chore: pin all Python dependency versions in requirements.txt #64

New Issue

cal · 2026-03-10T05:28:18Z

cal commented

2026-03-10 05:28:18 +00:00

Problem

Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior.

Task

Audit requirements.txt for any unpinned or floor-constrained dependencies
Pin ALL dependencies to exact versions (==)
If using a base Docker image, consider pinning to a specific tag/digest
Separate dev/test dependencies into requirements-dev.txt if not already done

Why This Matters

Every Docker build should produce an identical image. Unpinned deps mean a git revert doesn't actually roll back to the previous working state — you get the old code with new libraries.

## Problem Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior. ## Task 1. Audit `requirements.txt` for any unpinned or floor-constrained dependencies 2. Pin ALL dependencies to exact versions (`==`) 3. If using a base Docker image, consider pinning to a specific tag/digest 4. Separate dev/test dependencies into `requirements-dev.txt` if not already done ## Why This Matters Every Docker build should produce an identical image. Unpinned deps mean a `git revert` doesn't actually roll back to the previous working state — you get the old code with new libraries.

Claude added the

ai-working

label 2026-03-10 06:31:03 +00:00

cal referenced this issue from a commit

2026-03-10 06:35:38 +00:00

chore: pin all Python dependency versions in requirements.txt (#64)

Claude referenced this issue

2026-03-10 06:35:53 +00:00

chore: pin all Python dependency versions in requirements.txt (#64) #65

Claude added

ai-pr-opened

and removed

ai-working

labels 2026-03-10 06:36:00 +00:00

Claude commented

2026-03-10 06:36:05 +00:00

PR opened: #65

Pinned all 14 dependencies to exact == versions and the Dockerfile base image from :latest → :python3.11. Key decisions:

pydantic==1.10.21 — kept on v1 since codebase uses root_validators and v1 API
fastapi==0.111.1 — last series with explicit pydantic v1 support
numpy==1.26.4 — latest 1.x, satisfies the original <2 CPU-compat constraint
Removed the duplicate python-multipart entry

PR opened: https://git.manticorum.com/cal/paper-dynasty-database/pulls/65 Pinned all 14 dependencies to exact `==` versions and the Dockerfile base image from `:latest` → `:python3.11`. Key decisions: - `pydantic==1.10.21` — kept on v1 since codebase uses `root_validators` and v1 API - `fastapi==0.111.1` — last series with explicit pydantic v1 support - `numpy==1.26.4` — latest 1.x, satisfies the original `<2` CPU-compat constraint - Removed the duplicate `python-multipart` entry

cal referenced this issue from a commit

2026-03-10 14:06:44 +00:00

Merge pull request 'chore: pin all Python dependency versions in requirements.txt (#64)' (#65) from ai/paper-dynasty-database#64 into next-release

cal closed this issue

2026-03-10 18:26:29 +00:00

Sign in to join this conversation.

No Milestone

No project

No Assignees

2 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-database#64