv]
required-version = ">=0.9.18"
We use uv for fast, reproducible dependency management.
Updating Dependencies
# Check if lock is current
uv lock --check
# Update all to latest compatible
uv lock --upgrade
# Update specific package
uv lock --upgrade-package fastapi
# Sync environment
uv sync --all-extras
# Verify tests pass
uv run pytest tests/unit -q
Audit Checklist
When auditing dependencies:
- Security: Check for CVEs via
pip-auditor Snyk - Freshness: Compare locked vs PyPI latest (this doc)
- Compatibility: Run full test suite after updates
- Lock consistency:
uv lock --checkshould pass - Python version: Ensure all deps support our Python range
Version History
| Date | Change | By |
|---|---|---|
| 2025-12-26 | Updated fastapi 0.124→0.127, uvicorn 0.38→0.40, numpy 2.3→2.4 | dependency-audit |
| 2025-12-24 | Added pydantic-ai 1.39.0 | PR #62 |
| 2025-12-23 | Initial v0.1.0 release | initial |