Summary
Track intentional major backend dependency upgrades deferred during the post-v0.1.1 Dependabot cleanup.
Deferred Dependabot PRs
| Package |
From |
To |
PR |
| bcrypt |
4.2.1 |
5.0.0 |
#23 |
| redis |
5.2.1 |
8.0.1 |
#25 |
| mypy |
1.13.0 |
2.2.0 |
#26 |
Why deferred
These are major semantic-version jumps requiring dedicated migration review, not batch closure to reduce branch count.
Required before merge
- Review changelogs and breaking changes
- Run full backend pytest, mypy, bandit, pip-audit
- Run live E2E validation against Docker stack
- Confirm password hashing behavior for bcrypt 5.x
- Confirm redis client API compatibility with existing async usage
- Confirm mypy strict mode passes with new release
Notes
Routine minor/patch Python updates remain in grouped PR #21.
Summary
Track intentional major backend dependency upgrades deferred during the post-v0.1.1 Dependabot cleanup.
Deferred Dependabot PRs
Why deferred
These are major semantic-version jumps requiring dedicated migration review, not batch closure to reduce branch count.
Required before merge
Notes
Routine minor/patch Python updates remain in grouped PR #21.