chore: core web packages updates (FXC-4147)

[daquinteroflex]

Required for webapi, as we were using jedi indirectly in our web client. It'd be ideal if things were more decoupled but it's a bigger refactor.

Tested by

• https://github.com/flexcompute/compute/actions/runs/19363772902
• https://github.com/flexcompute/tidy3d-python-webapi/actions/runs/19363874741
• https://tidy3d-python-api.dev-simulation.cloud/master-0.0.0/health

status	"OK"
app_env	"dev"
health_env	"dev"
git_sha	"e167d0d"
tidy3d_git_sha	null
start_time	"2025-11-14T12:03:28.857119+00:00"

Again

• https://github.com/flexcompute/compute/actions/runs/19366319401
• https://github.com/flexcompute/tidy3d-python-webapi/actions/runs/19366487384
• https://tidy3d-python-api.dev-simulation.cloud/master-0.0.0/health

status	"OK"
app_env	"dev"
health_env	"dev"
git_sha	"9194fbf"
tidy3d_git_sha	null
start_time	"2025-11-14T13:50:08.199333+00:00"

Greptile Overview

Greptile Summary

This PR downgrades h5py from version 3.15.1 to 3.14.0 for backend compatibility and adds jedi as a core dependency.

Key Changes:

• Downgraded h5py constraint from ^3.0.0 to >=3.0.0,<3.15 in pyproject.toml, with lock file updated to 3.14.0
• Added jedi ^0.19 as a core dependency (previously optional dev/docs dependency)
• Updated Poetry from 2.1.1 to 2.2.1
• Updated Python version markers in poetry.lock for better compatibility (e.g., python_version < "3.11" changed to python_version == "3.10")

Concerns:

• The PR title/commit mentions "core web packages updates" but changes are primarily about h5py downgrade
• Moving jedi to core increases installation footprint for all users
• No changelog entry for this change (violates rule b72c7231-b258-4d03-aed2-51a50a9fe757)

Confidence Score: 4/5

• This PR is safe to merge with one process concern requiring verification
• The dependency changes are straightforward and low-risk: downgrading h5py for backend compatibility is a reasonable fix, and adding jedi as a core dependency is a simple change. However, there are two concerns: (1) jedi being moved from optional to core increases the installation footprint without clear justification in the PR, and (2) this change lacks a changelog entry which violates the project's documented conventions. The technical changes themselves pose minimal risk.
• No files have technical issues, but verify the intentionality of making jedi a core dependency in pyproject.toml

Important Files Changed

File Analysis

Filename	Score	Overview
pyproject.toml	4/5	Downgraded h5py from ^3.0.0 to >=3.0.0,<3.15 and added jedi ^0.19 as a core dependency
poetry.lock	4/5	Lock file updated with h5py downgrade to 3.14.0, jedi moved to core dependency, Poetry 2.2.1, and Python version marker updates

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Poetry as Poetry Tool
    participant PyPI as PyPI Registry
    participant Backend as Backend System
    
    Dev->>Poetry: Update pyproject.toml<br/>(h5py: ^3.0.0 → >=3.0.0,<3.15)
    Dev->>Poetry: Add jedi ^0.19 to core deps
    Dev->>Poetry: poetry lock
    Poetry->>PyPI: Resolve h5py versions
    PyPI-->>Poetry: Return 3.14.0 (latest < 3.15)
    Poetry->>PyPI: Resolve jedi versions
    PyPI-->>Poetry: Return jedi 0.19.2
    Poetry->>Poetry: Update poetry.lock
    Note over Poetry: Downgrade h5py 3.15.1 → 3.14.0<br/>Move jedi from optional to core
    Poetry-->>Dev: Lock file updated
    Dev->>Backend: Deploy with h5py 3.14.0
    Note over Backend: Backend compatibility<br/>maintained with h5py < 3.15

Loading

Context used:

• Rule from dashboard - Require a changelog entry for any PR that is not purely an internal refactor. (source)

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[github-actions]

Diff Coverage

Diff: origin/develop...HEAD, staged and unstaged changes

No lines with coverage information in this diff.

[momchil-flex]

Generally fine, at some point we should unpin h5py though.

[daquinteroflex]

I think after the lambda refactor