LCORE-502: unlock OpenAI package version

[tisnik]

Description

LCORE-502: unlock OpenAI package version

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Related Tickets & Documents

• Related Issue #LCORE-502

Summary by CodeRabbit

• Chores
  • Relaxed OpenAI SDK dependency to allow versions 1.99.9 and above, improving forward compatibility and reducing upgrade friction.
  • Enables quicker adoption of security patches and performance improvements from newer SDK releases without requiring additional app updates.
  • No user-facing changes; existing functionality and behavior remain the same.

[coderabbitai]

Walkthrough

The dependency specification for the OpenAI package in pyproject.toml was updated from an exact pin (==1.99.9) to a minimum-version constraint (>=1.99.9). No other files or configuration values were changed.

Changes

Cohort / File(s)	Summary
Dependency constraints pyproject.toml	Relaxed OpenAI version pin from openai==1.99.9 to openai>=1.99.9; no other modifications.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• LCORE-336: update dependencies excluding OpenAI #370 — Also modifies the OpenAI dependency in pyproject.toml, but pins to openai==1.99.1, indicating related version-management changes.

Poem

A bunny hops through TOML fields so fine,
Nudges pins to “greater-equal” line,
Dependencies stretch, constraints align,
Carrot-shaped caret? Not this time—still divine.
With version bounds set, I thump—“All’s fine!” 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "LCORE-502: unlock OpenAI package version" succinctly and accurately describes the primary change (loosening the OpenAI dependency constraint in pyproject.toml), is concise and specific, and includes the related ticket for traceability.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b12468 and 979bc12.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-pr
• GitHub Check: e2e_tests

🔇 Additional comments (3)

pyproject.toml (3)

46-46: uv.lock updated — verify CI consumes it

uv.lock (repo root) pins openai to 1.99.9 (sdist + wheel entries present; upload-time 2025-08-12), and pyproject lists "openai>=1.99.9" — lockfile is in sync. Verify your CI workflows install from/lock against uv.lock (or update workflows) so builds remain reproducible.

---

46-46: Double‑check upstream release cadence before widening.

Latest stable openai Python package: 1.107.1 (released Sept 10, 2025). No single sweeping runtime-breaking rework is documented since 1.99.9, but incremental feature/typing/private‑internal changes exist — review the GitHub Releases/CHANGELOG for per‑version breaking/deprecation notes before widening the range (pyproject.toml, line 46: "openai>=1.99.9").

---

46-46: Verify OpenAI SDK usage — remove or migrate dependency

pyproject.toml contains "openai>=1.99.9" (pyproject.toml:46); a repo scan found no legacy v0 calls (openai.ChatCompletion.create / Completion.create / Image.create / Embedding.create) nor direct v1-client imports/usages (from openai import OpenAI, OpenAI(), client.chat/completions/images/embeddings). Confirm whether the package is required (remove if unused), or migrate any dynamic/indirect usage to the v1 client and/or document intentional coexistence and compatibility tests.

[coderabbitai]

⚠️ Potential issue

Add an upper bound to prevent accidental breaking upgrades.

Unbounded minimum (openai>=1.99.9) can pull a future major with breaking API changes. Prefer a capped range.

Apply this diff:

-    "openai>=1.99.9",
+    "openai>=1.99.9,<2.0.0",

Optional: If you specifically want to allow only compatible minor/patch under PEP 440, use ~=1.99.9 (caps at <1.100.0), but <2.0.0 is usually clearer.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"openai>=1.99.9",
	"openai>=1.99.9,<2.0.0",

🤖 Prompt for AI Agents

In pyproject.toml around line 46, the openai dependency is specified as an
unbounded minimum ("openai>=1.99.9"); change it to a range that prevents pulling
a future major with breaking API changes by adding an upper bound (for example
use a capped range of >=1.99.9 and <2.0.0 or use the compatible release operator
~=1.99.9 which caps at <1.100.0) so the dependency will not unexpectedly upgrade
to a breaking major version.