🔧 Python 3.13 Compatibility & Security Updates #206
Conversation
|
@danny-avila Any updates on this? |
There was a problem hiding this comment.
Pull request overview
This PR upgrades the codebase from Python 3.10 to Python 3.13.7 to address critical security vulnerabilities and ensure compatibility with the latest Python version. The update includes dependency version bumps across the board, with particular focus on packages that require Python 3.13 support (pandas, psycopg2-binary, asyncpg) and numpy 2.x compatibility (langchain-mongodb, langchain-aws, boto3).
Key changes:
- Upgraded Python from 3.10 to 3.13.7 in production Dockerfiles and CI workflow
- Updated 15+ dependencies for Python 3.13 compatibility and numpy 2.x support
- Migrated from deprecated
rapidocr-onnxruntimeto modernonnxruntime+rapidocrpackages - Added explicit
numpy==2.1.0dependency for langchain-community resolution - Removed problematic
pytest-postgresqltest dependency (tests are mocked) - Updated
httpxtest dependency to 0.28.1 for FastAPI TestClient compatibility
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| requirements.txt | Updated 12 package versions for Python 3.13 compatibility, numpy 2.x support, and security patches; migrated OCR packages; added explicit numpy dependency |
| requirements.lite.txt | Mirror of requirements.txt changes for lite deployment variant |
| Dockerfile | Updated base image from python:3.10 to python:3.13.7 |
| Dockerfile.lite | Updated base image from python:3.10-slim to python:3.13.7-slim |
| .github/workflows/ci.yml | Updated CI Python version from 3.12 to 3.13.7 for testing |
| test_requirements.txt | Removed pytest-postgresql (causing import errors with mocked tests); updated httpx from 0.27.0 to 0.28.1 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.12' | ||
| python-version: '3.13.7' |
There was a problem hiding this comment.
The devcontainer configuration was not updated to Python 3.13.7. The .devcontainer/Dockerfile specifies PYTHON_VERSION=3.10 (line 4) and .devcontainer/devcontainer.json has "PYTHON_VERSION": "3.10" (line 14). These should be updated to 3.13.7 to match the main Dockerfiles and CI workflow for consistency across all development environments.
2 participants
This PR upgrades all dependencies to ensure Python 3.13 compatibility and addresses critical security vulnerabilities from Python 3.10.
🚨 Security Motivation
This update addresses the following Critical and High CVEs:
📋 Key Changes
🐍 Core Python 3.13 Compatibility Fixes
pandas2.2.12.2.3psycopg2-binary2.9.92.9.10asyncpg0.29.00.30.0🔗 Dependency Resolution & Numpy 2.x Support
langchain-mongodb0.2.0>=0.4.0numpy<2.0.0conflictlangchain-aws0.2.10.2.31boto31.34.1441.39.7📦 Package Migration & Security Updates
rapidocr-onnxruntime1.2.3onnxruntime1.20.1rapidocr2.0.6pydantic2.9.22.10.0🎯 Explicit Numpy Requirement
Added:
numpy>=2.1.0Why numpy was added explicitly:
To ensure
langchain-communitydependency resolution works correctly with Python 3.13.🧪 Testing Updates
Updated
test_requirements.txt:pytest-postgresql==7.0.1(caused import errors, tests are mocked)