Skip to content

Upgrade dependencies and bump minimum Python to 3.10#178

Merged
frankw2 merged 9 commits intomainfrom
fw/q1-2026-dependency-upgrade
Apr 15, 2026
Merged

Upgrade dependencies and bump minimum Python to 3.10#178
frankw2 merged 9 commits intomainfrom
fw/q1-2026-dependency-upgrade

Conversation

@frankw2
Copy link
Copy Markdown
Contributor

@frankw2 frankw2 commented Apr 15, 2026
edited
Loading

Summary

  • Bump minimum Python from 3.9 to 3.10 — Python 3.9 reached EOL on 2025-10-31
  • Upgrade 7 dependencies to latest stable versions
  • Pin setuptools >=78.1.1 in CI to mitigate CVE-2025-47273 (path traversal, CVSS 8.8)
  • Pin yapf ==0.43.0 in CI for reproducible formatting checks
  • Update README to reflect Python 3.10+ requirement
  • pytest and requests are [SECURITY] related upgrades.

Dependency changes

Package Old New
certifi 2025.10.5 2026.2.25
charset-normalizer 3.4.3 3.4.7
idna 3.10 3.11
iniconfig 2.1.0 2.3.0
packaging 25.0 26.1
pytest 8.4.2 9.0.3
requests 2.32.5 2.33.1

No breaking changes

  • requests 2.33.1 renames _get_connection to get_connection_with_tls_context on HTTPAdapter, but this codebase only uses top-level requests.get/post/put/patch/delete — no HTTPAdapter subclassing.
  • pytest 9.0 drops Python 3.9 support and removes nose-style test discovery and yield_fixture. Our tests use standard pytest.raises, unittest.TestCase, and unittest.mock — none of the removed APIs.
  • packaging 26.1 changes default values on packaging.metadata.Metadata attributes. This package is only a transitive dependency and is not imported directly anywhere in the codebase.
  • certifi, charset-normalizer, idna, iniconfig are all patch/minor bumps with no API changes.

Test plan

  • CI passes with Python 3.14 and upgraded dependencies
  • pytest runs all existing tests successfully
  • yapf formatting check passes

frankw2 added 9 commits April 14, 2026 15:41
@frankw2
Convert CircleCI to GitHub Actions
c6b1400 
Migrate CI pipeline from .circleci/config.yml to .github/workflows/ci.yml
with pinned action SHAs and pinned runner version (ubuntu-24.04).
@frankw2
Remove CircleCI config
76055b7 
CI is now handled by GitHub Actions.
@frankw2
Trigger CI
18f8291
@frankw2
Trigger CI
4012cec
@frankw2
Use shorthand syntax for CI triggers
463141b
@frankw2
Add concurrency group to deduplicate CI runs
f8e299c
@frankw2
Only trigger CI on pull requests
8294b39
@frankw2
Merge branch 'main' into fw/q1-2026-dependency-upgrade
850da37
@frankw2
Upgrade dependencies and bump minimum Python to 3.10
ed2cd86 
Python 3.9 reached EOL on 2025-10-31. Bump minimum to 3.10 in setup.py
and README. Upgrade 7 dependencies to latest, pin setuptools (CVE-2025-47273)
and yapf in CI for reproducibility.
@frankw2 frankw2 requested a review from a team April 15, 2026 01:40
@frankw2 frankw2 merged commit ff5efb3 into main Apr 15, 2026
2 checks passed
@frankw2 frankw2 deleted the fw/q1-2026-dependency-upgrade branch April 15, 2026 03:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zurawiki zurawiki zurawiki approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frankw2 @zurawiki