Skip to content

chore(agent): upgrade runtime deps — Node 24, Claude SDK 0.2.82, pin all Python deps#103

Open
scottschreckengaust wants to merge 6 commits into
mainfrom
chore/upgrade-node24-claude
Open

chore(agent): upgrade runtime deps — Node 24, Claude SDK 0.2.82, pin all Python deps#103
scottschreckengaust wants to merge 6 commits into
mainfrom
chore/upgrade-node24-claude

Conversation

@scottschreckengaust
Copy link
Copy Markdown
Contributor

@scottschreckengaust scottschreckengaust commented May 15, 2026
edited
Loading

Summary

Comprehensive upgrade of all agent runtime dependencies in the Dockerfile and pyproject.toml for security, reproducibility, and Python 3.14 readiness.

Dockerfile changes

Dependency From To Rationale
Node.js 20.x (EOL active LTS) 24.x (current LTS) Release schedule
Claude Code CLI 2.1.139 2.1.142 Aligned with SDK v0.2.82
uv :latest (unpinned) 0.11.14 (pinned) Reproducibility; :latest breaks builds without warning

pyproject.toml changes

Dependency From To Notes
claude-agent-sdk 0.1.81 0.2.82 Bundles CLI 2.1.142
boto3 1.43.6 1.43.9 +botocore transitive
requests 2.34.0 2.34.2 Patch
uvicorn 0.46.0 0.47.0 Minor
cedarpy >=4.8.1 ==4.8.3 Pinned; ships cp314 native wheels
aws-opentelemetry-distro ~=0.17.0 ==0.17.0 Tightened specifier for consistency
fastapi 0.136.1 0.136.1 Already latest
mcp 1.27.1 1.27.1 Already latest

Key coupling: claude-agent-sdk ↔ Claude Code CLI

The claude-agent-sdk Python package bundles the Claude Code CLI binary. The Dockerfile also installs the CLI via npm. Both must stay in sync:

  • pyproject.toml: claude-agent-sdk==0.2.82 → bundles CLI 2.1.142
  • Dockerfile: @anthropic-ai/claude-code@2.1.142

All deps pinned with ==

Previously cedarpy used >= and aws-opentelemetry-distro used ~=. All dependencies now use exact == pins for reproducibility, with uv.lock as the authoritative lockfile.

Python 3.14 readiness

All 8 dependencies verified compatible with Python 3.14 (see issue #105 comment). Zero blockers for the upcoming Python 3.14 upgrade.

Related

Test plan

  • Docker image builds (Node 24, Claude 2.1.142, uv 0.11.14)
  • uv lock resolves cleanly (127 packages)
  • Pre-commit hooks pass
  • CI build passes (run 25938534937)
  • CI build with latest commits (SDK + dep bumps)
  • Agent unit tests pass
  • Smoke test: full agent task execution on deployed stack

🤖 Generated with Claude Code

@scottschreckengaust @claude
chore(agent): upgrade Node.js 20 to 24 LTS and Claude Code to 2.1.142
7aa6410 
- Node.js 20 reached end of active LTS; upgrade to 24 LTS
  (https://nodejs.org/en/about/previous-releases)
- Claude Code bumped from 2.1.139 to 2.1.142

Verified: image builds, node v24.15.0, claude 2.1.142 confirmed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust scottschreckengaust mentioned this pull request May 15, 2026
Open
5 tasks
@scottschreckengaust scottschreckengaust marked this pull request as ready for review May 15, 2026 19:43
@scottschreckengaust scottschreckengaust requested a review from a team as a code owner May 15, 2026 19:43
@scottschreckengaust @claude
chore(agent): pin uv to 0.11.14 for reproducible builds
cfb820c 
Replace ghcr.io/astral-sh/uv:latest with pinned 0.11.14. Using :latest
is a reproducibility and security risk — any broken or vulnerable uv
release would break all builds with no rollback without a code change.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust scottschreckengaust changed the title chore(agent): upgrade Node.js 20 → 24 LTS and Claude Code 2.1.139 → 2.1.142 chore(agent): upgrade Node.js 20→24 LTS, Claude Code 2.1.142, pin uv 0.11.14 May 15, 2026
krokoko
krokoko reviewed May 15, 2026
View reviewed changes
Comment thread agent/Dockerfile
scottschreckengaust and others added 3 commits May 15, 2026 20:58
@scottschreckengaust @claude
chore(agent): upgrade claude-agent-sdk 0.1.81 → 0.2.82
1e85a59 
Aligns the Python SDK with the Dockerfile's Claude Code CLI pin
(2.1.142). The SDK bundles the CLI binary, so these must stay in sync.

Release: https://github.com/anthropics/claude-agent-sdk-python/releases/tag/v0.2.82
Bundled CLI: 2.1.142

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust @claude
chore(agent): bump all pinned deps to latest patch/minor
74d282d 
- boto3 1.43.6 → 1.43.9 (+ botocore transitive)
- requests 2.34.0 → 2.34.2
- uvicorn 0.46.0 → 0.47.0
- cedarpy >=4.8.1 → ==4.8.3 (pinned; ships cp314 native wheels)

fastapi (0.136.1), aws-opentelemetry-distro (0.17.0), and mcp (1.27.1)
are already at their latest versions.

All verified Python 3.14 compatible for upcoming #105 upgrade.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust @claude
chore(agent): pin aws-opentelemetry-distro with == for consistency
5d713e4 
Change ~=0.17.0 (compatible release) to ==0.17.0 (exact pin) to match
all other dependencies. No version change — just specifier tightening.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust scottschreckengaust changed the title chore(agent): upgrade Node.js 20→24 LTS, Claude Code 2.1.142, pin uv 0.11.14 chore(agent): upgrade runtime deps — Node 24, Claude SDK 0.2.82, pin all Python deps May 15, 2026
@scottschreckengaust scottschreckengaust marked this pull request as draft May 15, 2026 22:44
@scottschreckengaust scottschreckengaust marked this pull request as ready for review May 16, 2026 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krokoko krokoko krokoko left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scottschreckengaust @krokoko