Skip to content

build(autogen): bump dependencies#457

Merged
bepri merged 2 commits into
mainfrom
work/bump-deps
Jul 2, 2026
Merged

build(autogen): bump dependencies#457
bepri merged 2 commits into
mainfrom
work/bump-deps

Conversation

@bepri

@bepri bepri commented Jul 1, 2026

Copy link
Copy Markdown
Member
  • Have you followed the guidelines for contributing?
  • Have you signed the CLA?
  • Have you successfully run make lint && make test?

Resolves a bunch of OSVs.

Note: although almost all of these are docs dependencies, this repository doesn't use Sphinx Stack yet and so I'm not going to treat them any differently here.

@bepri bepri requested a review from a team July 1, 2026 18:27
@bepri bepri self-assigned this Jul 1, 2026
Copilot AI review requested due to automatic review settings July 1, 2026 18:27
@bepri bepri marked this pull request as ready for review July 1, 2026 18:28

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Python dependency constraints and uv lockfile to remediate reported OSV vulnerabilities by bumping a set of dependencies and introducing additional minimum-version constraints.

Changes:

  • Added new minimum-version constraints in pyproject.toml intended to avoid OSV-flagged versions.
  • Regenerated uv.lock to reflect updated resolved versions (e.g., filelock, gitpython, idna, lxml, msgpack, requests, urllib3, starlette).
  • Simplified some marker-split lock entries (notably sphinx-prompt) during lock regeneration.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
uv.lock Updates locked/resolved dependency versions and manifest constraints after dependency bumps.
pyproject.toml Adds additional minimum-version constraints aimed at OSV avoidance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pyproject.toml
@mr-cal mr-cal requested a review from a team July 2, 2026 11:58
@bepri bepri merged commit e5a1243 into main Jul 2, 2026
20 checks passed
@bepri bepri deleted the work/bump-deps branch July 2, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants