Skip to content

chore(deps): audit and update dependency constraint comments (#2471)#2492

Closed
mrveiss wants to merge 1 commit intoDev_new_guifrom
fix/issue-2471
Closed

chore(deps): audit and update dependency constraint comments (#2471)#2492
mrveiss wants to merge 1 commit intoDev_new_guifrom
fix/issue-2471

Conversation

@mrveiss
Copy link
Owner

@mrveiss mrveiss commented Mar 26, 2026

Closes #2471

Findings

bcrypt (autobot-slm-backend/requirements.txt): Constraint <5.0.0 KEPT. bcrypt 5.0.0 raises ValueError for >72-byte passwords. passlib 1.7.4 (unmaintained since 2020) doesn't pre-truncate. Updated comment with specific breaking behavior + verification date.

protobuf (requirements.txt): Constraint <6.0.0 KEPT. TF 2.19.1 requires protobuf<6.0.0dev (verified from PyPI metadata). Added roadmap: TF 2.21+ needs protobuf>=6.31.1, so TF must be upgraded first.

llama-index (autobot-backend/requirements.txt): WIDENED <0.14.0<0.15.0. 0.14.x released and sub-packages at 0.7.x/0.5.x lower bounds all support llama-index-core>=0.13.0 (verified via PyPI JSON metadata).

@mrveiss
chore(deps): audit and update dependency constraint comments (#2471)
e354170 
- bcrypt <5.0.0: KEPT — bcrypt 5.0 raises ValueError for >72-byte
  passwords, breaking unmaintained passlib 1.7.4
- protobuf <6.0.0: KEPT — TF 2.19.1 requires <6.0.0dev. Added
  roadmap note: TF 2.21+ needs protobuf>=6.31.1
- llama-index: WIDENED <0.14.0 → <0.15.0 — 0.14.x verified compatible
  with sub-packages at their 0.7.x/0.5.x lower bounds
@mrveiss mrveiss closed this Mar 26, 2026
@mrveiss mrveiss deleted the fix/issue-2471 branch March 26, 2026 19:24
@mrveiss mrveiss mentioned this pull request Mar 26, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrveiss