Skip to content

chore: aggregate dependency updates (exclude litellm bump)#27

Open
Inokinoki wants to merge 26 commits into
mainfrom
chore/dep-rollup-test-20260430
Open

chore: aggregate dependency updates (exclude litellm bump)#27
Inokinoki wants to merge 26 commits into
mainfrom
chore/dep-rollup-test-20260430

Conversation

@Inokinoki

@Inokinoki Inokinoki commented Apr 30, 2026

Copy link
Copy Markdown
Member

Summary

  • Aggregate open Renovate/Dependabot dependency update branches into one validation PR.
  • Keep workflow action digest/version updates and Python dependency bumps (boto3, pandas, pyyaml, isort, pygments, tornado, urllib3).
  • Explicitly exclude the litellm security bump by reverting that merge, because it conflicts with the current openai<2 constraint and makes dependency resolution unsatisfiable.

Test plan

  • make setup
  • make check_format
  • uv run python ./src/flare/main.py --config-path ./tests/data/example_config.json --sample-path ./tests/data/bias-samples/ --name test-run (blocked locally without OPENAI_API_KEY)

Made with Cursor

dependabot Bot and others added 24 commits March 30, 2026 12:42
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to 6.5.5.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.2...v6.5.5)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](pygments/pygments@2.19.2...2.20.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-version: 2.20.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
…ity' into chore/dep-rollup-test-20260430

Made-with: Cursor

# Conflicts:
#	pyproject.toml
…lnerability' into chore/dep-rollup-test-20260430"

This reverts commit 2a5ed04, reversing
changes made to 5b386ef.
renovate Bot and others added 2 commits May 7, 2026 10:25
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Inoki <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant