Bump the uv group across 8 directories with 5 updates#2146
Bump the uv group across 8 directories with 5 updates#2146dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the uv group with 3 updates in the / directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [joserfc](https://github.com/authlib/joserfc) and [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 3 updates in the /backend directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [azure-identity](https://github.com/Azure/azure-sdk-for-python) and [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 1 update in the /platform-service directory: [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 1 update in the /unstract/connectors directory: [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 1 update in the /unstract/filesystem directory: [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 1 update in the /unstract/sdk1 directory: [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 1 update in the /unstract/tool-registry directory: [ujson](https://github.com/ultrajson/ultrajson). Bumps the uv group with 2 updates in the /workers directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio) and [ujson](https://github.com/ultrajson/ultrajson). Updates `python-socketio` from 5.16.1 to 5.16.2 - [Release notes](https://github.com/miguelgrinberg/python-socketio/releases) - [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2) Updates `joserfc` from 1.6.5 to 1.6.8 - [Release notes](https://github.com/authlib/joserfc/releases) - [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst) - [Commits](authlib/joserfc@1.6.5...1.6.8) Updates `python-engineio` from 4.13.1 to 4.13.3 - [Release notes](https://github.com/miguelgrinberg/python-engineio/releases) - [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `python-socketio` from 5.9.0 to 5.16.2 - [Release notes](https://github.com/miguelgrinberg/python-socketio/releases) - [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2) Updates `azure-identity` from 1.16.0 to 1.16.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.16.0...azure-identity_1.16.1) Updates `python-engineio` from 4.13.1 to 4.13.3 - [Release notes](https://github.com/miguelgrinberg/python-engineio/releases) - [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `python-socketio` from 5.16.1 to 5.16.2 - [Release notes](https://github.com/miguelgrinberg/python-socketio/releases) - [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2) Updates `python-engineio` from 4.13.1 to 4.13.3 - [Release notes](https://github.com/miguelgrinberg/python-engineio/releases) - [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md) - [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) --- updated-dependencies: - dependency-name: python-socketio dependency-version: 5.16.2 dependency-type: direct:production dependency-group: uv - dependency-name: joserfc dependency-version: 1.6.8 dependency-type: indirect dependency-group: uv - dependency-name: python-engineio dependency-version: 4.13.3 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: python-socketio dependency-version: 5.16.2 dependency-type: direct:production dependency-group: uv - dependency-name: azure-identity dependency-version: 1.16.1 dependency-type: direct:production dependency-group: uv - dependency-name: python-engineio dependency-version: 4.13.3 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv - dependency-name: python-socketio dependency-version: 5.16.2 dependency-type: direct:production dependency-group: uv - dependency-name: python-engineio dependency-version: 4.13.3 dependency-type: indirect dependency-group: uv - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| Filename | Overview |
|---|---|
| unstract/flags/pyproject.toml | protobuf lower bound jumped from >=4.25.0 to >=7.35.1, causing cascading lock resolution changes including a weaviate-client downgrade |
| unstract/workflow-execution/uv.lock | weaviate-client unintentionally downgraded 4.21.0 → 4.16.2 due to the protobuf constraint bump; grpcio/grpcio-tools also upgraded to 1.82.0 |
| backend/pyproject.toml | python-socketio pinned at 5.16.2 (up from 5.9.0), azure-identity bumped 1.16.0→1.16.1; all changes are routine version bumps |
| workers/pyproject.toml | python-socketio minimum constraint updated to >=5.16.2; routine dependency bump |
| uv.lock | Root lock file updated: joserfc 1.6.5→1.6.8, python-socketio 5.16.1→5.16.2, python-engineio 4.13.1→4.13.3, ujson 5.12.1→5.13.0; all straightforward bumps |
| platform-service/uv.lock | ujson and protobuf (5.29.6→7.35.1) updated; the protobuf major-version jump needs compatibility verification |
