Skip to content

chore(deps): bump pydantic-settings and vulnerable website deps#1020

Merged
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump-2
Jul 2, 2026
Merged

chore(deps): bump pydantic-settings and vulnerable website deps#1020
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump-2

Conversation

@B4nan

@B4nan B4nan commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

Lockfile-only bumps to patched versions, within existing ranges:

Python (uv.lock):

  • pydantic-settings 2.14.1 → 2.14.2 (medium)

Docs website (website/pnpm-lock.yaml):

  • undici 7.27.2 → 7.28.0 (high + medium + low)
  • http-proxy-middleware 2.0.9 → 2.0.10 (medium)
  • webpack-dev-server 5.2.4 → 5.2.5 (medium)

No manifest or override changes.

🤖 Generated with Claude Code

@B4nan B4nan added the adhoc Ad-hoc unplanned task added during the sprint. label Jul 2, 2026
@B4nan B4nan requested a review from barjin July 2, 2026 07:37
@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.69%. Comparing base (856d961) to head (342b27c).

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #1020   +/-   ##
=======================================
  Coverage   91.69%   91.69%           
=======================================
  Files          50       50           
  Lines        3203     3203           
=======================================
  Hits         2937     2937           
  Misses        266      266           
Flag Coverage Δ
e2e 35.56% <ø> (ø)
integration 57.22% <ø> (ø)
unit 83.14% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@barjin barjin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @B4nan , please check my comment below ⬇️

Comment thread uv.lock

[options]
exclude-newer = "0001-01-01T00:00:00Z" # This has no effect and is included for backwards compatibility when using relative exclude-newer values.
exclude-newer = "2026-07-01T07:34:58.161905Z"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is curious, but probably no big deal since it's in the lockfile

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given the 1 day delay we have this should be just fine

@B4nan B4nan merged commit 22018b4 into master Jul 2, 2026
31 checks passed
@B4nan B4nan deleted the chore/security-deps-bump-2 branch July 2, 2026 09:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

adhoc Ad-hoc unplanned task added during the sprint.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants