Skip to content

Upgrade pytest and requests dependencies#2

Merged
CorVous merged 1 commit into
mainfrom
claude/practical-hawking-r6pvj6
Jun 10, 2026
Merged

Upgrade pytest and requests dependencies#2
CorVous merged 1 commit into
mainfrom
claude/practical-hawking-r6pvj6

Conversation

@CassidyPrather

@CassidyPrather CassidyPrather commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Summary

Updated development dependencies to newer versions to ensure compatibility with the latest releases and receive bug fixes and improvements.

Changes

  • Upgraded pytest from >= 8.3.3, < 9 to >= 9.0.3, < 10
  • Upgraded requests from >= 2.32.5, < 3 to >= 2.33.0, < 3

Notes

  • These are development-only dependencies and do not affect the runtime behavior of the package
  • The lockfile has been updated to reflect the new dependency versions

https://claude.ai/code/session_014kq2up9Lf6HHj5nZ9bSJA8

@claude
fix(deps): resolve 9 Dependabot security vulnerabilities
398ed53 
Upgrade the seven flagged packages to their fixed versions:

  cryptography  46.0.5 -> 48.0.0  (PYSEC-2026-35, PYSEC-2026-36)
  urllib3       2.6.3  -> 2.7.0   (PYSEC-2026-141, PYSEC-2026-142)
  idna          3.11   -> 3.18    (CVE-2026-45409)
  lxml          6.0.2  -> 6.1.1   (PYSEC-2026-87)
  pygments      2.19.2 -> 2.20.0  (CVE-2026-4539)
  pytest        8.4.2  -> 9.0.3   (CVE-2025-71176)
  requests      2.32.5 -> 2.34.2  (CVE-2026-25645)

pytest and requests are direct dev dependencies, so their floors in
pyproject.toml are raised to the fixed versions (pytest also needed its
`< 9` ceiling lifted). The rest are transitive and updated in the lock.

pip-audit now reports no known vulnerabilities; tests, ruff, and ty all
pass.
@CorVous CorVous self-requested a review June 10, 2026 05:04
CorVous
CorVous approved these changes Jun 10, 2026
View reviewed changes

@CorVous CorVous left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, 💯

@CorVous CorVous merged commit 681ac50 into main Jun 10, 2026
2 checks passed
@CorVous CorVous deleted the claude/practical-hawking-r6pvj6 branch June 10, 2026 05:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CorVous CorVous CorVous approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CassidyPrather @CorVous @claude