Skip to content

[Dependency Review] 2025-12-31 #335

New issue
New issue
Closed
Closed
[Dependency Review] 2025-12-31#335
@Coldaine

Description

@Coldaine
Coldaine
opened on Jan 1, 2026

Dependency Audit

Date: 2025-12-31

Summary

  • Dependabot PRs: 0 pending
  • Package manager: Compliant (pyproject.toml + uv.lock)
  • Stale dependencies: 1 flagged

Dependabot PRs

None

Package Manager

Status: Compliant

The repository correctly uses:

  • pyproject.toml for dependency declaration
  • uv.lock for lock file (251,887 bytes)

No migration needed.

Stale Dependencies

Package Current Latest Gap
fastmcp 2.12.5 (exact pin) 2.14.1 2 minor versions behind
fastapi >=0.115.12 0.128.0 Current (within range)
google-api-python-client >=2.168.0 2.75.0+ Manual review needed
httpx >=0.28.1 0.28.1 Current
pyjwt >=2.10.1 2.10.1 Current

Stale Pins

fastmcp==2.12.5

  • Current: Exact pin at 2.12.5
  • Latest: 2.14.1 (released Dec 15, 2025)
  • Gap: 2 minor versions behind
  • Recommendation: Update to fastmcp>=2.14.1 or latest stable

Actions

  1. Update fastmcp from exact pin 2.12.5 to >=2.14.1 (or latest 2.x)
  2. Consider removing exact pin constraint to allow patch/minor updates within semver
  3. Run uv sync after updating pyproject.toml to refresh lock file

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions