chore(deps): consolidate the safe Dependabot backlog into one re-locked PR#124
Open
lingzhong wants to merge 4 commits into
Open
chore(deps): consolidate the safe Dependabot backlog into one re-locked PR#124lingzhong wants to merge 4 commits into
lingzhong wants to merge 4 commits into
Conversation
- astral-sh/setup-uv v5.4.2/v6 -> v8.1.0 - pypa/gh-action-pypi-publish v1.12.4 -> v1.14.0 - googleapis/release-please-action v4 -> v5
Combines these upstream Dependabot PRs into one re-locked batch: - google-agentic-commerce#112 pydantic 2.11.7 -> 2.13.4 (prod group) - google-agentic-commerce#113 dev group: mypy 1.18.2->1.20.2, pytest-mock 3.14.1->3.15.1, ruff 0.13.1->0.15.13, trio 0.30.0->0.33.0 - google-agentic-commerce#115 pytest-cov 6.2.1 -> 7.1.0 - google-agentic-commerce#122 aiohttp 3.13.4 -> 3.14.0 - google-agentic-commerce#108 idna 3.10 -> 3.15 - google-agentic-commerce#106 protobuf 6.32.0 -> 6.33.5 - google-agentic-commerce#100 pyasn1 0.6.1 -> 0.6.3 - google-agentic-commerce#103 pygments 2.19.2 -> 2.20.0 - google-agentic-commerce#105 requests 2.32.4 -> 2.33.0 - google-agentic-commerce#104 werkzeug 3.1.3 -> 3.1.6 - google-agentic-commerce#96 urllib3 2.5.0 -> 2.7.0 - google-agentic-commerce#101 flask 3.1.1 -> 3.1.3 Re-locked with uv; pytest (3 passed) and ruff check/format pass. Excludes majors x402 2.8.0 (google-agentic-commerce#117), a2a-sdk 1.0.2 (google-agentic-commerce#114), starlette 1.0.1 (google-agentic-commerce#123).
Combines upstream Dependabot PRs: - google-agentic-commerce#116 adk-demo-safe group: google-adk 1.14.1->1.33.0, click 8.2.1->8.3.3, uvicorn 0.35.0->0.46.0, web3 7.10.0->7.16.0, cdp-sdk 1.32.0->1.46.0, ruff 0.13.1->0.15.12, plus transitive cascade - google-agentic-commerce#118 pytest-cov: obviated (google-adk 1.33 no longer pulls pytest-cov) Re-locked with uv (181 packages); uv sync --group lint and ruff check/format pass.
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates various dependencies and development tools across the workspace, including google-adk, click, uvicorn, web3, pydantic, pytest-cov, pytest-mock, trio, mypy, and ruff. The feedback suggests aligning the ruff version constraint to >=0.15.13 in both pyproject.toml files to ensure consistent linting and formatting rules across the project.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this is
A single, re-locked PR that consolidates the safe (non-major) Dependabot backlog — 15 of the currently-open Dependabot PRs folded into one mergeable change. Merging this lets Dependabot auto-close those PRs on its next run, taking the open dependency backlog from 19 → 4 (the 4 remaining are majors, intentionally left for your review).
Lock files were regenerated with
uv(floor bumps +uv lock), pinned to the versions Dependabot proposed, rather than merging the individual branches — several of the older Dependabot branches were cut before the grouping config (#109) / release-please migration (#86) landed, so merging them directly would revert those.Consolidated PRs (safe — minor / patch / transitive / dev / CI)
python/x402_a2a— #112 (pydantic), #113 (dev group: mypy, pytest-mock, ruff, trio), #115 (pytest-cov), #122 (aiohttp), #108 (idna), #106 (protobuf), #105 (requests), #104 (werkzeug), #103 (pygments), #101 (flask), #100 (pyasn1), #96 (urllib3)python/examples/adk-demo— #116 (adk-demo-safe group: google-adk, click, uvicorn, web3, cdp-sdk, ruff + cascade), #118 (pytest-cov — note: now obviated, google-adk 1.33 no longer pulls pytest-cov into the resolution)GitHub Actions — #111 (setup-uv v8.1.0, gh-action-pypi-publish v1.14.0, release-please-action v5)
Intentionally left out (majors → your existing human-review policy)
x402.typesremoved); needs source changes (~7 files).TextPartremoved froma2a.types); needs source changes.Verification
python/x402_a2a:uv lock --checkclean ·pytest→ 3 passed ·ruff check+ruff format --checkpass.python/examples/adk-demo:uv lock --checkclean ·uv syncinstalls ·ruff check+ruff format --checkpass.main(125db55); no conflicts.Totally fine to close this if you'd rather merge the individual Dependabot PRs — just offering a one-shot way to clear the safe backlog.