Skip to content

Bump the uv group across 8 directories with 5 updates#2146

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-323d11294d
Open

Bump the uv group across 8 directories with 5 updates#2146
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-323d11294d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 3 updates in the / directory: python-socketio, joserfc and ujson.
Bumps the uv group with 3 updates in the /backend directory: python-socketio, azure-identity and ujson.
Bumps the uv group with 1 update in the /platform-service directory: ujson.
Bumps the uv group with 1 update in the /unstract/connectors directory: ujson.
Bumps the uv group with 1 update in the /unstract/filesystem directory: ujson.
Bumps the uv group with 1 update in the /unstract/sdk1 directory: ujson.
Bumps the uv group with 1 update in the /unstract/tool-registry directory: ujson.
Bumps the uv group with 2 updates in the /workers directory: python-socketio and ujson.

Updates python-socketio from 5.16.1 to 5.16.2

Release notes

Sourced from python-socketio's releases.

Release 5.16.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.16.3 - 2026-06-15

  • Catch all exceptions in redis and rabbitmq client managers #1581 (commit)

Release 5.16.2 - 2026-05-21

Release 5.16.1 - 2026-02-06

  • Use configured JSON module in managers #1549 (commit)
  • Admin UI fixes: remove duplicate tasks, report transport upgrades (commit)
  • Switch to Furo documentation template (commit)
  • Add Python free-threading to CI #1554 (commit)

Release 5.16.0 - 2025-12-24

  • Address deprecation warnings (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 5.15.1 - 2025-12-16

  • Restore support multiple arguments via pubsub emits #1540 (commit)

Release 5.15.0 - 2025-11-22

Release 5.14.3 - 2025-10-29

  • Support Python's native ConnectionRefusedError exception to reject a connection #1515 (commit)
  • Push binary data to the aiopika client manager #1514 (commit)

Release 5.14.2 - 2025-10-15

  • Restore binary message support in message queue setups #1509 (commit)
  • Fix formatting of client connection error #1507 (commit)
  • Add 3.14 and pypy-3.11 CI tasks (commit)
  • Improve documentation of the BaseManager.get_participants() method (commit)

Release 5.14.1 - 2025-10-02

... (truncated)

Commits
  • 6e2b717 Release 5.16.2
  • cb65829 update python-engineio version
  • ca140fe prevent unnecessary resource allocation (#1574)
  • b29beef tox configuration
  • e898130 Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog
  • 05c32f5 Bump qs and body-parser in /examples/server/javascript (#1572) #nolog
  • 287dc67 Bump qs and body-parser in /examples/client/javascript (#1571) #nolog
  • 664dc27 add zizmor to ci (#1570)
  • 14c6236 Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog
  • 29b2e5c Bump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nolog
  • Additional commits viewable in compare view

Updates joserfc from 1.6.5 to 1.6.8

Release notes

Sourced from joserfc's releases.

1.6.8

  • Reject empty OctKey.

Full Changelog: authlib/joserfc@1.6.7...1.6.8

1.6.7

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.6.8

Released on May 27, 2026

  • Reject empty OctKey.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.
Commits
  • ea1d9e3 chore: release 1.6.8
  • 86d0091 Reject empty oct key material and empty HMAC keys at sign/verify entry
  • 1e5b94d chore: release 1.6.7
  • 75d9f95 fix(typing): use cast for type hints
  • 6d24037 Merge pull request #98 from jonathangreen/algorithms-accept-collection
  • 102a7a7 fix(typing): accept any Collection for algorithms, not just list
  • 8b869e8 chore: release 1.6.6
  • 00d599b chore: update actions
  • 9186561 Merge pull request #97 from authlib/fix-b64
  • 4d4ea2e fix(jws): validate payload size for b64=false
  • Additional commits viewable in compare view

Updates python-engineio from 4.13.1 to 4.13.3

Release notes

Sourced from python-engineio's releases.

Release 4.13.3

See CHANGES.md for release notes.

Release 4.13.2

See CHANGES.md for release notes.

Changelog

Sourced from python-engineio's changelog.

python-engineio change log

Release 4.13.3 - 2026-06-20

  • Make sure client disconnects when write loop exits #455 (commit)
  • Address flaky unit test #444 (commit)
  • Stop using codecov service, since it has been failing for a long time (commit)

Release 4.13.2 - 2026-05-21

Release 4.13.1 - 2026-02-06

  • Document that a process can have only one custom JSON module (commit)
  • Switch to Furo documentation template (commit)

Release 4.13.0 - 2025-12-24

  • Apply escaping rules when parsing cookie values (commit)
  • Several minor improvements to the aiohttp integration #419 (commit) (thanks PaulWasTaken!)
  • Clarify logging behavior in documentation #421 (commit) (thanks ZipFile!)
  • Address deprecation warnings #422 (commit)
  • Add 3.14 and pypy-3.11 CI builds (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 4.12.3 - 2025-09-28

  • Reset client queue upon disconnection #414 (commit)
  • Support ['*'] in addition to '*' in the cors_allowed_origins option #410 (commit) (thanks Wu Clan!)

Release 4.12.2 - 2025-06-04

  • Support new monkey-patched gevent Queue class in the client #403 (commit)
  • Better support of the ASGI spec when interpreting WebSocket events #405 (commit) (thanks Eric Zhang!)

Release 4.12.1 - 2025-05-11

  • Accept empty binary values in the async server #404 (commit)
  • Add SPDX license identifier #401 (commit) (thanks Marc Mueller!)

Release 4.12.0 - 2025-04-12

  • Optimize packet parsing to avoid unnecessary calls to JSON parser #399 (commit)
  • Pass environ as a second argument to callable option cors_allowed_origins #398 (commit) (thanks wft-swas!)

Release 4.11.2 - 2024-12-29

  • Fix incorrect disconnection reason reported when browser page is closed (commit)

... (truncated)

Commits
  • a53d58c Release 4.13.3
  • 9e72608 Remove failing coverage.py service
  • 7517473 Make sure client disconnects when write loop exists (Fixes #454) (#455)
  • 6902ffc Bump ws, engine.io and engine.io-client in /examples/client/javascript (#453)...
  • 883c8f4 Bump tornado from 6.5.5 to 6.5.7 in /examples/server/tornado (#451)
  • 0d6654e Bump aiohttp from 3.14.0 to 3.14.1 in /examples/server/aiohttp (#450) #nolog
  • 588a4db Bump qs and express in /examples/server/javascript (#447) #nolog
  • 28ed709 Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#446) #nolog
  • d5ef0e4 Bump qs and express in /examples/client/javascript (#445) #nolog
  • ed46b24 Bump ws, engine.io and engine.io-client in /examples/client/javascript (#442)...
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)
  • 90ddea2 Replace pre-commit with prek to fix deprecation warning
  • Additional commits viewable in compare view

Updates python-socketio from 5.9.0 to 5.16.2

Release notes

Sourced from python-socketio's releases.

Release 5.16.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.16.3 - 2026-06-15

  • Catch all exceptions in redis and rabbitmq client managers #1581 (commit)

Release 5.16.2 - 2026-05-21

Release 5.16.1 - 2026-02-06

  • Use configured JSON module in managers #1549 (commit)
  • Admin UI fixes: remove duplicate tasks, report transport upgrades (commit)
  • Switch to Furo documentation template (commit)
  • Add Python free-threading to CI #1554 (commit)

Release 5.16.0 - 2025-12-24

  • Address deprecation warnings (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 5.15.1 - 2025-12-16

  • Restore support multiple arguments via pubsub emits #1540 (commit)

Release 5.15.0 - 2025-11-22

Release 5.14.3 - 2025-10-29

  • Support Python's native ConnectionRefusedError exception to reject a connection #1515 (commit)
  • Push binary data to the aiopika client manager #1514 (commit)

Release 5.14.2 - 2025-10-15

  • Restore binary message support in message queue setups #1509 (commit)
  • Fix formatting of client connection error #1507 (commit)
  • Add 3.14 and pypy-3.11 CI tasks (commit)
  • Improve documentation of the BaseManager.get_participants() method (commit)

Release 5.14.1 - 2025-10-02

... (truncated)

Commits
  • 6e2b717 Release 5.16.2
  • cb65829 update python-engineio version
  • ca140fe prevent unnecessary resource allocation (#1574)
  • b29beef tox configuration
  • e898130 Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog
  • 05c32f5 Bump qs and body-parser in /examples/server/javascript (#1572) #nolog
  • 287dc67 Bump qs and body-parser in /examples/client/javascript (#1571) #nolog
  • 664dc27 add zizmor to ci (#1570)
  • 14c6236 Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog
  • 29b2e5c Bump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nolog
  • Additional commits viewable in compare view

Updates azure-identity from 1.16.0 to 1.16.1

Commits

Updates python-engineio from 4.13.1 to 4.13.3

Release notes

Sourced from python-engineio's releases.

Release 4.13.3

See CHANGES.md for release notes.

Release 4.13.2

See CHANGES.md for release notes.

Changelog

Sourced from python-engineio's changelog.

python-engineio change log

Release 4.13.3 - 2026-06-20

  • Make sure client disconnects when write loop exits #455 (commit)
  • Address flaky unit test #444 (commit)
  • Stop using codecov service, since it has been failing for a long time (commit)

Release 4.13.2 - 2026-05-21

Release 4.13.1 - 2026-02-06

  • Document that a process can have only one custom JSON module (commit)
  • Switch to Furo documentation template (commit)

Release 4.13.0 - 2025-12-24

  • Apply escaping rules when parsing cookie values (commit)
  • Several minor improvements to the aiohttp integration #419 (commit) (thanks PaulWasTaken!)
  • Clarify logging behavior in documentation #421 (commit) (thanks ZipFile!)
  • Address deprecation warnings #422 (commit)
  • Add 3.14 and pypy-3.11 CI builds (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 4.12.3 - 2025-09-28

  • Reset client queue upon disconnection #414 (commit)
  • Support ['*'] in addition to '*' in the cors_allowed_origins option #410 (commit) (thanks Wu Clan!)

Release 4.12.2 - 2025-06-04

  • Support new monkey-patched gevent Queue class in the client #403 (commit)
  • Better support of the ASGI spec when interpreting WebSocket events #405 (commit) (thanks Eric Zhang!)

Release 4.12.1 - 2025-05-11

  • Accept empty binary values in the async server #404 (commit)
  • Add SPDX license identifier #401 (commit) (thanks Marc Mueller!)

Release 4.12.0 - 2025-04-12

  • Optimize packet parsing to avoid unnecessary calls to JSON parser #399 (commit)
  • Pass environ as a second argument to callable option cors_allowed_origins #398 (commit) (thanks wft-swas!)

Release 4.11.2 - 2024-12-29

  • Fix incorrect disconnection reason reported when browser page is closed (commit)

... (truncated)

Commits
  • a53d58c Release 4.13.3
  • 9e72608 Remove failing coverage.py service
  • 7517473 Make sure client disconnects when write loop exists (Fixes #454) (#455)
  • 6902ffc Bump ws, engine.io and engine.io-client in /examples/client/javascript (#453)...
  • 883c8f4 Bump tornado from 6.5.5 to 6.5.7 in /examples/server/tornado (#451)
  • 0d6654e Bump aiohttp from 3.14.0 to 3.14.1 in /examples/server/aiohttp (#450) #nolog
  • 588a4db Bump qs and express in /examples/server/javascript (#447) #nolog
  • 28ed709 Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#446) #nolog
  • d5ef0e4 Bump qs and express in /examples/client/javascript (#445) #nolog
  • ed46b24 Bump ws, engine.io and engine.io-client in /examples/client/javascript (#442)...
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)
  • 90ddea2 Replace pre-commit with prek to fix deprecation warning
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)
  • 90ddea2 Replace pre-commit with prek to fix deprecation warning
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)
  • 90ddea2 Replace pre-commit with prek to fix deprecation warning
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)

Bumps the uv group with 3 updates in the / directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [joserfc](https://github.com/authlib/joserfc) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 3 updates in the /backend directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [azure-identity](https://github.com/Azure/azure-sdk-for-python) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 1 update in the /platform-service directory: [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 1 update in the /unstract/connectors directory: [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 1 update in the /unstract/filesystem directory: [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 1 update in the /unstract/sdk1 directory: [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 1 update in the /unstract/tool-registry directory: [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 2 updates in the /workers directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio) and [ujson](https://github.com/ultrajson/ultrajson).


