Add Renovate and Pin Dependencies for More Reliable Dependency Management

[harryswift01]

Description

The project currently relies on latest or loosely defined dependency versions, which can cause instability in CI when upstream packages release new versions. This makes it difficult to determine whether failures are caused by local code changes or remote dependency updates. Additionally, different libraries update at different rates, which can lead to mismatched or invalid combinations of versions.

This task aims to stabilize dependency management by pinning versions explicitly and introducing Renovate to automate safe, incremental updates via pull requests. This approach ensures dependency changes are isolated, tested, and predictable.

Scope

• Pin dependency versions in pyproject.toml instead of using floating or latest versions.
• Add Renovate to the repository to automatically monitor, propose, and validate dependency updates through PRs.
• Configure Renovate to:
  • Update pinned versions.
  • Optionally maintain version ranges if appropriate.
  • Group or separate dependency updates as needed.
• Ensure CI validates each dependency update before merging.

Tasks

• Review current dependency definitions in pyproject.toml.
• Replace floating or latest versions with explicit pinned versions.
• Add a renovate.json configuration file to the repository.
• Add a GitHub Actions workflow to run Renovate on a schedule.
• Ensure CI passes on pinned versions and Renovate updates.

Benefits

• Stability: CI runs become deterministic and no longer break due to unexpected upstream releases.
• Clarity: Dependency updates are isolated and easy to review.
• Safety: CI verifies version updates before merging, preventing broken combinations.
• Maintainability: Renovate automates routine updates, reducing manual effort.
• Predictability: Version changes are documented and visible in PR history.