Skip to content

Bump runtime dependencies and version to 4.1.1#1054

Open
kroenlein wants to merge 1 commit into
mainfrom
deps/bump-runtime-dependencies
Open

Bump runtime dependencies and version to 4.1.1#1054
kroenlein wants to merge 1 commit into
mainfrom
deps/bump-runtime-dependencies

Conversation

@kroenlein

@kroenlein kroenlein commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Summary

Upgrades the pinned runtime dependencies in requirements.txt to the latest versions allowed by the pyproject.toml constraints, and bumps the package version to 4.1.1.

Package From To
pyjwt 2.12.0 2.13.0
urllib3 2.6.3 2.7.0
requests 2.33.1 2.34.2
boto3 1.42.42 1.43.36
gemd 2.2.0 2.2.4
tqdm 4.67.3 4.68.3

All bumps stay within the existing pyproject.toml ranges; no constraint changes are needed.

Supersedes Dependabot PRs

This replaces and closes:

Both Dependabot PRs each covered a single dependency and failed the pr-checks / Check version bumped gate because they did not bump __version__. This PR folds both in alongside the other in-range upgrades and includes the required version bump.

Validation

  • Full unit suite: 1262 passed, 100% coverage (pre-commit gate)
  • Dependency-sensitive slice of the nextgen-devkit end-to-end suite run against the development fleet with the exact upgraded dependency set: 20 passed, 8 skipped (no second API key), 0 failed — covering auth (pyjwt), GEMD serialization (gemd), and CRUD over HTTP (requests/urllib3)

🤖 Generated with Claude Code

@kroenlein @claude
Bump runtime dependencies and version to 4.1.1
06d2103 
Upgrades pinned runtime dependencies in requirements.txt to the latest
versions allowed by the pyproject.toml constraints:

  pyjwt    2.12.0  -> 2.13.0
  urllib3  2.6.3   -> 2.7.0
  requests 2.33.1  -> 2.34.2
  boto3    1.42.42 -> 1.43.36
  gemd     2.2.0   -> 2.2.4
  tqdm     4.67.3  -> 4.68.3

Supersedes Dependabot PRs #1053 (pyjwt) and #1051 (urllib3), which each
covered a single dependency and could not pass the "Check version bumped"
gate.

Validated with the unit suite and a dependency-sensitive slice of the
nextgen-devkit end-to-end suite (auth, GEMD serialization, and CRUD over
HTTP) against the development fleet.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kroenlein kroenlein requested a review from a team as a code owner June 23, 2026 22:29
This was referenced Jun 23, 2026
Closed
Closed
anoto-moniz
anoto-moniz approved these changes Jun 24, 2026
View reviewed changes

@anoto-moniz anoto-moniz left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anoto-moniz anoto-moniz anoto-moniz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kroenlein @anoto-moniz