security(deps): bump the dataviewer-backend-dependencies group across 1 directory with 15 updates#428
Merged
katriendg merged 3 commits intoApr 13, 2026
Conversation
dependabot
Bot
added
dataviewer
dependencies
Contributor
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issuesdata-management/viewer/backend/uv.lock
OpenSSF ScorecardScorecard details
Scanned Files
|
github-actions
Bot
changed the title
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #428 +/- ##
=======================================
Coverage 64.41% 64.41%
=======================================
Files 251 251
Lines 15435 15435
Branches 2060 2108 +48
=======================================
Hits 9942 9942
Misses 5205 5205
Partials 288 288
🚀 New features to boost your workflow:
|
jjottar
pushed a commit
to jjottar/physical-ai-toolchain
that referenced
this pull request
Apr 9, 2026
🤖 I have created a release *beep* *boop* --- ## [0.5.0](microsoft/physical-ai-toolchain@v0.4.0...v0.5.0) (2026-03-26) ### ✨ Features * add dataviewer web application for dataset analysis and annotation ([microsoft#375](microsoft#375)) ([c44d7bb](microsoft@c44d7bb)) * add return type annotations to cli_args functions ([microsoft#476](microsoft#476)) ([35523ee](microsoft@35523ee)) * add YAML config schema with pydantic validation for ROS 2 recording ([microsoft#376](microsoft#376)) ([1fa5243](microsoft@1fa5243)) * **agents:** Copilot agents and skills for dataviewer and OSMO training workflows. ([microsoft#444](microsoft#444)) ([8b72daf](microsoft@8b72daf)) * **build:** add automated ms.date freshness checking ([microsoft#448](microsoft#448)) ([f92ddbc](microsoft@f92ddbc)) * **build:** add CLA section, Dependabot security prefix, and OWASP ZAP DAST scan ([microsoft#241](microsoft#241)) ([083a8af](microsoft@083a8af)) * **build:** add coverage.py configuration to pyproject.toml ([microsoft#428](microsoft#428)) ([eac7426](microsoft@eac7426)) * **build:** add Go CI pipeline with golangci-lint and go test ([microsoft#351](microsoft#351)) ([b27e4fb](microsoft@b27e4fb)) * **build:** add OpenSSF Scorecard workflow and badge ([microsoft#431](microsoft#431)) ([98a62e7](microsoft@98a62e7)) * **build:** add release artifact signing and SBOM attestation ([microsoft#480](microsoft#480)) ([b226e96](microsoft@b226e96)) * **build:** add TFLint reusable GitHub Actions workflow ([microsoft#229](microsoft#229)) ([34d5575](microsoft@34d5575)) * **build:** split Go CI into separate lint and test pipelines ([microsoft#354](microsoft#354)) ([2dec155](microsoft@2dec155)) * **dataviewer:** add authentication middleware and CSRF protection for mutation endpoints ([microsoft#432](microsoft#432)) ([77c8a01](microsoft@77c8a01)) * **docs:** create training documentation hub with guides and migration ([microsoft#380](microsoft#380)) ([0fdccc5](microsoft@0fdccc5)) * **docs:** port Docusaurus documentation site with full build validation ([microsoft#182](microsoft#182)) ([29dd640](microsoft@29dd640)) * fix and deploy dataviewer ([microsoft#498](microsoft#498)) ([c922d49](microsoft@c922d49)) * **inference:** add AzureML and local LeRobot inference workflows ([microsoft#438](microsoft#438)) ([f7d786a](microsoft@f7d786a)) * **inference:** add MLflow trajectory plots and multi-source support to OSMO inference workflow ([microsoft#421](microsoft#421)) ([8637458](microsoft@8637458)) * **infra:** add blob storage lifecycle policies and folder structure ([microsoft#179](microsoft#179)) ([101a6e8](microsoft@101a6e8)) * **infrastructure:** add optional observability and compute feature flags ([microsoft#437](microsoft#437)) ([9eba0da](microsoft@9eba0da)) * **infrastructure:** add private Linux Isaac Sim VM deployment option ([microsoft#348](microsoft#348)) ([3748c2d](microsoft@3748c2d)) * **infrastructure:** add terraform-docs auto-generation pipeline ([microsoft#358](microsoft#358)) ([6565caa](microsoft@6565caa)) * **infrastructure:** harden Isaac Sim VM deployment with encryption and spot options ([microsoft#355](microsoft#355)) ([6ebc1f2](microsoft@6ebc1f2)) * **repo:** migrate to domain-driven architecture ([microsoft#270](microsoft#270)) ([a339e70](microsoft@a339e70)) * **scripts:** add --config-preview and deployment summary to submission scripts ([microsoft#499](microsoft#499)) ([4069806](microsoft@4069806)) * **scripts:** add Copilot attribution footer validation to frontmatter linting ([microsoft#378](microsoft#378)) ([4d595f2](microsoft@4d595f2)) * **src:** add dataviewer web application with storage adapter layer ([microsoft#404](microsoft#404)) ([8a9fb70](microsoft@8a9fb70)) ### 🐛 Bug Fixes * **build:** add GHSA to cspell custom dictionary ([microsoft#315](microsoft#315)) ([67db81a](microsoft@67db81a)) * **build:** correct codecov report_type input for terraform test uploads ([microsoft#324](microsoft#324)) ([d90d66d](microsoft@d90d66d)) * **build:** expand CODEOWNERS coverage to critical paths ([microsoft#505](microsoft#505)) ([bafade1](microsoft@bafade1)) * **build:** pin Docker base image and pip dependencies with Dependabot coverage ([microsoft#497](microsoft#497)) ([d3d7ea4](microsoft@d3d7ea4)) * **build:** pin pydantic version and use uv in config schema validation workflow ([microsoft#493](microsoft#493)) ([28d823f](microsoft@28d823f)) * **build:** pin uv installer to versioned URL ([microsoft#495](microsoft#495)) ([8d8541b](microsoft@8d8541b)) * **build:** remediate GHSA vulnerabilities flagged by OSSF Scorecard ([microsoft#271](microsoft#271)) ([49b6e58](microsoft@49b6e58)) * **build:** remove README frontmatter, add FrontmatterExcludePaths, enforce Pester 5 ([microsoft#443](microsoft#443)) ([641d0f3](microsoft@641d0f3)) * **build:** resolve CI failures for release 0.5.0 PR ([microsoft#174](microsoft#174)) ([62c9900](microsoft@62c9900)) * **build:** resolve codecov PR comment suppression ([microsoft#523](microsoft#523)) ([5603bd7](microsoft@5603bd7)) * **build:** use npm ci for deterministic frontend dependency install ([microsoft#491](microsoft#491)) ([ee8b5d3](microsoft@ee8b5d3)), closes [microsoft#490](microsoft#490) * **ci:** add `wait_for_ci` to Codecov configuration ([microsoft#183](microsoft#183)) ([370cf44](microsoft@370cf44)) * **CI:** Issue 116 clean up dataviewer tests ([microsoft#184](microsoft#184)) ([f466c23](microsoft@f466c23)) * **ci:** pin pydantic to ==2.12.5 across all references ([microsoft#230](microsoft#230)) ([9d841d5](microsoft@9d841d5)) * **dataviewer:** add HTTP Range support for blob video streaming ([microsoft#165](microsoft#165)) ([8adde50](microsoft@8adde50)) * **dataviewer:** remediate CodeQL alerts and align ruff config ([microsoft#419](microsoft#419)) ([eb6fac9](microsoft@eb6fac9)) * **dataviewer:** remediate path traversal and input validation vulnerabilities ([microsoft#413](microsoft#413)) ([0a1d2ca](microsoft@0a1d2ca)) * **docs:** remove trailingSlash: false for GitHub Pages compatibility ([microsoft#228](microsoft#228)) ([a78cb97](microsoft@a78cb97)) * **gpu:** add GPU Operator validation dependencies to GRID driver installer ([microsoft#441](microsoft#441)) ([eec42da](microsoft@eec42da)) * **infrastructure:** add zone-redundant config to VPN gateway public IP ([microsoft#352](microsoft#352)) ([2d734f4](microsoft@2d734f4)) * **infrastructure:** improve stdout handling for helm commands in GPU… ([microsoft#311](microsoft#311)) ([153f467](microsoft@153f467)) * **infrastructure:** resolve remaining TFLint violations in SIL module and example configs ([microsoft#298](microsoft#298)) ([c0ce3e5](microsoft@c0ce3e5)) * **infrastructure:** resolve TFLint violations in root and automation modules ([microsoft#287](microsoft#287)) ([b6a4604](microsoft@b6a4604)), closes [microsoft#203](microsoft#203) * **infrastructure:** update deprecated bgp vng variable name ([microsoft#307](microsoft#307)) ([f530734](microsoft@f530734)) * **scripts:** pin uv version in OSMO workflow templates ([microsoft#500](microsoft#500)) ([7edf13a](microsoft@7edf13a)) * **scripts:** replace lambda with def in lerobot_handler to satisfy R… ([microsoft#176](microsoft#176)) ([baf9e58](microsoft@baf9e58)) * **scripts:** support OSMO control-plane deploys with in-cluster Redis ([microsoft#317](microsoft#317)) ([d4b70de](microsoft@d4b70de)) * **scripts:** update compute target name derivation logic ([microsoft#319](microsoft#319)) ([bb20431](microsoft@bb20431)) * **settings:** update devcontainer name to match project context ([microsoft#177](microsoft#177)) ([745321e](microsoft@745321e)) * **terraform:** create PostgreSQL Key Vault secret via ARM control plane ([microsoft#304](microsoft#304)) ([5d73b81](microsoft@5d73b81)) * **terraform:** gate observability with feature flags ([microsoft#303](microsoft#303)) ([ea5e056](microsoft@ea5e056)) * **terraform:** switch VPN gateway defaults to AZ SKUs ([microsoft#309](microsoft#309)) ([74989c5](microsoft@74989c5)) * **training:** correct learning rate mapping and pin LeRobot version ([microsoft#439](microsoft#439)) ([5cf9943](microsoft@5cf9943)) * **workflows:** enable SARIF upload for dependency-pinning scans ([microsoft#502](microsoft#502)) ([124cad6](microsoft@124cad6)), closes [microsoft#501](microsoft#501) * **workflows:** remove redundant top-level permissions from codeql-analysis ([microsoft#489](microsoft#489)) ([1490fda](microsoft@1490fda)) * **workflows:** use bash shell for uv.lock regeneration and add SARIF to dictionary ([microsoft#225](microsoft#225)) ([e6fa6ea](microsoft@e6fa6ea)) ### 📚 Documentation * add chunking and compression configuration guide for Jetson edge recording ([microsoft#408](microsoft#408)) ([787a322](microsoft@787a322)) * add OpenSSF Best Practices badge to README ([microsoft#282](microsoft#282)) ([01ea384](microsoft@01ea384)) * add threat model cross-reference to SECURITY.md ([microsoft#235](microsoft#235)) ([88a461e](microsoft@88a461e)) * add vulnerability remediation timeline to SECURITY.md ([microsoft#233](microsoft#233)) ([5ead3ee](microsoft@5ead3ee)) * **contributing:** remove version-specific planning language from ownership tip ([microsoft#407](microsoft#407)) ([3191f9b](microsoft@3191f9b)) * **deploy:** replace deploy/ READMEs with pointer files ([microsoft#379](microsoft#379)) ([b3c3abb](microsoft@b3c3abb)) * **docs:** add bug report response timeline for OSSF report_responses criterion ([microsoft#485](microsoft#485)) ([9b26212](microsoft@9b26212)) * **docs:** add component update process for OpenSSF Silver badge ([microsoft#446](microsoft#446)) ([6adc8a2](microsoft@6adc8a2)) * **docs:** Add data collection and training recipes ([microsoft#343](microsoft#343)) ([9c34f86](microsoft@9c34f86)) * **docs:** add deprecation policy for external interfaces ([microsoft#445](microsoft#445)) ([229d5db](microsoft@229d5db)) * **docs:** add structure for recipes in repo ([microsoft#322](microsoft#322)) ([098757b](microsoft@098757b)) * **docs:** add YAML frontmatter to SUPPORT.md ([microsoft#478](microsoft#478)) ([d94c15d](microsoft@d94c15d)), closes [microsoft#347](microsoft#347) * **docs:** clarify issue assignment requirement before starting work ([microsoft#299](microsoft#299)) ([1534462](microsoft@1534462)) * **docs:** create inference and training docs hubs ([microsoft#402](microsoft#402)) ([7a20a2e](microsoft@7a20a2e)) * **docs:** create reference hub and migrate script documentation ([microsoft#503](microsoft#503)) ([03a31c6](microsoft@03a31c6)) * **docs:** create training and inference documentation hubs ([microsoft#403](microsoft#403)) ([7be003b](microsoft@7be003b)) * **operations:** create operations hub and troubleshooting guide ([microsoft#525](microsoft#525)) ([31c7aaa](microsoft@31c7aaa)) * **reference:** add copilot artifacts documentation hub ([microsoft#170](microsoft#170)) ([9a45ca4](microsoft@9a45ca4)) * simplify root README and update prerequisites ([microsoft#440](microsoft#440)) ([c0c7710](microsoft@c0c7710)) ### ♻️ Code Refactoring * **build:** align Python dependency workflows with uv ([microsoft#447](microsoft#447)) ([3102e03](microsoft@3102e03)) * **docs:** rename Docusaurus site to Physical AI Toolchain ([microsoft#224](microsoft#224)) ([cfdf47a](microsoft@cfdf47a)) * **infrastructure:** rename boolean variables to `should_` prefix and add missing core variables ([microsoft#292](microsoft#292)) ([4496593](microsoft@4496593)) * **python:** move runtime deps to workflow pyproject manifests ([microsoft#405](microsoft#405)) ([6c5fbeb](microsoft@6c5fbeb)) ### 📦 Build System * **build:** add Codecov upload to pytest workflow ([microsoft#434](microsoft#434)) ([0110c17](microsoft@0110c17)) * **deps-dev:** bump the npm_and_yarn group across 2 directories with 1 update ([microsoft#325](microsoft#325)) ([59cf9e6](microsoft@59cf9e6)) * **workflows:** enable coverage parameters and fix Pester test infrastructure ([microsoft#435](microsoft#435)) ([528bbde](microsoft@528bbde)) ### 🔧 Miscellaneous * add gomod to cspell general-technical wordlist ([microsoft#362](microsoft#362)) ([1f93f47](microsoft@1f93f47)) * **build:** add codecov.yml for unified coverage reporting ([microsoft#430](microsoft#430)) ([b0faf70](microsoft@b0faf70)) * **build:** add Go toolchain devcontainer feature and Dependabot gomod ([microsoft#337](microsoft#337)) ([8a36620](microsoft@8a36620)) * **deps:** bump cryptography from 45.0.7 to 46.0.5 in /src/training ([microsoft#506](microsoft#506)) ([a06434e](microsoft@a06434e)) * **deps:** bump minimatch in /src/dataviewer/frontend ([microsoft#416](microsoft#416)) ([38a7607](microsoft@38a7607)) * **deps:** bump pyasn1 from 0.6.2 to 0.6.3 in /training/rl ([microsoft#296](microsoft#296)) ([7b42cf5](microsoft@7b42cf5)) * **deps:** bump rollup in /src/dataviewer/frontend ([microsoft#417](microsoft#417)) ([6302ce4](microsoft@6302ce4)) * **deps:** bump the common-dependencies group in /src/common with 3 updates ([microsoft#507](microsoft#507)) ([db05074](microsoft@db05074)) * **deps:** bump the github-actions group across 1 directory with 6 updates ([microsoft#284](microsoft#284)) ([c40eff6](microsoft@c40eff6)) * **deps:** bump the github-actions group across 1 directory with 6 updates ([microsoft#433](microsoft#433)) ([2d9dd4f](microsoft@2d9dd4f)) * **deps:** bump the github-actions group across 1 directory with 6 updates ([microsoft#510](microsoft#510)) ([c334a64](microsoft@c334a64)) * **deps:** bump the github-actions group with 2 updates ([microsoft#163](microsoft#163)) ([f25713e](microsoft@f25713e)) * **deps:** bump the inference-dependencies group in /evaluation with 3 updates ([microsoft#279](microsoft#279)) ([1d2d3dc](microsoft@1d2d3dc)) * **deps:** bump the inference-dependencies group in /src/inference with 5 updates ([microsoft#508](microsoft#508)) ([2852ffb](microsoft@2852ffb)) * **deps:** bump the lerobot-inference-dependencies group in /workflows/azureml with 4 updates ([microsoft#511](microsoft#511)) ([b7c5773](microsoft@b7c5773)) * **deps:** bump the npm_and_yarn group across 2 directories with 1 update ([microsoft#223](microsoft#223)) ([6a261ab](microsoft@6a261ab)) * **deps:** bump the training-dependencies group ([microsoft#429](microsoft#429)) ([66e43f4](microsoft@66e43f4)) * **deps:** bump tornado from 6.5.4 to 6.5.5 in the uv group across 1 directory ([microsoft#172](microsoft#172)) ([d6caf29](microsoft@d6caf29)) * **docs:** correct ms.date tooling and refresh stale documentation ([microsoft#349](microsoft#349)) ([ccaa1e8](microsoft@ccaa1e8)) * **infrastructure:** add Go module and golangci-lint config for e2e tests ([microsoft#347](microsoft#347)) ([e0e6bbf](microsoft@e0e6bbf)) * **infrastructure:** add root .terraform-docs.yml configuration ([microsoft#312](microsoft#312)) ([bb73bbb](microsoft@bb73bbb)) * migrate references from Azure-Samples to microsoft/physical-ai-toolchain ([f58f0ef](microsoft@f58f0ef)) * **workflows:** update Dependabot, CodeQL, CODEOWNERS, and cspell for dataviewer coverage ([microsoft#231](microsoft#231)) ([6d8c2e8](microsoft@6d8c2e8)) ### 🔒 Security * **deps:** bump mlflow from 3.5.0 to 3.8.0rc0 in /training/rl ([microsoft#297](microsoft#297)) ([e9929df](microsoft@e9929df)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([microsoft#344](microsoft#344)) ([6826929](microsoft@6826929)) * **deps:** bump the inference-dependencies group in /evaluation with 2 updates ([microsoft#339](microsoft#339)) ([6804630](microsoft@6804630)) * **deps:** bump the npm_and_yarn group across 3 directories with 1 update ([microsoft#361](microsoft#361)) ([6760857](microsoft@6760857)) * **deps:** bump the training-dependencies group across 1 directory with 54 updates ([microsoft#286](microsoft#286)) ([d9ae04f](microsoft@d9ae04f)) * **deps:** bump the uv group across 3 directories with 1 update ([microsoft#360](microsoft#360)) ([dfbda06](microsoft@dfbda06)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: physical-ai-toolchain-release[bot] <267194360+physical-ai-toolchain-release[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bill Berry <wbery@microsoft.com>
…directory with 15 updates --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dataviewer-backend-dependencies - dependency-name: uvicorn[standard] dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dataviewer-backend-dependencies - dependency-name: python-multipart dependency-version: 0.0.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: numpy dependency-version: 2.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: ruff dependency-version: 0.15.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: hypothesis dependency-version: 6.151.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: schemathesis dependency-version: 4.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dataviewer-backend-dependencies - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: azure-identity dependency-version: 1.25.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: pandas dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies - dependency-name: huggingface-hub dependency-version: 1.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dataviewer-backend-dependencies - dependency-name: h5py dependency-version: 3.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dataviewer-backend-dependencies - dependency-name: ultralytics dependency-version: 8.4.36 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dataviewer-backend-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/uv/data-management/viewer/backend/dataviewer-backend-dependencies-a0dc1b068a
branch
from
7562c3f to
ffaadd9
Compare
…/dataviewer-backend-dependencies-a0dc1b068a
WilliamBerryiii
approved these changes
Apr 10, 2026
Collaborator
|
@dependabot rebase |
Contributor
Author
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
…/dataviewer-backend-dependencies-a0dc1b068a
katriendg
deleted the
dependabot/uv/data-management/viewer/backend/dataviewer-backend-dependencies-a0dc1b068a
branch
WilliamBerryiii
pushed a commit
that referenced
this pull request
May 8, 2026