Updates `python-socketio` from 5.16.1 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `joserfc` from 1.6.5 to 1.6.8
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.6.8)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `python-socketio` from 5.9.0 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `azure-identity` from 1.16.0 to 1.16.1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.16.0...azure-identity_1.16.1)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `python-socketio` from 5.16.1 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

---
updated-dependencies:
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: joserfc
  dependency-version: 1.6.8
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: azure-identity
  dependency-version: 1.16.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 6, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@sonarqubecloud

sonarqubecloud Bot commented Jul 6, 2026

Copy link
Copy Markdown

@greptile-apps

greptile-apps Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This is a dependabot batch update bumping ujson (5.12.1→5.13.0) across 8 directories, python-socketio (5.9.0→5.16.2 in backend, 5.16.1→5.16.2 in root/workers), joserfc (1.6.5→1.6.8), azure-identity (1.16.0→1.16.1), and python-engineio (4.13.1→4.13.3). However, it also includes an unannounced protobuf lower-bound jump in unstract/flags/pyproject.toml that triggers significant cascading lock changes.

  • ujson, joserfc, azure-identity, python-socketio, and python-engineio bumps are routine and low-risk.
  • protobuf minimum in unstract/flags/pyproject.toml jumps from >=4.25.0 to >=7.35.1, forcing protobuf from 5.29.6/6.33.5 up to 7.35.1 across platform-service, runner, and workflow-execution lock files — three major versions skipped.
  • As a direct consequence, weaviate-client in unstract/workflow-execution/uv.lock is downgraded from 4.21.0 to 4.16.2, reversing 9 months of upstream development for that dependency.

Confidence Score: 3/5

Merging as-is would silently downgrade weaviate-client in the workflow-execution environment and pull protobuf through two major versions in platform-service and runner without verification.

The protobuf constraint change in unstract/flags is pulling three separate lock files through a large version gap and causing weaviate-client to regress by four minor versions in the workflow-execution lock. Code that already targets weaviate-client 4.17–4.21 will break, and generated protobuf code may have compatibility issues with 7.x. The ujson, joserfc, azure-identity, and python-socketio bumps are all clean patches or minor releases and carry no real risk.

unstract/flags/pyproject.toml and unstract/workflow-execution/uv.lock need attention — the protobuf constraint and the resulting weaviate-client downgrade are the only non-trivial changes in the PR.

Important Files Changed

Filename Overview
unstract/flags/pyproject.toml protobuf lower bound jumped from >=4.25.0 to >=7.35.1, causing cascading lock resolution changes including a weaviate-client downgrade
unstract/workflow-execution/uv.lock weaviate-client unintentionally downgraded 4.21.0 → 4.16.2 due to the protobuf constraint bump; grpcio/grpcio-tools also upgraded to 1.82.0
backend/pyproject.toml python-socketio pinned at 5.16.2 (up from 5.9.0), azure-identity bumped 1.16.0→1.16.1; all changes are routine version bumps
workers/pyproject.toml python-socketio minimum constraint updated to >=5.16.2; routine dependency bump
uv.lock Root lock file updated: joserfc 1.6.5→1.6.8, python-socketio 5.16.1→5.16.2, python-engineio 4.13.1→4.13.3, ujson 5.12.1→5.13.0; all straightforward bumps
platform-service/uv.lock ujson and protobuf (5.29.6→7.35.1) updated; the protobuf major-version jump needs compatibility verification
runner/uv.lock protobuf upgraded 5.29.6→7.35.1 as a side-effect of the flags constraint change; needs runtime compatibility validation

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["unstract/flags/pyproject.toml\nprotobuf: >=4.25.0 → >=7.35.1"] --> B["platform-service/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
    A --> C["runner/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
    A --> D["unstract/workflow-execution/uv.lock\nprotobuf 6.33.5 → 7.35.1"]
    D -->|"conflict with weaviate-client 4.21.0"| E["weaviate-client\n4.21.0 → 4.16.2 ⚠️ DOWNGRADE"]
    F["backend/pyproject.toml\npython-socketio 5.9.0 → 5.16.2\nazure-identity 1.16.0 → 1.16.1"] --> G["backend/uv.lock\n✓ routine"]
    H["workers/pyproject.toml\npython-socketio >=5.16.2"] --> I["workers/uv.lock\n✓ routine"]
    J["uv.lock root\njoserfc 1.6.5→1.6.8\nujson 5.12.1→5.13.0"] --> K["✓ routine"]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A["unstract/flags/pyproject.toml\nprotobuf: >=4.25.0 → >=7.35.1"] --> B["platform-service/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
    A --> C["runner/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
    A --> D["unstract/workflow-execution/uv.lock\nprotobuf 6.33.5 → 7.35.1"]
    D -->|"conflict with weaviate-client 4.21.0"| E["weaviate-client\n4.21.0 → 4.16.2 ⚠️ DOWNGRADE"]
    F["backend/pyproject.toml\npython-socketio 5.9.0 → 5.16.2\nazure-identity 1.16.0 → 1.16.1"] --> G["backend/uv.lock\n✓ routine"]
    H["workers/pyproject.toml\npython-socketio >=5.16.2"] --> I["workers/uv.lock\n✓ routine"]
    J["uv.lock root\njoserfc 1.6.5→1.6.8\nujson 5.12.1→5.13.0"] --> K["✓ routine"]
Loading

Comments Outside Diff (1)

  1. unstract/workflow-execution/uv.lock, line 1 (link)

    P1 Weaviate-client unintended downgrade

    The protobuf>=7.35.1 constraint added to unstract/flags/pyproject.toml is forcing the resolver to downgrade weaviate-client from 4.21.0 (April 2026) back to 4.16.2 (July 2025) in this lock file. weaviate-client 4.21.0 depends on protobuf in a range that does not satisfy >=7.35.1, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error.

    Prompt To Fix With AI
    This is a comment left during a code review.
    Path: unstract/workflow-execution/uv.lock
    Line: 1
    
    Comment:
    **Weaviate-client unintended downgrade**
    
    The `protobuf>=7.35.1` constraint added to `unstract/flags/pyproject.toml` is forcing the resolver to downgrade `weaviate-client` from **4.21.0** (April 2026) back to **4.16.2** (July 2025) in this lock file. `weaviate-client` 4.21.0 depends on protobuf in a range that does not satisfy `>=7.35.1`, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error.
    
    How can I resolve this? If you propose a fix, please make it concise.

    Fix in Claude Code

Fix All in Claude Code

Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
unstract/workflow-execution/uv.lock:1
**Weaviate-client unintended downgrade**

The `protobuf>=7.35.1` constraint added to `unstract/flags/pyproject.toml` is forcing the resolver to downgrade `weaviate-client` from **4.21.0** (April 2026) back to **4.16.2** (July 2025) in this lock file. `weaviate-client` 4.21.0 depends on protobuf in a range that does not satisfy `>=7.35.1`, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error.

### Issue 2 of 2
unstract/flags/pyproject.toml:8
**Unexpectedly large protobuf minimum constraint jump**

The lower bound on `protobuf` jumped from `>=4.25.0` to `>=7.35.1`, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing `weaviate-client` down from 4.21.0 to 4.16.2 in `unstract/workflow-execution/uv.lock`, and is pulling `protobuf` from 5.29.6 to 7.35.1 in `platform-service` and `runner` — environments where the serialized `.proto` message format has not been tested against 7.x.

Reviews (1): Last reviewed commit: "Bump the uv group across 8 directories w..." | Re-trigger Greptile

@@ -6,7 +6,7 @@ authors = [{ name = "Zipstack Inc.", email = "devsupport@zipstack.com" }]
requires-python = ">=3.12,<3.13"
readme = "README.md"
#license = {text = "MIT"}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Unexpectedly large protobuf minimum constraint jump

The lower bound on protobuf jumped from >=4.25.0 to >=7.35.1, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing weaviate-client down from 4.21.0 to 4.16.2 in unstract/workflow-execution/uv.lock, and is pulling protobuf from 5.29.6 to 7.35.1 in platform-service and runner — environments where the serialized .proto message format has not been tested against 7.x.

Prompt To Fix With AI
This is a comment left during a code review.
Path: unstract/flags/pyproject.toml
Line: 8

Comment:
**Unexpectedly large protobuf minimum constraint jump**

The lower bound on `protobuf` jumped from `>=4.25.0` to `>=7.35.1`, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing `weaviate-client` down from 4.21.0 to 4.16.2 in `unstract/workflow-execution/uv.lock`, and is pulling `protobuf` from 5.29.6 to 7.35.1 in `platform-service` and `runner` — environments where the serialized `.proto` message format has not been tested against 7.x.

How can I resolve this? If you propose a fix, please make it concise.

Fix in Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant