[Dependency Review] 2025-12-31 #64
Description
Dependency Audit
Date: 2026-01-01 01:50 UTC
Summary
- Dependabot PRs: 0 pending
- Package manager: Needs UV migration (Python) / Compliant (Node.js)
- Stale dependencies: 1 Python package flagged
Dependabot PRs
None
Package Manager Status
Python: ❌ NON-COMPLIANT
- File:
/home/coldaine/_projects/dependencyClaudeReview/repos/codemachine-cli/pyproject.toml - Issue: Missing
uv.lockfile - Action: Run
uv syncto generate lockfile
Node.js: ✅ Compliant
- Using
package.json(standard for Node.js projects)
Stale Dependencies
Python (pyproject.toml):
| Package | Current | Latest | Gap |
|---|---|---|---|
| mkdocs-material | >=9.7.0 | 9.6.21 (Sep 2025) | Current (no action needed) |
| mkdocstrings | >=0.30.1 | 0.29.1 (Mar 2025) | Pinned ahead of latest - Manual review needed |
| mike | >=2.0.0 | 2.1.3 (Aug 2024) | Current |
Node.js (package.json): Manual review needed - cannot determine package freshness without reading source code to understand usage patterns.
Stale Pins
None detected (all Python dependencies use >= constraints, not exact pins)
Actions
- CRITICAL: Run
uv syncin project root to createuv.lockand achieve UV compliance - Investigate: mkdocstrings pinned at >=0.30.1 but latest PyPI is 0.29.1 - verify this is correct or update pyproject.toml
- Optional: Review Node.js dependencies for freshness (requires manual review of usage)
Generated by Dependency Audit Agent