Updated deps

[tisnik]

Description

Updated deps

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Summary by CodeRabbit

• Chores
  • Updated Python package dependencies (fastapi, psutil, sse-starlette, termcolor) to latest versions for improved stability and performance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Two architecture-specific Python requirements files are updated with version bumps for four dependencies: fastapi (0.127.0→0.128.0), psutil (7.2.0→7.2.1), sse-starlette (3.0.4→3.1.2), and termcolor (3.2.0→3.3.0), along with corresponding hash updates.

Changes

Cohort / File(s)	Summary
Python dependency version updates requirements.aarch64.txt, requirements.x86_64.txt	Updated fastapi (0.127.0→0.128.0), psutil (7.2.0→7.2.1), sse-starlette (3.0.4→3.1.2), termcolor (3.2.0→3.3.0) with corresponding hash entries reflecting new package releases

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• LCORE-1062: Dependencies update #944: Both PRs modify the same requirements files and update fastapi dependency versions.
• LCORE-1062: Updated deps #950: Both PRs update psutil in the platform-specific requirements files with new hashes.
• LCORE-1062: Dependencies update #938: Both PRs include dependency version bumps across multiple packages in the same requirements manifest files.

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Updated deps' is vague and generic, using non-descriptive language that doesn't convey which specific dependencies were updated or why.	Consider using a more specific title that identifies the key dependency updates, such as 'Bump fastapi, psutil, sse-starlette, and termcolor versions' to provide clearer context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12e30db and 6cb4eb8.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• requirements.aarch64.txt
• requirements.x86_64.txt

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-08-18T10:57:39.266Z

Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:59-59
Timestamp: 2025-08-18T10:57:39.266Z
Learning: In the lightspeed-stack project, transitive dependencies like faiss-cpu are intentionally pinned as top-level dependencies to maintain better control over the dependency graph and avoid version conflicts when bundling ML/LLM tooling packages.

Applied to files:

• requirements.x86_64.txt
• requirements.aarch64.txt

📚 Learning: 2025-08-18T10:58:14.951Z

Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:47-47
Timestamp: 2025-08-18T10:58:14.951Z
Learning: psycopg2-binary is required by some llama-stack providers in the lightspeed-stack project, so it cannot be replaced with psycopg v3 or moved to optional dependencies without breaking llama-stack functionality.

Applied to files:

• requirements.x86_64.txt
• requirements.aarch64.txt

📚 Learning: 2025-08-18T10:56:55.349Z

Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:0-0
Timestamp: 2025-08-18T10:56:55.349Z
Learning: The lightspeed-stack project intentionally uses a "generic image" approach, bundling many dependencies directly in the base runtime image to work for everyone, rather than using lean base images with optional dependency groups.

Applied to files:

• requirements.x86_64.txt
• requirements.aarch64.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build-pr
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: E2E: library mode / vertexai
• GitHub Check: E2E: server mode / vertexai
• GitHub Check: E2E: server mode / ci
• GitHub Check: E2E: server mode / azure
• GitHub Check: E2E: library mode / azure
• GitHub Check: E2E: library mode / ci

🔇 Additional comments (8)

requirements.x86_64.txt (4)

659-665: FastAPI bump looks consistent; verify runtime compatibility with Starlette & pydantic

fastapi==0.128.0 with regenerated hashes looks fine and keeps the explicit pinning strategy intact. Please run the API/server tests (including any FastAPI/Starlette integrations) to confirm there are no behavioral changes or deprecations affecting routes, middlewares, or dependencies.

Based on learnings, this keeps the controlled, pinned-deps “generic image” approach intact.

---

2411-2437: psutil patch bump appears safe; ensure observability/limits code still behaves as expected

psutil==7.2.1 plus the expanded hash set look correct for a uv-generated lock file. Since psutil is often used in monitoring/limits logic, double‑check any resource/metrics features in lightspeed-stack and llama/accelerate flows for regressions on supported platforms.

Based on learnings, keeping psutil pinned as a base-image dependency is aligned with the project’s transitive-deps policy.

---

3374-3377: sse-starlette bump aligns with FastAPI/Starlette pins; smoke‑test SSE endpoints

sse-starlette==3.1.2 with updated hashes is consistent with the existing starlette and new fastapi versions. Please run a quick smoke test of any SSE/MCP streaming endpoints to confirm no signature or behavior changes.

---

3391-3397: termcolor bump is low risk; OK to merge after basic CLI/logging check

termcolor==3.3.0 with refreshed hashes is straightforward. Just ensure any CLI/logging paths that rely on colored output still behave as expected under the new version.

requirements.aarch64.txt (4)

659-661: FastAPI bump looks structurally fine; confirm framework compatibility.

The pin + hashes for fastapi==0.128.0 look consistent with the rest of the file and the existing starlette==0.50.0 / uvicorn==0.40.0 stack. Please just make sure:

• The x86_64 requirements file is pinned to the same FastAPI version.
• API/integration tests covering FastAPI routes (including any custom exception handlers, background tasks, and WebSocket/SSE usage) pass without regressions.

---

2411-2432: psutil patch bump looks low risk; verify aarch64 wheels and telemetry paths.

psutil==7.2.1 is a patch-level bump and the hash block looks correct. Risk is mainly:

• Wheel availability/behavior on aarch64 images.
• Any custom process / resource monitoring code relying on edge-case behavior of the older version.

Please confirm:

• CI builds/tests for aarch64 pass.
• Any monitoring/metrics components using psutil behave as expected under load.

---

3374-3376: sse-starlette bump pairs with FastAPI/Starlette; re-check SSE endpoints.

sse-starlette==3.1.2 with new hashes is fine syntactically. Since it plugs into starlette/fastapi, double-check:

• The same version is used in requirements.x86_64.txt.
• Any SSE endpoints (especially using custom headers, ping intervals, or reconnection logic) still behave correctly with this version.

---

3391-3393: termcolor patch bump is minimal; quick smoke test of CLI output is enough.

termcolor==3.3.0 + hashes look good. Impact should be limited to CLI/colored logging. Please just:

• Run a quick smoke test of any CLI tooling or colored logs to ensure there are no behavioral or formatting regressions.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}