Skip to content

chore(deps): lock file maintenance [skip pre-commit.ci]#1208

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/lock-file-maintenance
Mar 11, 2026
Merged

chore(deps): lock file maintenance [skip pre-commit.ci]#1208
renovate[bot] merged 1 commit intomainfrom
renovate/lock-file-maintenance

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 9, 2026

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 9, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026
edited
Loading

📚 Documentation Preview

Type URL Version Message
Production https://tux.atl.dev - -
Preview https://3605b320-tux-docs.allthingslinux.workers.dev 3605b320-11ae-4b5c-a7b3-0f9269d3a2b1 Preview: tux@55dbc80d5aec2a82144882c52e203befd1096ac8 on 1208/merge by renovate[bot] (run 475)

@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 27 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA e983e0b.
Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

PackageVersionLicenseIssue Type
cssselect20.9.0NullUnknown License
django6.0.3NullUnknown License
fastapi0.135.1NullUnknown License
filelock3.25.1NullUnknown License
githubkit0.14.7NullUnknown License
markdown3.10.2NullUnknown License
nodejs-wheel-binaries24.14.0NullUnknown License
numpy2.4.3NullUnknown License
packaging26.0NullUnknown License
parse1.21.1NullUnknown License
platformdirs4.9.4NullUnknown License
psycopg3.3.3NullUnknown License
psycopg-binary3.3.3NullUnknown License
pyasn10.6.2NullUnknown License
pycparser3.0NullUnknown License
pymdown-extensions10.21NullUnknown License
pytest-django4.12.0NullUnknown License
python-discovery1.1.3NullUnknown License
python-dotenv1.2.2NullUnknown License
pytz2026.1.post1NullUnknown License
ruff0.15.5NullUnknown License
setuptools82.0.1NullUnknown License
sqlalchemy2.0.48NullUnknown License
tabulate0.10.0NullUnknown License
typer0.24.1NullUnknown License
types-pytz2026.1.1.20260304NullUnknown License
virtualenv21.2.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/anyio 4.12.1 UnknownUnknown
pip/asgiref 3.11.1 🟢 4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 65 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Code-Review🟢 6Found 19/29 approved changesets -- score normalized to 6
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/certifi 2026.2.25 🟢 6.6
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 5Found 1/2 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1012 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/coverage 7.13.4 UnknownUnknown
pip/cryptography 46.0.5 UnknownUnknown
pip/cssselect2 0.9.0 UnknownUnknown
pip/django 6.0.3 UnknownUnknown
pip/fastapi 0.135.1 UnknownUnknown
pip/filelock 3.25.1 UnknownUnknown
pip/githubkit 0.14.7 UnknownUnknown
pip/greenlet 3.3.2 UnknownUnknown
pip/identify 2.6.17 🟢 5.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 14/16 approved changesets -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/markdown 3.10.2 UnknownUnknown
pip/multidict 6.7.1 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 7Found 7/10 approved changesets -- score normalized to 7
Maintained🟢 1020 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 9license file detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
pip/nodejs-wheel-binaries 24.14.0 UnknownUnknown
pip/numpy 2.4.3 UnknownUnknown
pip/packaging 26.0 UnknownUnknown
pip/parse 1.21.1 UnknownUnknown
pip/pathspec 1.0.4 UnknownUnknown
pip/platformdirs 4.9.4 UnknownUnknown
pip/psycopg 3.3.3 UnknownUnknown
pip/psycopg-binary 3.3.3 UnknownUnknown
pip/pyasn1 0.6.2 UnknownUnknown
pip/pycparser 3.0 UnknownUnknown
pip/pyjwt 2.11.0 UnknownUnknown
pip/pymdown-extensions 10.21 UnknownUnknown
pip/pytest-django 4.12.0 UnknownUnknown
pip/python-discovery 1.1.3 UnknownUnknown
pip/python-dotenv 1.2.2 UnknownUnknown
pip/pytz 2026.1.post1 UnknownUnknown
pip/rich 14.3.3 UnknownUnknown
pip/ruff 0.15.5 UnknownUnknown
pip/setuptools 82.0.1 UnknownUnknown
pip/sqlalchemy 2.0.48 UnknownUnknown
pip/starlette 0.52.1 UnknownUnknown
pip/tabulate 0.10.0 UnknownUnknown
pip/tqdm 4.67.3 UnknownUnknown
pip/typer 0.24.1 UnknownUnknown
pip/types-pytz 2026.1.1.20260304 UnknownUnknown
pip/urllib3 2.6.3 UnknownUnknown
pip/virtualenv 21.2.0 UnknownUnknown
pip/yarl 1.23.0 🟢 6.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/11 approved changesets -- score normalized to 1
Maintained🟢 1019 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
pip/zensical 0.0.25 UnknownUnknown

Scanned Files

  • uv.lock

@sentry
Copy link

sentry bot commented Mar 9, 2026
edited
Loading

❌ 2 Tests Failed:

Tests completed Failed Passed Skipped
664 2 662 36
View the full list of 2 ❄️ flaky test(s) 
tests/cache/test_backend.py::TestValkeyBackend::test_setex_called_when_ttl_sec_provided

Flake rate in main: 100.00% (Passed 0 times, Failed 36 times)

Stack Traces | 0.009s run time 
tests/cache/test_backend.py:162: in test_setex_called_when_ttl_sec_provided
    assert args[2] == "v"
E   assert '"v"' == 'v'
E     
E     #x1B[0m#x1B[91m- v#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     #x1B[92m+ "v"#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
tests/cache/test_backend.py::TestValkeyBackend::test_string_value_stored_as_is

Flake rate in main: 100.00% (Passed 0 times, Failed 36 times)

Stack Traces | 0.005s run time 
tests/cache/test_backend.py:128: in test_string_value_stored_as_is
    assert mock_client.set.call_args[0][1] == "plain"
E   assert '"plain"' == 'plain'
E     
E     #x1B[0m#x1B[91m- plain#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     #x1B[92m+ "plain"#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     ? +     +#x1B[90m#x1B[39;49;00m

To view more test analytics, go to the [Prevent Tests Dashboard](https://All Things Linux.sentry.io/prevent/tests/?preventPeriod=30d&integratedOrgName=allthingslinux&repository=tux&branch=renovate%2Flock-file-maintenance)

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from a169ea1 to e983e0b Compare March 10, 2026 21:49
@renovate renovate bot merged commit 4e0ec39 into main Mar 11, 2026
24 checks passed
@renovate renovate bot deleted the renovate/lock-file-maintenance branch March 11, 2026 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants