Upgrade dependencies to latest compatible versions

[Jamie-BitFlight]

Summary

This PR updates project dependencies to their latest compatible versions to improve security, performance, and feature availability.

Key Changes

• gitpython: 3.1.45 → 3.1.46
• pydantic: 2.0.0 → 2.12.5 (significant minor version bump)
• ruamel-yaml: 0.18.0 → 0.19.1
• tiktoken: 0.8.0 → 0.12.0 (significant minor version bump)
• typer: 0.21.0 → 0.24.1 (significant minor version bump)
• hypothesis (dev): 6.151.9 → 6.151.10
• pytest (dev): Reordered in dependency list (no version change)

Notable Details

• All updates maintain compatibility with the Python 3.11-3.14 requirement
• Development dependencies were reorganized alphabetically for better maintainability
• The lockfile has been updated to reflect the new dependency resolution

https://claude.ai/code/session_013HZLfw9Me86st1jebtxskA

Summary by CodeRabbit

• Chores
  • Updated dependency versions to ensure compatibility and stability.

[coderabbitai]

Warning

Rate limit exceeded

@Jamie-BitFlight has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 1 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 22 minutes and 1 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 74b3b426-64d7-4ea0-bbc2-04bee6a73462

📥 Commits

Reviewing files that changed from the base of the PR and between ac068ee and e984080.

📒 Files selected for processing (3)

• .github/dependabot.yml
• .github/workflows/claude-code-review.yml
• .github/workflows/claude.yml

📝 Walkthrough

Walkthrough

Updated minimum version constraints for production and development dependencies in pyproject.toml. Bumped gitpython, pydantic, ruamel-yaml, tiktoken, and typer to newer minimum versions. Reordered pytest in the dev dependency list and updated hypothesis minimum version.

Changes

Cohort / File(s)	Summary
Dependency Version Updates pyproject.toml	Increased minimum versions for gitpython (3.1.45→3.1.46), pydantic (2.0.0→2.12.5), ruamel-yaml (0.18.0→0.19.1), tiktoken (0.8.0→0.12.0), typer (0.21.0→0.24.1), and hypothesis (6.151.9→6.151.10); reordered pytest in dev dependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Dependencies dance in version schemes,
Pydantic hops to newest dreams,
Tiktoken leaps, and typer twirls,
A rabbit bumps through Python's pearls! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the PR: upgrading multiple dependencies to newer compatible versions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/update-dependencies-uv-cUenJ

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Test Coverage Report

Coverage: 81.48%

📥 Coverage XML available as artifact: coverage-xml

[github-actions]

Benchmark Results

✅ No regressions — threshold: 30%

scan-clean

Metric	Base	Compare	Change
files_per_second	66.6 files/s	66.0 files/s	➡️ -0.9%
scan_max_ms	15592.5 ms	15349.3 ms	✅ -1.6%
scan_mean_ms	15022.3 ms	15164.4 ms	➡️ +0.9%
scan_min_ms	14634.0 ms	14876.5 ms	➡️ +1.7%

scan-violations

Metric	Base	Compare	Change
files_per_second	83.2 files/s	82.6 files/s	➡️ -0.6%
scan_max_ms	2443.0 ms	2466.5 ms	➡️ +1.0%
scan_mean_ms	2416.9 ms	2432.1 ms	➡️ +0.6%
scan_min_ms	2369.9 ms	2387.1 ms	➡️ +0.7%

fix-violations

Metric	Base	Compare	Change
fix_files_per_second	100.9 files/s	97.5 files/s	➡️ -3.4%
fix_max_ms	2039.5 ms	2071.2 ms	➡️ +1.6%
fix_mean_ms	1991.5 ms	2061.8 ms	➡️ +3.5%
fix_min_ms	1915.6 ms	2050.5 ms	➡️ +7.0%

cpu

Metric	Base	Compare	Change
cpu_clean_mean_ms	0.5 ms	0.6 ms	➡️ +0.6%
cpu_fix_mean_ms	2.0 ms	2.0 ms	➡️ +1.1%
cpu_violations_mean_ms	0.7 ms	0.8 ms	➡️ +0.9%

View benchmark history

_{Updated 2026-03-29 12:43 UTC}

[coderabbitai]

🧹 Nitpick comments (1)

pyproject.toml (1)

29-36: Consider lowering runtime minimums closer to the actual API floor, with one important exception for pydantic.

The codebase uses only features available in much earlier versions:

• typer: Uses only basic features (CliRunner, Exit, simple imports) available since 0.0.2+; current floor of 0.24.1 is unnecessarily restrictive.
• pydantic: Uses BaseModel, ConfigDict, Field, field_validator available in 2.0.0+, BUT also uses JsonValue which requires 2.5.0+. The current floor of 2.12.5 can be lowered to 2.5.0+.

Lowering these where safe improves downstream compatibility while your lockfile can still pin tested versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 29 - 36, Update the runtime minimums in
pyproject.toml to relax unnecessary constraints: lower "typer" to a much earlier
compatible floor (e.g., allow "typer>=0.0.2") since only basic CLI features are
used, and set "pydantic" to "pydantic>=2.5.0" because your use of JsonValue
requires at least 2.5.0 (keep other packages unchanged); modify the entries for
"typer" and "pydantic" in pyproject.toml accordingly so the manifest reflects
these minimum compatible versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pyproject.toml`:
- Around line 29-36: Update the runtime minimums in pyproject.toml to relax
unnecessary constraints: lower "typer" to a much earlier compatible floor (e.g.,
allow "typer>=0.0.2") since only basic CLI features are used, and set "pydantic"
to "pydantic>=2.5.0" because your use of JsonValue requires at least 2.5.0 (keep
other packages unchanged); modify the entries for "typer" and "pydantic" in
pyproject.toml accordingly so the manifest reflects these minimum compatible
versions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0bf31db9-15f2-4db5-b139-712a60a92b78

📥 Commits

Reviewing files that changed from the base of the PR and between 5a88d60 and ac068ee.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml