chore(deps): batch dependabot bumps (3 actions + 4 pip)#183
Merged
Conversation
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.2 to 3.0.1. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@3bb1273...718ea10) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...ece7cb0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...9c091bb) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [click](https://github.com/pallets/click) from 8.4.1 to 8.4.2. - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md) - [Commits](pallets/click@8.4.1...8.4.2) --- updated-dependencies: - dependency-name: click dependency-version: 8.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.49.0 to 0.50.2. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.49.0...0.50.2) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.50.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.2.0 to 12.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.2.0...12.3.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 6.20.0 to 6.21.0. - [Release notes](https://github.com/pyinstaller/pyinstaller/releases) - [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst) - [Commits](pyinstaller/pyinstaller@v6.20.0...v6.21.0) --- updated-dependencies: - dependency-name: pyinstaller dependency-version: 6.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates 7 safe dependabot PRs into one CI run (they overlap on
release.yml/ci.ymland the constraints files, so batching avoids serial rebase churn). Cherry-picked from the dependabot branches — exact verified SHAs preserved.Action bumps (all Node 20→24 runtime only, no input/behavior changes — also clears the Node20 deprecation warnings in release logs):
actions/checkoutv4 → v7.0.0 (chore(deps): bump actions/checkout from 4.3.1 to 7.0.0 #169)actions/setup-pythonv5 → v6.3.0 (chore(deps): bump actions/setup-python from 5.6.0 to 6.3.0 #168)softprops/action-gh-releasev2 → v3.0.1 (chore(deps): bump softprops/action-gh-release from 2.6.2 to 3.0.1 #167)Pip bumps (constraints lockfiles, minor/patch):
click8.4.1 → 8.4.2 (chore(deps): bump click from 8.4.1 to 8.4.2 #170)uvicorn0.49.0 → 0.50.2 (chore(deps): bump uvicorn from 0.49.0 to 0.50.2 #172)pillow12.2.0 → 12.3.0 (chore(deps): bump pillow from 12.2.0 to 12.3.0 #173)pyinstaller6.20.0 → 6.21.0 (chore(deps): bump pyinstaller from 6.20.0 to 6.21.0 #174)Closed separately: #171 (
pydantic-core) — pinned exactly bypydantic, unresolvable in isolation.Supersedes #167, #168, #169, #170, #172, #173, #174.
🤖 Generated with Claude Code