Skip to content

chore(deps): Update#93

Merged
williaby merged 2 commits into
mainfrom
renovate/lock-file-maintenance
Jun 27, 2026
Merged

chore(deps): Update#93
williaby merged 2 commits into
mainfrom
renovate/lock-file-maintenance

Conversation

@williaby

Copy link
Copy Markdown
Collaborator

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Change Update
All locks refreshed lockFileMaintenance

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 5am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 15, 2026 05:06

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock, !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7764f5ce-6e1d-4f9f-ada6-94dc073eca98

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/lock-file-maintenance

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​pytest@​9.0.3 ⏵ 9.1.087 +1100100100100
Updatedpypi/​pip-audit@​2.10.0 ⏵ 2.10.197 +1100100100100
Updatedpypi/​basedpyright@​1.39.6 ⏵ 1.39.899100100100100
Updatedpypi/​ruff@​0.15.15 ⏵ 0.15.17100100100100100
Updatedpypi/​pydoclint@​0.8.4 ⏵ 0.8.6100 +1100100100100

View full report

@williaby williaby enabled auto-merge (squash) June 27, 2026 17:08
@github-actions

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 13 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

uv.lock

NameVersionVulnerabilitySeverity
msgpack1.2.0MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught errorhigh
Only included vulnerabilities with severity high or higher.

License Issues

uv.lock

PackageVersionLicenseIssue Type
msgpack1.2.0NullUnknown License
basedpyright1.39.8NullUnknown License
cyclonedx-python-lib11.10.0NullUnknown License
filelock3.29.4NullUnknown License
idna3.18NullUnknown License
pip-audit2.10.1NullUnknown License
pydoclint0.8.6NullUnknown License
pytest9.1.0NullUnknown License
python-discovery1.4.2NullUnknown License
ruff0.15.17NullUnknown License
typer0.26.7NullUnknown License
virtualenv21.5.0NullUnknown License
distlib0.4.3NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, LGPL-2.1, LGPL-3.0, Python-2.0, Unlicense, CC0-1.0, GPL-3.0-or-later
Excluded from license check: pkg:pypi/codespell

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/msgpack 1.2.0 UnknownUnknown
pip/basedpyright 1.39.8 UnknownUnknown
pip/cyclonedx-python-lib 11.10.0 UnknownUnknown
pip/distlib 0.4.3 UnknownUnknown
pip/filelock 3.29.4 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/pip-audit 2.10.1 UnknownUnknown
pip/pydoclint 0.8.6 UnknownUnknown
pip/pytest 9.1.0 UnknownUnknown
pip/python-discovery 1.4.2 UnknownUnknown
pip/ruff 0.15.17 UnknownUnknown
pip/typer 0.26.7 UnknownUnknown
pip/virtualenv 21.5.0 UnknownUnknown

Scanned Files

  • uv.lock

@williaby williaby merged commit efcf21f into main Jun 27, 2026
70 of 71 checks passed
@williaby williaby deleted the renovate/lock-file-maintenance branch June 27, 2026 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants