From 84fd07fa31ad591d0ff0caaf4f3cefc9ddc88a54 Mon Sep 17 00:00:00 2001 From: Vladyslav Kutsenko Date: Sun, 17 May 2026 10:47:00 +0000 Subject: [PATCH] chore(deps): batch dependency + CI-action bumps (Dependabot #43-#56) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Applies fourteen Dependabot bumps directly in one commit instead of merging the PRs individually (they all touch pyproject.toml or docker-publish.yml and would conflict-cascade; the Dependabot PRs also fail build-and-push because Dependabot PRs get no registry-secret access — a regular-branch PR does not). pyproject.toml — `>=` version floors (no pinning): - setuptools >=69 -> >=82.0.1 (#55, build-system) - ocrmypdf >=16.12.0 -> >=17.4.1 (#47) - pikepdf >=9.0.0 -> >=10.5.1 (#49) - uvicorn >=0.32 -> >=0.44.0 (#54) - img2pdf >=0.5.0 -> >=0.6.3 (#52) - httpx >=0.28 -> >=0.28.1 (#48) - ruff >=0.9 -> >=0.15.10 (#53) - pytest-asyncio >=0.23.0 -> >=1.3.0 (#56) - pytest-timeout >=2.1.0 -> >=2.4.0 (#51) - pip-audit >=2.7 -> >=2.10.0 (#50) .github/workflows/docker-publish.yml — CI action majors: - docker/login-action v3 -> v4 (#43) - docker/metadata-action v5 -> v6 (#44) - docker/setup-buildx-action v3 -> v4 (#45) - docker/build-push-action v5 -> v7 (#46) Co-Authored-By: Claude Opus 4.7 --- .github/workflows/docker-publish.yml | 16 ++++++++-------- pyproject.toml | 20 ++++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 61708ba..68df5d3 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -82,18 +82,18 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to Docker Hub if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Extract metadata for full image id: meta-full - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.DOCKER_IMAGE }} tags: | @@ -112,7 +112,7 @@ jobs: - name: Extract metadata for minimal image id: meta-minimal - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.DOCKER_IMAGE }} tags: | @@ -130,7 +130,7 @@ jobs: type=sha,prefix=sha-,suffix=-minimal - name: Build full image for scanning - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . target: full @@ -159,7 +159,7 @@ jobs: - name: Build and push full image if: success() - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . target: full @@ -171,7 +171,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Build minimal image for scanning - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . target: minimal @@ -200,7 +200,7 @@ jobs: - name: Build and push minimal image if: success() - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . target: minimal diff --git a/pyproject.toml b/pyproject.toml index d3f8bde..acf9353 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=69", "wheel"] +requires = ["setuptools>=82.0.1", "wheel"] build-backend = "setuptools.build_meta" [project] @@ -9,23 +9,23 @@ description = "REST and Command-line interface for converting PDFs to PDF/A usin requires-python = ">=3.11" readme = "README.md" dependencies = [ - "ocrmypdf>=16.12.0", - "pikepdf>=9.0.0", + "ocrmypdf>=17.4.1", + "pikepdf>=10.5.1", "fastapi>=0.115", - "uvicorn[standard]>=0.32", + "uvicorn[standard]>=0.44.0", "python-multipart>=0.0.10", - "img2pdf>=0.5.0", + "img2pdf>=0.6.3", ] [project.optional-dependencies] dev = [ "pytest>=9.0", - "pytest-timeout>=2.1.0", - "pytest-asyncio>=0.23.0", + "pytest-timeout>=2.4.0", + "pytest-asyncio>=1.3.0", "black>=25.1", - "ruff>=0.9", - "httpx>=0.28", - "pip-audit>=2.7", + "ruff>=0.15.10", + "httpx>=0.28.1", + "pip-audit>=2.10.0", ] [project.scripts]