build(deps): bump the production-minor-patch group with 2 updates#23
build(deps): bump the production-minor-patch group with 2 updates#23dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps the production-minor-patch group with 2 updates: [typer](https://github.com/fastapi/typer) and [ruff](https://github.com/astral-sh/ruff). Updates `typer` from 0.24.1 to 0.25.0 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.24.1...0.25.0) Updates `ruff` from 0.15.11 to 0.15.12 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.11...0.15.12) --- updated-dependencies: - dependency-name: typer dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-minor-patch - dependency-name: ruff dependency-version: 0.15.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
the
dependencies
PR SummaryLow Risk Overview Reviewed by Cursor Bugbot for commit d5fa705. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit d5fa705. Configure here.
| # Core AI and CLI (prefer latest v3 per dspy.ai) | ||
| dspy-ai>=3.2.0,<4.0.0 | ||
| typer==0.24.1 | ||
| typer==0.25.0 |
There was a problem hiding this comment.
Lock files not updated to match bumped dependencies
Medium Severity
The requirements.txt and requirements-dev.txt files now specify typer==0.25.0 and ruff==0.15.12, but the corresponding requirements.lock and requirements-dev.lock files still pin the old versions (typer==0.24.1 and ruff==0.15.11). Anyone installing from the lock files — the typical path for reproducible deployments — will get the old versions, making this version bump ineffective and creating a mismatch between declared and actually-installed dependencies.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit d5fa705. Configure here.
|
Looks like these dependencies are no longer updatable, so this is no longer needed. |
dependabot
Bot
deleted the
dependabot/pip/production-minor-patch-cd55b31ae6
branch
Bumps the production-minor-patch group with 2 updates: typer and ruff.
Updates
typerfrom 0.24.1 to 0.25.0Release notes
Sourced from typer's releases.
... (truncated)
Changelog
Sourced from typer's changelog.
... (truncated)
Commits
959845e🔖 Release version 0.25.05e1fcfb📝 Update release notesdfb21ad🚸 Don't truncate code lines in traceback when formatted with Rich (#1695)c9554ec🔖 Release version 0.24.298f27ca📝 Update release notes31b468b🐛 Ensure thattyper.launchforwards correctly when launching a file (#1708)f0a6ee8📝 Update release notes5382d24⬆ Bump mypy from 1.20.1 to 1.20.2 (#1715)6f15177📝 Update release notes8572894⬆ Bump prek from 0.3.9 to 0.3.10 (#1716)Updates
rufffrom 0.15.11 to 0.15.12Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
Commits
66f93cfBump 0.15.12 (#24815)476a4d0[ty] Complete support for more detailed diagnostics on possibly unbound error...ed669eaImplement#ruff:file-ignorefile-level suppressions (#23599)e73d952[ty] Include inferred type ininvalid-keyconcise diagnostic for union/inte...80feb29[ty] report only dead annotation-only locals as unused (#24811)0fbf2bcDrop deprecated license classifier (#24808)43b174c[ty] Infer lambda parameter types withCallabletype context (#24317)4f449ae[ty] Add error context for intersection types (#24772)5b4e753[ty] Add support for goto in literal enum member inlay hint (#24792)e7cc762[ty] Add error context for TypedDict assignments (#24790)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions