build(deps): Bump the dependencies group across 1 directory with 3 updates#10
Conversation
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
There was a problem hiding this comment.
Pull Request Overview
This PR updates several project dependencies, specifically pytest-asyncio, sqlalchemy, and ruff. According to the Codacy analysis, the changes are up to standards with no new issues or complexity concerns introduced.
The primary recommendation is to adjust the placement of pytest-asyncio within the project configuration. Currently, it is listed under production dependencies; moving it to a development or test-specific group would reduce the production installation footprint and minimize the potential attack surface.
Test suggestions
- Verify pytest-asyncio dependency version is correctly updated in pyproject.toml
- Verify sqlalchemy dependency version is correctly updated in pyproject.toml
- Verify ruff dependency version is correctly updated in pyproject.toml
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
| "psutil>=7.2.2", | ||
| "pymysql>=1.2.0", | ||
| "pytest-asyncio>=1.3.0", | ||
| "pytest-asyncio>=1.4.0", |
There was a problem hiding this comment.
🟡 MEDIUM RISK
Suggestion: The pytest-asyncio package is a testing framework plugin and is not required for the application's runtime. Including it in the primary dependencies list increases the production environment's footprint and potential attack surface.\n\nTry running the following prompt in your coding agent:\n> Move the 'pytest-asyncio' dependency from the main dependencies list to the 'dev' optional dependencies list in pyproject.toml.
…dates Bumps the dependencies group with 3 updates in the / directory: [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff). Updates `sqlalchemy` from 2.0.49 to 2.0.50 - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) Updates `pytest-asyncio` from 1.3.0 to 1.4.0 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0) Updates `ruff` from 0.15.14 to 0.15.16 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.14...0.15.16) --- updated-dependencies: - dependency-name: pytest-asyncio dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ruff dependency-version: 0.15.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: sqlalchemy dependency-version: 2.0.50 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
2f84b99 to
29c2062
Compare
Bumps the dependencies group with 3 updates in the / directory: sqlalchemy, pytest-asyncio and ruff.
Updates
sqlalchemyfrom 2.0.49 to 2.0.50Release notes
Sourced from sqlalchemy's releases.
... (truncated)
Commits
Updates
pytest-asynciofrom 1.3.0 to 1.4.0Release notes
Sourced from pytest-asyncio's releases.
... (truncated)
Commits
6e14cd2chore: Prepare release of v1.4.0.4b900fbBuild(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1ab9f632Build(deps): Bump zipp from 3.23.1 to 4.1.0a56fc77Build(deps): Bump hypothesis from 6.152.6 to 6.152.8e8bae9bBuild(deps): Bump requests from 2.34.0 to 2.34.2fc43340Build(deps): Bump idna from 3.14 to 3.15762eaf5Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0b62e222Build(deps): Bump click from 8.3.3 to 8.4.09190447Build(deps): Bump pydantic from 2.13.3 to 2.13.482a393cci: Remove unnecessary debug output.Updates
rufffrom 0.15.14 to 0.15.16Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
... (truncated)
Commits
6c498abBump 0.15.16 (#25635)e51e132[flake8-async] Implementyield-in-context-manager-in-async-generator(`AS...7c6dcd9[ty] Add caching for pattern match narrowing (#25613)27058fc[ty] Compact retained definition and expression identities (#25606)bf80d05Fix CODEOWNERS syntax (#25622)10ccd51Shrink additional parser AST collections (#25465)0d7135f[ty] Upgrade Salsa (#25545)49493a3[ty] Show type alias value on hover (#25381)85207d3[ty] sys.implementation.version is not sys.version_info (#25608)a8a0614[ty] Avoid retaining duplicate function signatures (#25609)