# Dependency Upgrade Design

## Overview

프로젝트의 모든 종속성을 최신 LTS/Stable 버전으로 업그레이드합니다.

## Runtime Environment

| Component | Before | After | Note |
|-----------|--------|-------|------|
| Node.js | 22-alpine | 24-alpine | Active LTS |
| Python | 3.12-slim | 3.12-slim | 유지 (pykrx numpy 호환성) |
| PostgreSQL | 15-alpine | 18-alpine | 5년 지원 |

## Backend Python Packages

### Core Framework
| Package | Before | After |
|---------|--------|-------|
| fastapi | 0.115.6 | 0.128.2 |
| uvicorn[standard] | 0.34.0 | 0.40.0 |
| sqlalchemy | 2.0.36 | 2.0.46 |
| alembic | 1.14.0 | 1.18.3 |
| pydantic[email] | 2.10.4 | 2.12.5 |
| pydantic-settings | 2.7.1 | 2.12.0 |

### Authentication (Breaking Change)
| Package | Before | After | Note |
|---------|--------|-------|------|
| python-jose[cryptography] | 3.3.0 | REMOVED | Deprecated |
| PyJWT[crypto] | - | 2.11.0 | Replacement |
| passlib[bcrypt] | 1.7.4 | 1.7.4 | 유지 |
| bcrypt | 4.0.1 | 4.2.1 | |

### Data Processing
| Package | Before | After | Note |
|---------|--------|-------|------|
| pandas | 2.2.3 | 2.3.3 | 2.x 최신 |
| numpy | 2.2.1 | 1.26.4 | pykrx 호환성 |
| pykrx | 1.0.45 | 1.2.3 | |

### HTTP & Parsing
| Package | Before | After |
|---------|--------|-------|
| httpx | 0.28.1 | 0.28.1 |
| requests | 2.32.3 | 2.32.5 |
| beautifulsoup4 | 4.12.3 | 4.14.3 |
| lxml | 5.3.0 | 6.0.2 |

### Other
| Package | Before | After |
|---------|--------|-------|
| python-multipart | 0.0.20 | 0.0.22 |
| apscheduler | 3.10.4 | 3.11.2 |

### Dev Dependencies
| Package | Before | After |
|---------|--------|-------|
| pytest | 8.3.4 | 8.3.4 |
| pytest-asyncio | 0.25.2 | 1.1.0 |

## Frontend Node.js Packages

### Dependencies
| Package | Before | After |
|---------|--------|-------|
| next | 16.1.6 | 16.1.6 |
| react | 19.2.3 | 19.2.4 |
| react-dom | 19.2.3 | 19.2.4 |

### DevDependencies
| Package | Before | After |
|---------|--------|-------|
| @types/node | ^20 | ^22 |

## Files Modified

1. `backend/Dockerfile` - Python version (unchanged)
2. `frontend/Dockerfile` - Node.js 22 → 24
3. `docker-compose.yml` - PostgreSQL 15 → 18
4. `docker-compose.prod.yml` - PostgreSQL 15 → 18
5. `backend/pyproject.toml` - Python packages
6. `backend/requirements.txt` - Python packages
7. `frontend/package.json` - Node.js packages
8. `backend/app/core/security.py` - JWT code migration

## Migration Notes

### python-jose → PyJWT

```python
# Before
from jose import jwt, JWTError
token = jwt.encode(payload, secret, algorithm="HS256")
decoded = jwt.decode(token, secret, algorithms=["HS256"])

# After
import jwt
from jwt.exceptions import PyJWTError
token = jwt.encode(payload, secret, algorithm="HS256")
decoded = jwt.decode(token, secret, algorithms=["HS256"])
```

### Constraints

- **pykrx**: requires numpy<2.0, limiting numpy to 1.26.4
- **pytest-asyncio**: requires pytest<9, limiting pytest to 8.x

## References

- [Node.js Releases](https://nodejs.org/en/about/previous-releases)
- [PostgreSQL Versioning](https://www.postgresql.org/support/versioning/)
- [FastAPI PyJWT Migration](https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/)
- [PyJWT Documentation](https://pyjwt.readthedocs.io/)