Skip to content

Refresh lock files for typer and ruff bump#24

Merged
haasonsaas merged 2 commits intomainfrom
codex/ci-monitor-orbit-agent-locks-20260427
Apr 27, 2026
Merged

Refresh lock files for typer and ruff bump#24
haasonsaas merged 2 commits intomainfrom
codex/ci-monitor-orbit-agent-locks-20260427

Conversation

@haasonsaas
Copy link
Copy Markdown
Contributor

@haasonsaas haasonsaas commented Apr 27, 2026

Summary

  • regenerate requirements.lock and requirements-dev.lock after the typer and ruff dependency bump
  • keep the fix limited to the missing lockfile updates that current CI requires
  • avoid touching the Dependabot branch directly while preserving the same dependency intent

CI evidence

  • evalops/orbit-agent run 25000208360, job test (3.12), step Verify dependency lock files are updated failed with requirements.txt changed without updating requirements.lock
  • the paired test (3.11) job was cancelled after the 3.12 lockfile gate failed

Local verification

  • black --check $(git ls-files '*.py')
  • ruff check .
  • pytest -q

Notes

  • This PR is intended as the minimal repair for the current failure on evalops/orbit-agent#23.

dependabot Bot and others added 2 commits April 27, 2026 14:14
@dependabot
build(deps): bump the production-minor-patch group with 2 updates
d5fa705 
Bumps the production-minor-patch group with 2 updates: [typer](https://github.com/fastapi/typer) and [ruff](https://github.com/astral-sh/ruff).


Updates `typer` from 0.24.1 to 0.25.0
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.24.1...0.25.0)

Updates `ruff` from 0.15.11 to 0.15.12
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.11...0.15.12)

---
updated-dependencies:
- dependency-name: typer
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@haasonsaas
fix: refresh dependency lock files for typer and ruff bump
8eae442
@cursor
Copy link
Copy Markdown

cursor Bot commented Apr 27, 2026
edited
Loading

PR Summary

Low Risk
Low risk: dependency/version pin and lockfile regeneration only, with no application logic changes; main risk is unexpected behavior from updated transitive packages during install/runtime.

Overview
Updates dependency pins to typer==0.25.0 and ruff==0.15.12, and regenerates requirements.lock/requirements-dev.lock to match.

Lockfile refresh also updates several transitive versions (e.g., certifi, click, idna, packaging, pathspec, tokenizers, xxhash) and normalizes some package names/casing (e.g., Flask, Werkzeug, typing_extensions), primarily to satisfy the CI lockfile consistency check.

Reviewed by Cursor Bugbot for commit 8eae442. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedtyper@​0.24.1 ⏵ 0.25.099 +1100100100100
Updatedruff@​0.15.11 ⏵ 0.15.12100100100100100

View full report

@haasonsaas haasonsaas merged commit 0da64a6 into main Apr 27, 2026
5 checks passed
cursor[bot]
cursor Bot reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix prepared a fix for the issue found in the latest run.

  • ✅ Fixed: Ruff version mismatch between pre-commit and requirements
    • Updated .pre-commit-config.yaml to pin ruff-pre-commit to v0.15.12, matching the requirements and CI Ruff version.

You can send follow-ups to the cloud agent here.

Reviewed by Cursor Bugbot for commit 8eae442. Configure here.

Comment thread requirements.txt
pytest-cov==7.1.0
black==26.3.1
ruff==0.15.11
ruff==0.15.12
Copy link
Copy Markdown

@cursor cursor Bot Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ruff version mismatch between pre-commit and requirements

Low Severity

Bumping ruff to 0.15.12 in the requirements and lock files without also updating .pre-commit-config.yaml (which still pins ruff-pre-commit to v0.15.11) introduces a version skew that didn't exist before. Developers running pre-commit locally will lint with 0.15.11, while CI's ruff check . step uses 0.15.12, which can produce different results if any rules changed between those versions.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 8eae442. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haasonsaas