fix: dependencies bumped

[HardMax71]

Summary by cubic

Upgrade backend Pillow to 12.1.1 (now included in the load extras) and bump frontend Svelte to 5.53.x. Lockfiles updated; no app code changes.

• Dependencies
  • Backend: add Pillow>=12.1.1 to the load group; uv.lock updated (Pillow 12.1.1 added to dev/load).
  • Frontend: bump svelte from ^5.50.0 to ^5.53.5 (resolved to 5.53.7); devalue patched to 5.6.3; package-lock.json refreshed.

^{Written for commit b438d5f. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • Upgraded Svelte framework from version 5.50.0 to 5.53.5
  • Added Pillow as a new runtime dependency

[coderabbitai]

📝 Walkthrough

Walkthrough

Two dependencies are updated: Pillow 12.1.1+ is added to backend Python dependencies, and Svelte is bumped from 5.50.0 to 5.53.5 in the frontend. Both changes are configuration-only with no functional code alterations.

Changes

Cohort / File(s)	Summary
Dependency Updates backend/pyproject.toml, frontend/package.json	Added Pillow >=12.1.1 to Python runtime dependencies; bumped Svelte from ^5.50.0 to ^5.53.5.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly Related PRs

• fix: updated deps #166: Directly related through dependency declaration modifications across backend and frontend configurations.

Poem

🐰 Hop, hop! Dependencies bloom,
Pillow paints the room,
Svelte dances light and free,
Versions jump—one, two, three! 🎨✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title is vague and generic, using the non-descriptive term 'dependencies bumped' without specifying which dependencies or versions are involved.	Consider using a more specific title that identifies the key dependencies being updated, such as 'Add Pillow dependency and bump Svelte version' to make the change clear at a glance.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sec/det-issues-040326

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cubic-dev-ai]

No issues found across 4 files

[Copilot]

Pull request overview

This PR updates project dependencies across the frontend and backend, bumping Svelte in the frontend and adding/upgrading Pillow in the backend’s dependency groups and lockfile.

Changes:

• Bump svelte in the frontend to ^5.53.5 (and update package-lock.json accordingly).
• Add pillow to backend dev/load dependency groups and update uv.lock to Pillow 12.1.1.
• Refresh generated lockfile metadata impacted by the dependency updates.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

File	Description
frontend/package.json	Bumps Svelte version range.
frontend/package-lock.json	Updates resolved Svelte version and transitive dependency tree.
backend/pyproject.toml	Adds Pillow to the load dependency group.
backend/uv.lock	Adds Pillow to relevant groups and locks Pillow to 12.1.1.

Files not reviewed (1)

• frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In [dependency-groups].load, the dependency name is capitalized as "Pillow>=12.1.1", while the rest of this file (and the generated uv.lock) uses normalized/lowercase names (e.g., matplotlib, pillow). Even though pip is case-insensitive, keeping the canonical lowercase name avoids churn in lockfiles and tooling that normalizes names. Suggest changing this to pillow>=12.1.1 for consistency.

Suggested change

	"Pillow>=12.1.1",
	"pillow>=12.1.1",

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/pyproject.toml`:
- Around line 149-151: The Pillow dependency uses a >= constraint which violates
the project's strict exact-pinning convention; in pyproject.toml change the
"Pillow>=12.1.1" entry to an exact pin (e.g. "Pillow==12.1.1") so it matches
other exact pins like "matplotlib==3.10.8" and keeps load-only tooling
consistent.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88173da and b438d5f.

⛔ Files ignored due to path filters (2)

• backend/uv.lock is excluded by !**/*.lock
• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• backend/pyproject.toml
• frontend/package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether Pillow is imported in runtime packages (app/workers) vs. load-only scripts.
rg -nP --type=py -C2 '\b(from\s+PIL\s+import|import\s+PIL\b)' app workers 2>/dev/null || echo "No matches found in app/workers"

Repository: HardMax71/Integr8sCode

Length of output: 97

---

🏁 Script executed:

cat backend/pyproject.toml

Repository: HardMax71/Integr8sCode

Length of output: 6270

---

Pin Pillow to exact version for consistency with project's strict dependency pinning strategy.

The >=12.1.1 constraint breaks the project's pattern—all other dependencies use exact pins (==), including matplotlib in the same load group. Pillow is correctly scoped to load-only tooling, but should match the pinning convention.

Pinning adjustment

 load = [
     "matplotlib==3.10.8",
-    "Pillow>=12.1.1",
+    "Pillow==12.1.1",
 ]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"matplotlib==3.10.8",
	"Pillow>=12.1.1",
	]
	"matplotlib==3.10.8",
	"Pillow==12.1.1",
	]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/pyproject.toml` around lines 149 - 151, The Pillow dependency uses a
>= constraint which violates the project's strict exact-pinning convention; in
pyproject.toml change the "Pillow>=12.1.1" entry to an exact pin (e.g.
"Pillow==12.1.1") so it matches other exact pins like "matplotlib==3.10.8" and
keeps load-only tooling consistent.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Flag	Coverage Δ
backend-e2e	83.21% <ø> (-0.02%)	⬇️
backend-unit	67.91% <ø> (ø)
frontend-unit	86.86% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

Components	Coverage Δ
Backend	90.07% <ø> (ø)
Frontend	86.86% <ø> (-0.01%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.