The docs dependency lockfile currently triggers GitHub Dependabot alerts for:
Current state when checked on 2026-05-13:
- requirements-docs.txt is already locked and hash-pinned
- pip-audit reports these fix targets:
- requests -> 2.33.0
- urllib3 -> 2.7.0
- the resolved docs dependency graph was already at the newest installable versions visible from the current package source during verification
Action to take once patched releases are available from the package index used by this repo:
- Regenerate requirements-docs.txt from requirements-docs.in
- Verify pip-audit -r requirements-docs.txt is clean
- Push the updated lockfile so Dependabot alerts clear
Notes:
- This affects the docs build dependency set in requirements-docs.txt
- The docs GitHub Actions workflow now installs with --require-hashes and --only-binary :all:
The docs dependency lockfile currently triggers GitHub Dependabot alerts for:
Current state when checked on 2026-05-13:
Action to take once patched releases are available from the package index used by this repo:
Notes: