Security: Update dependencies to fix CVE vulnerabilities

[vprashrex]

• Update fastapi[standard] to >=0.116.0
• Update sentry-sdk[fastapi] to >=2.20.0 (major version upgrade)
• Migrate dev-dependencies from deprecated [tool.uv] to [dependency-groups]

CVEs addressed:

• CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 (urllib3)
• CVE-2025-69223 to CVE-2025-69230 (aiohttp)
• CVE-2025-54121, CVE-2025-62727 (starlette)
• CVE-2025-66221, CVE-2026-21860 (werkzeug)
• CVE-2025-68146, CVE-2026-22701 (filelock)

Verified with pip-audit: 0 vulnerabilities found.

Summary

Target issue is #PLEASE_TYPE_ISSUE_NUMBER
Explain the motivation for making this change. What existing problem does the pull request solve?

Checklist

Before submitting a pull request, please ensure that you mark these task.

• Ran fastapi run --reload app/main.py or docker compose up in the repository root and test.
• If you've fixed a bug or added code that is tested and has test cases.

Notes

Please add here if any other information is required for the reviewer.

---

 kaapi-backend % uv run pip-audit
No known vulnerabilities found

Summary by CodeRabbit

• Chores
  • Updated and relaxed dependency version constraints to allow newer versions of core web framework and error monitoring libraries.
  • Reorganized development build configuration for improved maintainability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates Python dependency constraints for fastapi and sentry-sdk, removing upper bounds to allow newer versions. The project configuration is refactored by migrating from the [tool.uv] section to [dependency-groups] format with dev dependencies reorganized under an explicit dev group.

Changes

Cohort / File(s)	Summary
Dependency & Configuration Update backend/pyproject.toml	Relaxed version constraints: fastapi[standard] (>=0.116.0, removed upper bound), sentry-sdk[fastapi] (>=2.20.0, removed upper bound). Refactored build tooling from [tool.uv] to [dependency-groups] with dev dependencies reorganized; added explicit dev tooling entries (pre-commit, pytest-asyncio, etc.).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Hopping through dependencies with glee,
Constraints relaxed, now versions run free,
[tool.uv] transforms to [dependency-groups] bright,
Dev tools aligned, the config's just right!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating dependencies to fix security vulnerabilities. This aligns with the PR's primary objective and the file changes in pyproject.toml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}