Skip to content

chore(deps): Update#82

Open
williaby wants to merge 1 commit into
mainfrom
renovate/lock-file-maintenance
Open

chore(deps): Update#82
williaby wants to merge 1 commit into
mainfrom
renovate/lock-file-maintenance

Conversation

@williaby

Copy link
Copy Markdown
Contributor

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Change Update
All locks refreshed lockFileMaintenance

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 5am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 15, 2026 05:14

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock, !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: fd8eaa38-d827-4a25-aa87-531b77a75bff

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/lock-file-maintenance

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 43 package(s) with unknown licenses.
See the Details below.

License Issues

uv.lock

PackageVersionLicenseIssue Type
alembic1.18.5NullUnknown License
anyio4.14.1NullUnknown License
basedpyright1.39.9NullUnknown License
click8.4.2NullUnknown License
cryptography49.0.0NullUnknown License
cyclonedx-python-lib11.11.0NullUnknown License
fakeredis2.36.2NullUnknown License
fastapi0.138.2NullUnknown License
filelock3.29.4NullUnknown License
greenlet3.5.3NullUnknown License
griffelib2.1.0NullUnknown License
hypothesis6.155.7NullUnknown License
ipykernel7.3.0NullUnknown License
ipython9.15.0NullUnknown License
json50.15.0NullUnknown License
jupyter-builder1.0.2NullUnknown License
jupyter-client8.9.1NullUnknown License
jupyter-server2.20.0NullUnknown License
jupyterlab4.6.1NullUnknown License
mistune3.3.2NullUnknown License
mkdocstrings-python2.0.5NullUnknown License
msgpack1.2.1NullUnknown License
notebook7.6.0NullUnknown License
pdfminer-six20260107NullUnknown License
pip-audit2.10.1NullUnknown License
prettytable3.18.0NullUnknown License
pydantic-settings2.14.2NullUnknown License
pydoclint0.9.0NullUnknown License
pymdown-extensions11.0NullUnknown License
pytest9.1.1NullUnknown License
python-discovery1.4.2NullUnknown License
pywinpty3.0.5NullUnknown License
redis8.0.1NullUnknown License
rq2.10.0NullUnknown License
ruff0.15.20NullUnknown License
sqlalchemy2.0.51NullUnknown License
starlette1.3.1NullUnknown License
tornado6.5.7NullUnknown License
virtualenv21.5.1NullUnknown License
wcwidth0.8.2NullUnknown License
pypdfium25.11.0NullUnknown License
certifi2026.6.17NullUnknown License
distlib0.4.3NullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/alembic 1.18.5 UnknownUnknown
pip/anyio 4.14.1 UnknownUnknown
pip/atheris 3.1.0 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 33 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
pip/basedpyright 1.39.9 UnknownUnknown
pip/certifi 2026.6.17 🟢 5.9
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 9license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/click 8.4.2 UnknownUnknown
pip/coverage 7.14.3 UnknownUnknown
pip/cryptography 49.0.0 UnknownUnknown
pip/cyclonedx-python-lib 11.11.0 UnknownUnknown
pip/distlib 0.4.3 UnknownUnknown
pip/fakeredis 2.36.2 UnknownUnknown
pip/fastapi 0.138.2 UnknownUnknown
pip/filelock 3.29.4 UnknownUnknown
pip/google-auth 2.55.1 🟢 6.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/greenlet 3.5.3 UnknownUnknown
pip/griffelib 2.1.0 UnknownUnknown
pip/hypothesis 6.155.7 UnknownUnknown
pip/ipykernel 7.3.0 UnknownUnknown
pip/ipython 9.15.0 UnknownUnknown
pip/json5 0.15.0 UnknownUnknown
pip/jupyter-builder 1.0.2 UnknownUnknown
pip/jupyter-client 8.9.1 UnknownUnknown
pip/jupyter-server 2.20.0 UnknownUnknown
pip/jupyterlab 4.6.1 UnknownUnknown
pip/mistune 3.3.2 UnknownUnknown
pip/mkdocstrings-python 2.0.5 UnknownUnknown
pip/msgpack 1.2.1 UnknownUnknown
pip/nest-asyncio2 1.7.2 UnknownUnknown
pip/notebook 7.6.0 UnknownUnknown
pip/pdfminer-six 20260107 UnknownUnknown
pip/pdfplumber 0.11.10 🟢 4.4
Details
CheckScoreReason
Maintained🟢 54 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/pip-audit 2.10.1 UnknownUnknown
pip/prettytable 3.18.0 UnknownUnknown
pip/protobuf 7.35.1 UnknownUnknown
pip/pydantic-settings 2.14.2 UnknownUnknown
pip/pydoclint 0.9.0 UnknownUnknown
pip/pymdown-extensions 11.0 UnknownUnknown
pip/pypdfium2 5.11.0 🟢 4.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0no SAST tool detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
pip/pytest 9.1.1 UnknownUnknown
pip/python-discovery 1.4.2 UnknownUnknown
pip/pywinpty 3.0.5 UnknownUnknown
pip/redis 8.0.1 UnknownUnknown
pip/rq 2.10.0 UnknownUnknown
pip/ruff 0.15.20 UnknownUnknown
pip/sentry-sdk 2.63.0 🟢 5.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 24/28 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/sqlalchemy 2.0.51 UnknownUnknown
pip/starlette 1.3.1 UnknownUnknown
pip/tornado 6.5.7 UnknownUnknown
pip/virtualenv 21.5.1 UnknownUnknown
pip/wcwidth 0.8.2 UnknownUnknown

Scanned Files

  • uv.lock

@williaby williaby force-pushed the renovate/lock-file-maintenance branch from 1907139 to 6cd4d3c Compare June 29, 2026 18:16
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants