Skip to content

chore(deps): update zxcvbn requirement from <5.0,>=4.4 to >=4.5.0,<5.0#255

Merged
cmeans merged 1 commit into
mainfrom
dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0
Apr 12, 2026
Merged

chore(deps): update zxcvbn requirement from <5.0,>=4.4 to >=4.5.0,<5.0#255
cmeans merged 1 commit into
mainfrom
dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 11, 2026
edited
Loading

Updates the requirements on zxcvbn to permit the latest version.

Changelog

Sourced from zxcvbn's changelog.

v4.5.0 (2025-02-19)

  • decorator solution for lazy loading frequency_lists library View
  • handle zero-length password gracefully View
  • add failing test for empty password scenario View
  • Merge branch 'musicsnobj-feature/l33t-exploit' View
  • Merge branch 'feature/l33t-exploit' of github.com:musicsnobj/zxcvbn-python into musicsnobj-feature/l33t-exploit View
  • use optional third arg instead of env variable for max password length View
  • Merge branch 'feature/setup-tox' into feature/l33t-exploit View
  • fuzzy match all py test versions View
  • update README w/ tested py versions, try 3.8.* as test version View
  • remove python 2 condition from mypy job View
  • add py versions 3.12 and 3.13 View
  • add py versions 3.9, 3.10, 3.11 View
  • trying another tox config View
  • tweak tox config View
  • rm reference to requirements.txt View
  • let tox control pytest version View
  • try python version 3.8.18 by itself View
  • update build.yml with python versions supported by Ubuntu 24.04 View
  • try dropping python versions older than 3.6 View
  • try v5 of setup-python gha View
  • add tox.ini, add python versions to test View
  • fuzzy match all py test versions View
  • update README w/ tested py versions, try 3.8.* as test version View
  • remove python 2 condition from mypy job View
  • add py versions 3.12 and 3.13 View
  • add py versions 3.9, 3.10, 3.11 View
  • trying another tox config View
  • tweak tox config View
  • rm reference to requirements.txt View
  • let tox control pytest version View
  • try python version 3.8.18 by itself View
  • update build.yml with python versions supported by Ubuntu 24.04 View
  • try dropping python versions older than 3.6 View
  • try v5 of setup-python gha View
  • add tox.ini, add python versions to test View
  • add max password length, default 72, configurable via ZXCVBN_MAX_LENGTH env var View
  • Match the correct dictionary name for English words View
  • Add the license file to the source tarball View
  • update supported python versions in README View
  • github actions & mypy View
  • Fix syntax warning over comparison of literals using is. (#53) View
  • Added Python 3.8 to travis config. (#50) View
  • add 3.7 in python versions tested on travis ci (#44) View

v4.4.28 (2019-05-28)

  • Prefer stdin for password if it is readable (#43) View
  • updating version to 4.4.28 View

... (truncated)

Commits
  • 566fff1 update changelog, update setup.py for version 4.5.0
  • f416148 decorator solution for lazy loading frequency_lists library
  • 2939b6b handle zero-length password gracefully
  • 8459ce5 add failing test for empty password scenario
  • 2b3e11f Merge branch 'musicsnobj-feature/l33t-exploit'
  • c7fc8b1 Merge branch 'feature/l33t-exploit' of github.com:musicsnobj/zxcvbn-python in...
  • 1ed43f5 use optional third arg instead of env variable for max password length
  • 98a2b4d Merge branch 'feature/setup-tox' into feature/l33t-exploit
  • 558084c fuzzy match all py test versions
  • 7369112 update README w/ tested py versions, try 3.8.* as test version
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Dependency updates label Apr 11, 2026
@github-actions github-actions Bot added Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA Ready for QA Dev work complete — QA can begin review and removed Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA labels Apr 11, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 11, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@cmeans cmeans added the QA Active QA is actively reviewing; Dev should not push changes label Apr 12, 2026
@github-actions github-actions Bot removed the Ready for QA Dev work complete — QA can begin review label Apr 12, 2026
@cmeans cmeans mentioned this pull request Apr 12, 2026
Merged
cmeans
cmeans reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@cmeans cmeans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[QA] Dependabot batch review — Signoff

Verdict: Ready for QA Signoff. This is a minimum-version-floor bump — upper bound unchanged, CI green (lint/typecheck/test 3.10+3.11+3.12/codecov all pass), single-line pyproject.toml change, no behavior change, no breaking version transition.

Reviewed as part of the dependabot batch (#252/#253/#254/#255/#256). All 5 PRs are the same shape: pyproject.toml minimum-floor bump within the existing major-version range.

CHANGELOG check: these minimum-floor bumps are not user-visible, not behavior changes, and not noteworthy code changes per feedback_changelog_per_pr — no CHANGELOG entry needed. The compatible version range narrows from below but the upper bound (the thing that matters for breaking changes) is unchanged.

Merge-order note: all 5 touch pyproject.toml so they will conflict with each other after the first one merges. Merge sequentially; dependabot will auto-rebase the remaining PRs after each merge.

This was referenced Apr 12, 2026
Merged
Merged
Merged
@cmeans
Copy link
Copy Markdown
Owner

cmeans commented Apr 12, 2026

[QA] Dependabot batch — Ready for QA Signoff. Min-floor bump only, upper bound unchanged, CI all green. Merge sequentially (all 5 touch pyproject.toml). Applying label as final act.

@cmeans cmeans added Ready for QA Signoff QA passed — ready for maintainer final review and merge and removed QA Active QA is actively reviewing; Dev should not push changes labels Apr 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0 branch from de02caf to 2d65095 Compare April 12, 2026 03:57
@github-actions github-actions Bot added Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA Ready for QA Dev work complete — QA can begin review and removed Ready for QA Signoff QA passed — ready for maintainer final review and merge Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA labels Apr 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0 branch from 2d65095 to 474a34b Compare April 12, 2026 04:14
@github-actions github-actions Bot added Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA Ready for QA Dev work complete — QA can begin review and removed Ready for QA Dev work complete — QA can begin review Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA labels Apr 12, 2026
@cmeans
Copy link
Copy Markdown
Owner

cmeans commented Apr 12, 2026

@dependabot rebase

@cmeans cmeans removed the Ready for QA Dev work complete — QA can begin review label Apr 12, 2026
@dependabot
chore(deps): update zxcvbn requirement from <5.0,>=4.4 to >=4.5.0,<5.0
afdbba1 
Updates the requirements on [zxcvbn](https://github.com/dwolfhub/zxcvbn-python) to permit the latest version.
- [Changelog](https://github.com/dwolfhub/zxcvbn-python/blob/master/CHANGELOG.md)
- [Commits](dwolfhub/zxcvbn-python@v4.4.1...v4.5.0)

---
updated-dependencies:
- dependency-name: zxcvbn
  dependency-version: 4.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0 branch from 474a34b to afdbba1 Compare April 12, 2026 04:19
@github-actions github-actions Bot added the Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA label Apr 12, 2026
@github-actions github-actions Bot added Ready for QA Dev work complete — QA can begin review and removed Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA labels Apr 12, 2026
@cmeans cmeans added QA Approved Manual QA testing completed and passed and removed Ready for QA Dev work complete — QA can begin review labels Apr 12, 2026
cmeans
cmeans approved these changes Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@cmeans cmeans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cmeans cmeans merged commit 2bd35ab into main Apr 12, 2026
19 checks passed
@cmeans cmeans deleted the dependabot/pip/zxcvbn-gte-4.5.0-and-lt-5.0 branch April 12, 2026 04:22
@cmeans cmeans mentioned this pull request Apr 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmeans cmeans cmeans approved these changes

Assignees

No one assigned

Labels

dependencies Dependency updates QA Approved Manual QA testing completed and passed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cmeans