Skip to content

Update dependencies and build metadata#848

Merged
seapagan merged 7 commits into
mainfrom
security/update-deps
May 15, 2026
Merged

Update dependencies and build metadata#848
seapagan merged 7 commits into
mainfrom
security/update-deps

Conversation

@seapagan
Copy link
Copy Markdown
Owner

@seapagan seapagan commented May 15, 2026
edited by coderabbitai Bot
Loading

Updates the project dependency set and lockfile to address security alerts and refresh production and development packages.

Also switches the build backend to uv_build, updates license metadata to current packaging standards, removes the obsolete CODE_REVIEW.md, and adjusts the related .gitignore entry.

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated development and production dependencies across the stack with multiple version bumps
    • Transitioned build system configuration to use alternative build backend
    • Updated .gitignore patterns to exclude additional agent-related files and directories
    • Added licence file configuration to project metadata

Review Change Stack

seapagan added 6 commits May 15, 2026 18:28
@seapagan
update several deps to fix security alerts
c0f3171 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
update some dev deps to latest versions
2d438e8 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
update assorted prod deps to latest versions
6ae521a 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
update .gitignore and remove old code review file
0849cc6 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
updatge license metadata to latest standards
e9f43e2 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
change build backend to use uv_build
00d1386 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 15, 2026
edited
Loading

Warning

Rate limit exceeded

@seapagan has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 44 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7da9d90d-5797-4851-8ac4-71c8280bad09

📥 Commits

Reviewing files that changed from the base of the PR and between 00d1386 and b2abcbf.

📒 Files selected for processing (1)
  • .pre-commit-config.yaml
📝 Walkthrough

Walkthrough

This PR upgrades the FastAPI Template project's build infrastructure and dependency stack. The build system transitions from hatchling to uv_build with updated metadata, ignores additional AI agent-related files in version control, and synchronises dependency versions across both production and development requirement files with multiple package upgrades.

Changes

Build System and Dependency Updates

Layer / File(s) Summary
Project configuration and build system
.gitignore, pyproject.toml		 .gitignore updated to ignore AGENTS.md and .codex/ under the "AI Agent stuff" section. pyproject.toml adds license-files metadata and switches build system from hatchling to uv_build with new [tool.uv.build-backend] configuration specifying module root and name.
Core dependency version bumps
requirements.txt, requirements-dev.txt		 Primary framework packages bumped: alembic, anyio, fastapi, fastapi-pagination, fastar, mako, and pydantic ecosystem (pydantic, pydantic-core, pydantic-settings) across both production and development environments.
Supporting tooling and utility dependencies
requirements.txt, requirements-dev.txt		 Development tooling upgraded (mypy, ruff), utility libraries bumped (rich, typer, urllib3, python-dotenv, python-multipart), database/admin packages updated (sqladmin, sqlalchemy), with dependency metadata and via-comments synchronised across files.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested labels

dependencies, build, maintenance

Poem

🐰 With uv_build now in place,
Dependencies updated at a rapid pace,
Agent files tucked away with care,
License declared, and metadata fair,
The template grows stronger—a leap and a bound! 🚀

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title accurately summarizes the main changes: updating dependencies and build metadata, which aligns with the primary modifications across requirements files, pyproject.toml, and build configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch security/update-deps

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

  • Generate code and open pull requests
  • Plan features and break down work
  • Investigate incidents and troubleshoot customer tickets together
  • Automate recurring tasks and respond to alerts with triggers
  • Summarize progress and report instantly

Built for teams:

  • Shared memory across your entire org—no repeating context
  • Per-thread sandboxes to safely plan and execute work
  • Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@seapagan seapagan self-assigned this May 15, 2026
@seapagan seapagan added the dependencies Pull requests that update a dependency file label May 15, 2026
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 15, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

🟢 Coverage ∅ diff coverage · +0.00% coverage variation

Metric Results
Coverage variation +0.00% coverage variation (-1.00%)
Diff coverage diff coverage

View coverage diff in Codacy

Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (bdb28c9) 2524 2524 100.00%
Head commit (b2abcbf) 2524 (+0) 2524 (+0) 100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#848) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@seapagan seapagan marked this pull request as ready for review May 15, 2026 17:56
@seapagan
update prek tool versions
b2abcbf 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan seapagan merged commit 41298bd into main May 15, 2026
15 of 16 checks passed
@seapagan seapagan deleted the security/update-deps branch May 15, 2026 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@seapagan seapagan

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@seapagan