| runner/uv.lock | protobuf upgraded 5.29.6→7.35.1 as a side-effect of the flags constraint change; needs runtime compatibility validation |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["unstract/flags/pyproject.toml\nprotobuf: >=4.25.0 → >=7.35.1"] --> B["platform-service/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
A --> C["runner/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
A --> D["unstract/workflow-execution/uv.lock\nprotobuf 6.33.5 → 7.35.1"]
D -->|"conflict with weaviate-client 4.21.0"| E["weaviate-client\n4.21.0 → 4.16.2 ⚠️ DOWNGRADE"]
F["backend/pyproject.toml\npython-socketio 5.9.0 → 5.16.2\nazure-identity 1.16.0 → 1.16.1"] --> G["backend/uv.lock\n✓ routine"]
H["workers/pyproject.toml\npython-socketio >=5.16.2"] --> I["workers/uv.lock\n✓ routine"]
J["uv.lock root\njoserfc 1.6.5→1.6.8\nujson 5.12.1→5.13.0"] --> K["✓ routine"]
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A["unstract/flags/pyproject.toml\nprotobuf: >=4.25.0 → >=7.35.1"] --> B["platform-service/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
A --> C["runner/uv.lock\nprotobuf 5.29.6 → 7.35.1"]
A --> D["unstract/workflow-execution/uv.lock\nprotobuf 6.33.5 → 7.35.1"]
D -->|"conflict with weaviate-client 4.21.0"| E["weaviate-client\n4.21.0 → 4.16.2 ⚠️ DOWNGRADE"]
F["backend/pyproject.toml\npython-socketio 5.9.0 → 5.16.2\nazure-identity 1.16.0 → 1.16.1"] --> G["backend/uv.lock\n✓ routine"]
H["workers/pyproject.toml\npython-socketio >=5.16.2"] --> I["workers/uv.lock\n✓ routine"]
J["uv.lock root\njoserfc 1.6.5→1.6.8\nujson 5.12.1→5.13.0"] --> K["✓ routine"]
Comments Outside Diff (1)
-
unstract/workflow-execution/uv.lock, line 1 (link)Weaviate-client unintended downgrade
The
protobuf>=7.35.1constraint added tounstract/flags/pyproject.tomlis forcing the resolver to downgradeweaviate-clientfrom 4.21.0 (April 2026) back to 4.16.2 (July 2025) in this lock file.weaviate-client4.21.0 depends on protobuf in a range that does not satisfy>=7.35.1, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error.Prompt To Fix With AI
This is a comment left during a code review. Path: unstract/workflow-execution/uv.lock Line: 1 Comment: **Weaviate-client unintended downgrade** The `protobuf>=7.35.1` constraint added to `unstract/flags/pyproject.toml` is forcing the resolver to downgrade `weaviate-client` from **4.21.0** (April 2026) back to **4.16.2** (July 2025) in this lock file. `weaviate-client` 4.21.0 depends on protobuf in a range that does not satisfy `>=7.35.1`, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error. How can I resolve this? If you propose a fix, please make it concise.
Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 2
unstract/workflow-execution/uv.lock:1
**Weaviate-client unintended downgrade**
The `protobuf>=7.35.1` constraint added to `unstract/flags/pyproject.toml` is forcing the resolver to downgrade `weaviate-client` from **4.21.0** (April 2026) back to **4.16.2** (July 2025) in this lock file. `weaviate-client` 4.21.0 depends on protobuf in a range that does not satisfy `>=7.35.1`, so uv resolved to the last version that does. Any code in the workflow-execution package that relies on API surface or bug fixes introduced in weaviate-client 4.17–4.21 will break at runtime without a compile-time error.
### Issue 2 of 2
unstract/flags/pyproject.toml:8
**Unexpectedly large protobuf minimum constraint jump**
The lower bound on `protobuf` jumped from `>=4.25.0` to `>=7.35.1`, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing `weaviate-client` down from 4.21.0 to 4.16.2 in `unstract/workflow-execution/uv.lock`, and is pulling `protobuf` from 5.29.6 to 7.35.1 in `platform-service` and `runner` — environments where the serialized `.proto` message format has not been tested against 7.x.
Reviews (1): Last reviewed commit: "Bump the uv group across 8 directories w..." | Re-trigger Greptile
| @@ -6,7 +6,7 @@ authors = [{ name = "Zipstack Inc.", email = "devsupport@zipstack.com" }] | |||
| requires-python = ">=3.12,<3.13" | |||
| readme = "README.md" | |||
| #license = {text = "MIT"} | |||
There was a problem hiding this comment.
Unexpectedly large protobuf minimum constraint jump
The lower bound on protobuf jumped from >=4.25.0 to >=7.35.1, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing weaviate-client down from 4.21.0 to 4.16.2 in unstract/workflow-execution/uv.lock, and is pulling protobuf from 5.29.6 to 7.35.1 in platform-service and runner — environments where the serialized .proto message format has not been tested against 7.x.
