chore(deps): audit stale dependency constraint comments in requirements.txt

[mrveiss]

Problem

Three dependency constraints have comments that may be outdated, blocking legitimate Dependabot upgrades:

1. bcrypt (autobot-slm-backend/requirements.txt): bcrypt>=4.0.0,<5.0.0 # bcrypt 5.0.0 incompatible with passlib

   • passlib may have updated bcrypt 5.x support since this was written
   • Dependabot PR chore(deps): update bcrypt requirement from <5.0.0,>=4.0.0 to >=4.0.0,<6.0.0 in /autobot-slm-backend #2428 was rejected based on this comment

2. protobuf (requirements.txt): protobuf>=5.29.6,<6.0.0 # TensorFlow 2.19.1 supports protobuf <6.0.0dev

   • TensorFlow may have updated protobuf support
   • Dependabot PR chore(deps): update protobuf requirement from <6.0.0,>=5.29.6 to >=5.29.6,<8.0.0 in /autobot-backend #2434 was rejected based on this comment

3. llama-index (autobot-backend/requirements.txt): llama-index>=0.13.0,<0.14.0 # pinned for API compatibility

   • Sub-packages (llms-ollama, embeddings-ollama, vector-stores-chroma) pinned to 0.7.x
   • Core 0.14.x may require newer sub-package versions
   • Dependabot PR chore(deps): update llama-index requirement from <0.14.0,>=0.13.0 to >=0.13.0,<0.15.0 in /autobot-backend #2433 was rejected — needs manual testing

Action Required

For each constraint:

1. Verify if the incompatibility still exists with current versions
2. If resolved: widen the range and update the comment
3. If still valid: add date and version info to the comment so future reviewers know it was recently verified

Discovered During

v0.2.0 release — Dependabot PRs rejected based on potentially stale comments.

[mrveiss]

Merged in PR #2479. Updated 3 stale dependency constraint comments with verified rationale.