Skip to content

Update deps to address security vulnerabilities #5873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
snejus merged 2 commits into from
Jul 20, 2025
Merged

Update deps to address security vulnerabilities #5873

snejus merged 2 commits into from
Jul 20, 2025

Conversation

@snejus
Copy link
Member

@snejus snejus commented Jul 15, 2025
edited
Loading

This PR updates dependencies to address security vulnerabilities

Key changes

  • GitHub Actions: Updated tj-actions/changed-files from v44/v45 to v46 across all workflows
  • Python package updates:
image

@snejus snejus requested review from Copilot, semohr and wisp3rwind July 15, 2025 12:52
@github-actions
Copy link

github-actions bot commented Jul 15, 2025

Thank you for the PR! The changelog has not been updated, so here is a friendly reminder to check if you need to add an entry.

This comment was marked as outdated.

Sign in to view

@snejus snejus force-pushed the update-deps-add-xdist branch 4 times, most recently from 38b6102 to bf08de5 Compare July 16, 2025 13:10
@snejus snejus changed the title Update deps to address security vulnerabilities, add pytest-xdist Update deps to address security vulnerabilities Jul 16, 2025
@snejus snejus force-pushed the update-deps-add-xdist branch from bf08de5 to 62bbd18 Compare July 17, 2025 12:30
wisp3rwind
wisp3rwind approved these changes Jul 17, 2025
View reviewed changes
Copy link
Member

@wisp3rwind wisp3rwind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sensible to me 👍

FWIW, the new pathspec dependency comes from python/mypy#18696. Some discussion around that here: python/mypy#19275

Pygments has become a new dep of pytest, which is why it's non-optional now.

I'm a bit puzzled at how this fits with closing #5749; but anyway, let's merge this!

@snejus
Copy link
Member Author

snejus commented Jul 20, 2025

@wisp3rwind I see how closing #5749 is confusing: the main reason why I ended up updating the action here was that I wanted to tick off each of the issues reported here. I don't think I had initially realised that the issue with the action was present in this list.

@snejus snejus merged commit 0fec858 into master Jul 20, 2025
20 checks passed
@snejus snejus deleted the update-deps-add-xdist branch July 20, 2025 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@wisp3rwind wisp3rwind wisp3rwind approved these changes

@semohr semohr Awaiting requested review from semohr

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@snejus @wisp3rwind