Prompt To Fix With AI
This is a comment left during a code review.
Path: unstract/flags/pyproject.toml
Line: 8
Comment:
**Unexpectedly large protobuf minimum constraint jump**
The lower bound on `protobuf` jumped from `>=4.25.0` to `>=7.35.1`, skipping three major versions (4 → 5 → 6 → 7). Each major version of protobuf introduced breaking changes in the Python runtime (e.g. descriptor-pool access, symbol database APIs, enforcement of generated-code compatibility). More concretely, this constraint change is already forcing `weaviate-client` down from 4.21.0 to 4.16.2 in `unstract/workflow-execution/uv.lock`, and is pulling `protobuf` from 5.29.6 to 7.35.1 in `platform-service` and `runner` — environments where the serialized `.proto` message format has not been tested against 7.x.
How can I resolve this? If you propose a fix, please make it concise.


Bumps the uv group with 3 updates in the / directory: python-socketio, joserfc and ujson.
Bumps the uv group with 3 updates in the /backend directory: python-socketio, azure-identity and ujson.
Bumps the uv group with 1 update in the /platform-service directory: ujson.
Bumps the uv group with 1 update in the /unstract/connectors directory: ujson.
Bumps the uv group with 1 update in the /unstract/filesystem directory: ujson.
Bumps the uv group with 1 update in the /unstract/sdk1 directory: ujson.
Bumps the uv group with 1 update in the /unstract/tool-registry directory: ujson.
Bumps the uv group with 2 updates in the /workers directory: python-socketio and ujson.
Updates
python-socketiofrom 5.16.1 to 5.16.2Release notes
Sourced from python-socketio's releases.
Changelog
Sourced from python-socketio's changelog.
... (truncated)
Commits
6e2b717Release 5.16.2cb65829update python-engineio versionca140feprevent unnecessary resource allocation (#1574)b29beeftox configuratione898130Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog05c32f5Bump qs and body-parser in /examples/server/javascript (#1572) #nolog287dc67Bump qs and body-parser in /examples/client/javascript (#1571) #nolog664dc27add zizmor to ci (#1570)14c6236Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog29b2e5cBump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nologUpdates
joserfcfrom 1.6.5 to 1.6.8Release notes
Sourced from joserfc's releases.
Changelog
Sourced from joserfc's changelog.
Commits
ea1d9e3chore: release 1.6.886d0091Reject empty oct key material and empty HMAC keys at sign/verify entry1e5b94dchore: release 1.6.775d9f95fix(typing): use cast for type hints6d24037Merge pull request #98 from jonathangreen/algorithms-accept-collection102a7a7fix(typing): accept any Collection for algorithms, not just list8b869e8chore: release 1.6.600d599bchore: update actions9186561Merge pull request #97 from authlib/fix-b644d4ea2efix(jws): validate payload size for b64=falseUpdates
python-engineiofrom 4.13.1 to 4.13.3Release notes
Sourced from python-engineio's releases.
Changelog
Sourced from python-engineio's changelog.
... (truncated)
Commits
a53d58cRelease 4.13.39e72608Remove failing coverage.py service7517473Make sure client disconnects when write loop exists (Fixes #454) (#455)6902ffcBump ws, engine.io and engine.io-client in /examples/client/javascript (#453)...883c8f4Bump tornado from 6.5.5 to 6.5.7 in /examples/server/tornado (#451)0d6654eBump aiohttp from 3.14.0 to 3.14.1 in /examples/server/aiohttp (#450) #nolog588a4dbBump qs and express in /examples/server/javascript (#447) #nolog28ed709Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#446) #nologd5ef0e4Bump qs and express in /examples/client/javascript (#445) #nologed46b24Bump ws, engine.io and engine.io-client in /examples/client/javascript (#442)...Updates
ujsonfrom 5.12.1 to 5.13.0Release notes
Sourced from ujson's releases.
Commits
1a23a68Create manylinux2014 wheels (#745)bd943e8Build separate manylinux2014 + modern wheels87ae2dfCreate manylinux2014 wheels209371eVerify expected number of dists (#743)6392258Also check SHA of wheels in case manylinux version changesa00edeaVerify expected number of distse24aeb7Fix utf-8 test for graalpy9122ebeReplace pre-commit with prek to fix deprecation warning (#744)0bbf9a3Add support for Python 3.15 (#742)90ddea2Replace pre-commit with prek to fix deprecation warningUpdates
python-socketiofrom 5.9.0 to 5.16.2Release notes
Sourced from python-socketio's releases.
Changelog
Sourced from python-socketio's changelog.
... (truncated)
Commits
6e2b717Release 5.16.2cb65829update python-engineio versionca140feprevent unnecessary resource allocation (#1574)b29beeftox configuratione898130Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog05c32f5Bump qs and body-parser in /examples/server/javascript (#1572) #nolog287dc67Bump qs and body-parser in /examples/client/javascript (#1571) #nolog664dc27add zizmor to ci (#1570)14c6236Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog29b2e5cBump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nologUpdates
azure-identityfrom 1.16.0 to 1.16.1Commits
05f60c8Use esrp release task that supports federated auth (#35523)4699efbpin setuptools (#35212)6a07fc9[Identity] Fix device code tests (#35846)e16a704[Identity] Add Azure Arc key validation checksUpdates
python-engineiofrom 4.13.1 to 4.13.3Release notes
Sourced from python-engineio's releases.
Changelog
Sourced from python-engineio's changelog.
... (truncated)
Commits
a53d58cRelease 4.13.39e72608Remove failing coverage.py service7517473Make sure client disconnects when write loop exists (Fixes #454) (#455)6902ffcBump ws, engine.io and engine.io-client in /examples/client/javascript (#453)...883c8f4Bump tornado from 6.5.5 to 6.5.7 in /examples/server/tornado (#451)0d6654eBump aiohttp from 3.14.0 to 3.14.1 in /examples/server/aiohttp (#450) #nolog588a4dbBump qs and express in /examples/server/javascript (#447) #nolog28ed709Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#446) #nologd5ef0e4Bump qs and express in /examples/client/javascript (#445) #nologed46b24Bump ws, engine.io and engine.io-client in /examples/client/javascript (#442)...Updates
ujsonfrom 5.12.1 to 5.13.0Release notes
Sourced from ujson's releases.
Commits
1a23a68Create manylinux2014 wheels (#745)bd943e8Build separate manylinux2014 + modern wheels87ae2dfCreate manylinux2014 wheels209371eVerify expected number of dists (#743)6392258Also check SHA of wheels in case manylinux version changesa00edeaVerify expected number of distse24aeb7Fix utf-8 test for graalpy9122ebeReplace pre-commit with prek to fix deprecation warning (#744)0bbf9a3Add support for Python 3.15 (#742)90ddea2Replace pre-commit with prek to fix deprecation warningUpdates
ujsonfrom 5.12.1 to 5.13.0Release notes
Sourced from ujson's releases.
Commits
1a23a68Create manylinux2014 wheels (#745)bd943e8Build separate manylinux2014 + modern wheels87ae2dfCreate manylinux2014 wheels209371eVerify expected number of dists (#743)6392258Also check SHA of wheels in case manylinux version changesa00edeaVerify expected number of distse24aeb7Fix utf-8 test for graalpy9122ebeReplace pre-commit with prek to fix deprecation warning (#744)0bbf9a3Add support for Python 3.15 (#742)90ddea2Replace pre-commit with prek to fix deprecation warningUpdates
ujsonfrom 5.12.1 to 5.13.0Release notes
Sourced from ujson's releases.
Commits
1a23a68Create manylinux2014 wheels (#745)bd943e8Build separate manylinux2014 + modern wheels87ae2dfCreate manylinux2014 wheels209371eVerify expected number of dists (#743)6392258Also check SHA of wheels in case manylinux version changesa00edeaVerify expected number of distse24aeb7Fix utf-8 test for graalpy9122ebeReplace pre-commit with prek to fix deprecation warning (#744)0bbf9a3Add support for Python 3.15 (#742)90ddea2Replace pre-commit with prek to fix deprecation warningUpdates
ujsonfrom 5.12.1 to 5.13.0Release notes
Sourced from ujson's releases.
Commits
1a23a68Create manylinux2014 wheels (#745)bd943e8Build separate manylinux2014 + modern wheels87ae2dfCreate manylinux2014 wheels209371eVerify expected number of dists (#743)6392258Also check SHA of wheels in case manylinux version changesa00edeaVerify expected number of distse24aeb7Fix utf-8 test for graalpy9122ebeReplace pre-commit with prek to fix deprecation warning (#744)0bbf9a3Add support for Python 3.15 (#742)