🤖 I have created a release *beep* *boop* --- ## [0.8.0](v0.7.4...v0.8.0) (2026-05-08) ### ⚠ BREAKING CHANGES * **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4, MSAL 5, ESLint 10 ([#524](#524)) ### ✨ Features * **agents:** add automated validation for high-risk Dependabot bumps ([#574](#574)) ([8c3686a](8c3686a)), closes [#573](#573) * **data:** add camera selector to annotation workspace and fix AV1 frame extraction ([#591](#591)) ([c809d2f](c809d2f)) * **data:** seed dataviewer frontend test foundation and per-section codecov flags ([#594](#594)) ([c06c4e3](c06c4e3)) * **dataviewer:** add OWASP security middleware stack ([#439](#439)) ([239edb9](239edb9)) * **infrastructure:** add conversion pipeline Terraform module ([#542](#542)) ([244531e](244531e)) * **infrastructure:** upgrade OSMO to chart 1.2.1 / image 6.2 with secure auth and skrl 2.0.0 compatibility ([#492](#492)) ([edfd7a5](edfd7a5)) * **pipeline:** add ACSA setup for ROS2 bag sync to Blob ([#451](#451)) ([c271a54](c271a54)) * **workflows:** add advisory Dependabot PR reviewer agentic workflow ([#498](#498)) ([d4bb140](d4bb140)) * **workflows:** trigger AW Dependabot PR reviewer after PR Validation ([#580](#580)) ([7ab3d16](7ab3d16)) ### 🐛 Bug Fixes * **ci:** correct stale version comment for actions/create-github-app-token ([#506](#506)) ([b2e9a54](b2e9a54)) * **ci:** restore data-pipeline and training broken tests by domain folder restructure ([#547](#547)) ([06d8472](06d8472)) * **docs:** update remaining stale 'Coming soon' labels in docs/README.md ([#507](#507)) ([02439d6](02439d6)) * **docs:** update stale coming soon label for Training section ([#472](#472)) ([46db49b](46db49b)) * **evaluation:** scope SIL AzureML validation code path and script reference ([#387](#387)) ([9f138a9](9f138a9)) * **infrastructure:** OSMO workflow execution, PostgreSQL public access, and quickstart corrections ([#477](#477)) ([9ed2da6](9ed2da6)) * **scripts:** exclude CHANGELOG.md from changed-files msdate check ([#644](#644)) ([8133bdc](8133bdc)) * **workflows:** allow dependabot[bot] to activate AW Dependabot PR Review ([#586](#586)) ([39dc022](39dc022)) * **workflows:** correct branches filter on AW Dependabot PR Review workflow_run trigger ([#584](#584)) ([fe06b52](fe06b52)) * **workflows:** normalize validate.yaml placeholder env/compute values ([#510](#510)) ([340ff44](340ff44)) * **workflows:** recompile aw-dependabot-pr-review lock file ([#576](#576)) ([d77c167](d77c167)) * **workflows:** switch AW Dependabot PR Review to pull_request_target ([#589](#589)) ([3f1edd1](3f1edd1)) ### 📚 Documentation * **docs:** Fix deployment guide links ([#614](#614)) ([0070b04](0070b04)) * document dependency-pinning-artifacts directory purpose ([#508](#508)) ([50e0010](50e0010)) ### 📦 Build System * **training:** standardize on Python 3.12 across manifests, containers, and runtime scripts ([#541](#541)) ([7ad014a](7ad014a)) ### 🔧 Operations * **build:** add Copilot cloud agent setup-steps workflow ([#593](#593)) ([c912668](c912668)) ### 🔧 Miscellaneous * **build:** exclude auto-generated CHANGELOG.md from cspell and seed dictionary ([#582](#582)) ([de1dd57](de1dd57)) * **build:** redesign codecov flags and split pytest CI per component ([#520](#520)) ([357e745](357e745)) * **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4, MSAL 5, ESLint 10 ([#524](#524)) ([50f8ad4](50f8ad4)) * **dataviewer:** repoint stale src/dataviewer references to data-management/viewer ([#504](#504)) ([88fa1b4](88fa1b4)), closes [#503](#503) * **deps-dev:** bump basic-ftp from 5.3.0 to 5.3.1 ([#618](#618)) ([ca10f2a](ca10f2a)) * **deps-dev:** bump globals from 15.15.0 to 17.5.0 in /data-management/viewer/frontend ([#527](#527)) ([0e0b2ae](0e0b2ae)) * **deps-dev:** bump ip-address from 10.1.0 to 10.2.0 ([#616](#616)) ([816c9cf](816c9cf)) * **deps-dev:** bump lint-staged from 16.4.0 to 17.0.2 in the root-npm-dependencies group across 1 directory ([#626](#626)) ([0e2f293](0e2f293)) * **deps-dev:** bump pydantic from 2.13.3 to 2.13.4 in the python-dependencies group across 1 directory ([#629](#629)) ([c24f1c1](c24f1c1)) * **deps-dev:** bump the python-dependencies group across 1 directory with 2 updates ([#514](#514)) ([8410f4b](8410f4b)) * **deps:** bump azure-core from 1.39.0 to 1.40.0 in /evaluation in the inference-dependencies group across 1 directory ([#597](#597)) ([6141db4](6141db4)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /data-management/viewer ([#424](#424)) ([5fb6d58](5fb6d58)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /data-management/viewer/backend ([#423](#423)) ([b516ad5](b516ad5)) * **deps:** bump lucide-react from 0.469.0 to 1.8.0 in /data-management/viewer/frontend ([#528](#528)) ([1bdfc1e](1bdfc1e)) * **deps:** bump nginx from `8aa63af` to `5616878` in /data-management/viewer/frontend ([#511](#511)) ([9e7e20e](9e7e20e)) * **deps:** bump nginx from 1.27-alpine to 1.29-alpine in /data-management/viewer/frontend ([#484](#484)) ([0e5c3dd](0e5c3dd)) * **deps:** bump node from `435f353` to `e49fd70` in /data-management/viewer/frontend ([#560](#560)) ([2884649](2884649)) * **deps:** bump react-is from 18.3.1 to 19.2.5 in /data-management/viewer/frontend ([#530](#530)) ([d51318c](d51318c)) * **deps:** bump tensordict from 0.11.0 to 0.12.1 in /evaluation in the inference-dependencies group across 1 directory ([#456](#456)) ([b24e733](b24e733)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 2 updates ([#531](#531)) ([171a1da](171a1da)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 5 updates ([#516](#516)) ([4f9a577](4f9a577)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 5 updates ([#602](#602)) ([6c27ab5](6c27ab5)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 2 updates ([#529](#529)) ([8646971](8646971)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 3 updates ([#601](#601)) ([d28fb50](d28fb50)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 3 updates ([#632](#632)) ([4ca5f3e](4ca5f3e)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 5 updates ([#515](#515)) ([109ee81](109ee81)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 6 updates ([#630](#630)) ([04d5dfd](04d5dfd)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 9 updates ([#563](#563)) ([c08f450](c08f450)) * **deps:** bump the docusaurus-dependencies group across 1 directory with 4 updates ([#627](#627)) ([f5825fc](f5825fc)) * **deps:** bump the docusaurus-dependencies group across 1 directory with 6 updates ([#599](#599)) ([b859344](b859344)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#459](#459)) ([2609c52](2609c52)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#517](#517)) ([f54bf5d](f54bf5d)) * **deps:** bump the inference-dependencies group across 1 directory with 11 updates ([#562](#562)) ([087f53a](087f53a)) * **deps:** bump the inference-dependencies group across 1 directory with 2 updates ([#628](#628)) ([4a3be47](4a3be47)) * **deps:** bump the pip group across 2 directories with 1 update ([#494](#494)) ([a14b6b0](a14b6b0)) * **docs:** update stale Python 3.11 references to 3.12 ([#575](#575)) ([6f85c95](6f85c95)) * **scripts:** remove redundant SC1091 disables in OSMO deploy scripts ([#509](#509)) ([ae1cb82](ae1cb82)) ### 🔒 Security * **build:** pin dependencies and hash-verify downloads ([#465](#465)) ([0289f49](0289f49)) * **build:** remediate dependency security advisories ([#479](#479)) ([7196d6d](7196d6d)) * **deps-dev:** bump basic-ftp from 5.2.1 to 5.2.2 ([#454](#454)) ([cb158f1](cb158f1)) * **deps-dev:** bump basic-ftp from 5.2.2 to 5.3.0 ([#495](#495)) ([e983b8b](e983b8b)) * **deps-dev:** bump hypothesis from 6.152.3 to 6.152.4 in the python-dependencies group ([#598](#598)) ([83384d2](83384d2)) * **deps-dev:** bump markdownlint-cli2 from 0.22.0 to 0.22.1 in the root-npm-dependencies group ([#559](#559)) ([32bde35](32bde35)) * **deps-dev:** bump picomatch from 2.3.1 to 2.3.2 in /docs/docusaurus ([#455](#455)) ([66f86ca](66f86ca)) * **deps-dev:** bump postcss from 8.5.10 to 8.5.12 in /data-management/viewer/frontend ([#569](#569)) ([a652dba](a652dba)) * **deps-dev:** bump the python-dependencies group with 2 updates ([#457](#457)) ([749d231](749d231)) * **deps-dev:** bump the python-dependencies group with 2 updates ([#485](#485)) ([71b44fd](71b44fd)) * **deps-dev:** bump the python-dependencies group with 3 updates ([#564](#564)) ([9fc52fd](9fc52fd)) * **deps-dev:** bump typescript from 6.0.2 to 6.0.3 in /docs/docusaurus in the docusaurus-dependencies group ([#513](#513)) ([5694dbc](5694dbc)) * **deps:** bump azureml/openmpi4.1.0-ubuntu22.04 from 20260303.v5 to 20260409.v4 in /evaluation/sil/docker ([#480](#480)) ([25d4df8](25d4df8)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /evaluation in the uv group across 1 directory ([#538](#538)) ([92c5b2e](92c5b2e)) * **deps:** bump diffusers from 0.35.2 to 0.38.0 in /training/il/lerobot ([#638](#638)) ([6261d19](6261d19)) * **deps:** bump follow-redirects from 1.15.11 to 1.16.0 in /docs/docusaurus ([#469](#469)) ([0458908](0458908)) * **deps:** bump gitpython and mako for lerobot IL training ([#623](#623)) ([9f8022b](9f8022b)) * **deps:** bump node from 24.14.1-slim to 25.9.0-slim in /data-management/viewer/frontend ([#482](#482)) ([1532d09](1532d09)) * **deps:** bump packaging from 26.0 to 26.1 in /evaluation in the inference-dependencies group ([#483](#483)) ([f4afb6c](f4afb6c)) * **deps:** bump pillow from 12.1.1 to 12.2.0 ([#467](#467)) ([39fb663](39fb663)) * **deps:** bump python from 3.11-slim to 3.14-slim in /data-management/viewer/backend ([#481](#481)) ([7af9dfc](7af9dfc)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 15 updates ([#428](#428)) ([e4446a2](e4446a2)) * **deps:** bump the dataviewer-backend-dependencies group in /data-management/viewer/backend with 4 updates ([#487](#487)) ([0f57c5b](0f57c5b)) * **deps:** bump the dataviewer-backend-dependencies group in /data-management/viewer/backend with 8 updates ([#566](#566)) ([d6e7869](d6e7869)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 5 updates ([#464](#464)) ([24c208d](24c208d)) * **deps:** bump the dataviewer-dependencies group in /data-management/viewer with 2 updates ([#486](#486)) ([90149f3](90149f3)) * **deps:** bump the dataviewer-dependencies group in /data-management/viewer with 6 updates ([#565](#565)) ([f0bb36b](f0bb36b)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 10 updates ([#613](#613)) ([e481f83](e481f83)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#534](#534)) ([5478ab6](5478ab6)) * **deps:** bump the github-actions group with 2 updates ([#488](#488)) ([4e6ce98](4e6ce98)) * **deps:** bump the github-actions group with 3 updates ([#567](#567)) ([48c38dc](48c38dc)) * **deps:** bump the github-actions group with 3 updates ([#634](#634)) ([00cfb49](00cfb49)) * **deps:** bump the github-actions group with 6 updates ([#603](#603)) ([73eb79a](73eb79a)) * **deps:** bump the training-dependencies group across 1 directory with 23 updates ([#463](#463)) ([d5a8656](d5a8656)) * **deps:** bump yaml from 2.8.2 to 2.8.3 in /data-management/viewer/frontend ([#453](#453)) ([10449df](10449df)) * pytest harness, dependabot advisories, and OSSF Scorecard remediations ([#501](#501)) ([e8756e8](e8756e8)) * **scripts:** pin and hash-verify all shell script downloads ([#468](#468)) ([0c2bb9c](0c2bb9c)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: physical-ai-toolchain-release[bot] <267194360+physical-ai-toolchain-release[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions