Skip to content

chore(deps): update all non-major#816

Open
renovate[bot] wants to merge 1 commit into
developfrom
renovate/all-non-major
Open

chore(deps): update all non-major#816
renovate[bot] wants to merge 1 commit into
developfrom
renovate/all-non-major

Conversation

@renovate

@renovate renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
astropy 7.2.07.2.1 age confidence project.dependencies patch 7.2.2
docker/dockerfile 1.71.25 age confidence syntax minor
hypothesis (changelog) 6.155.26.155.7 age confidence project.optional-dependencies patch 6.156.6 (+5)
ipython 9.14.19.15.0 age confidence project.optional-dependencies minor
jupyterlab (changelog) 4.5.94.6.1 age confidence project.optional-dependencies minor
matplotlib 3.10.93.11.0 age confidence project.dependencies minor
numpy (changelog) 2.4.62.5.0 age confidence project.dependencies minor 2.5.1
reproject 0.19.00.21.0 age confidence project.dependencies minor
snakemake 9.22.09.23.1 age confidence project.optional-dependencies minor
tqdm (changelog) 4.68.14.68.3 age confidence project.dependencies patch 4.68.4

Release Notes

astropy/astropy (astropy)

v7.2.1

Compare Source

See https://docs.astropy.org/en/v7.2.1/changelog.html

HypothesisWorks/hypothesis (hypothesis)

v6.155.7: Hypothesis version 6.155.7

Compare Source

This patch fixes a thread-safety bug where concurrent use of the same
strategy instance could error in rare cases. (issue #​4475).

The canonical version of these notes (with links) is on readthedocs.

v6.155.6: Hypothesis version 6.155.6

Compare Source

This patch replaces some internal "%"-style string formatting with
f-strings. There is no user-visible change.

The canonical version of these notes (with links) is on readthedocs.

v6.155.5: Hypothesis version 6.155.5

Compare Source

"dates()" now raises "InvalidArgument" if a "datetime" is passed as
"min_value" or "max_value". Because "datetime" is a subclass of
"date", such bounds were previously accepted and then failed with a
confusing "TypeError" while generating examples.

The canonical version of these notes (with links) is on readthedocs.

v6.155.4: Hypothesis version 6.155.4

Compare Source

This patch removes a stray "print()" which fired whenever a "dates()"
filter was rewritten.

The canonical version of these notes (with links) is on readthedocs.

v6.155.3: Hypothesis version 6.155.3

Compare Source

When using an alternative backend (such as hypothesis-crosshair),
Hypothesis no longer emits a "test_case" observation for an iteration
that the backend aborts via "BackendCannotProceed" before the test
body runs
. Previously such an iteration -- for example when the
crosshair backend has exhausted its search paths -- could surface as a
spurious, draw-less "passed" observation with an empty representation,
even though the engine already discards the iteration entirely.

The canonical version of these notes (with links) is on readthedocs.

ipython/ipython (ipython)

v9.15.0

Compare Source

jupyterlab/jupyterlab (jupyterlab)

v4.6.1

Compare Source

4.6.1

(Full Changelog)

Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Other merged PRs
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​brichet (activity) | @​Darshan808 (activity) | @​DTiming24 (activity) | @​krassowski (activity) | @​Krish-876 (activity) | @​MUFFANUJ (activity)

v4.6.0

Compare Source

(Full Changelog)

New features added
Deprecated features
Enhancements made
Bugs fixed

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 6am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown
Author

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml
Artifact update for tqdm resolved to version 4.68.4, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 4.68.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/
File name: pyproject.toml
Artifact update for hypothesis resolved to version 6.156.6, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 6.155.7
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

cailmdaley added a commit that referenced this pull request Jul 13, 2026
Locks pytest to the version that exposed the pytest-pydocstyle breakage, so
this PR's own CI exercises the exact scenario it fixes (green = proof) and
completes the bump Renovate #816/#817 were attempting.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01CBC6HKdgXaZ7ei5XfdvZGo
@renovate renovate Bot force-pushed the renovate/all-non-major branch 2 times, most recently from e24dbd4 to a345484 Compare July 13, 2026 10:37
cailmdaley added a commit that referenced this pull request Jul 13, 2026
…lay)

Keep the release-age gate — the point of it is supply-chain defense: a
hijacked-but-legitimate package (compromised maintainer / malicious release)
gets a detection window before it auto-merges — and make automerge reliable at
the same time.

Root problem: with floor ranges (>=) + rangeStrategy=update-lockfile, `uv lock`
resolves the floor to the newest in-range release, which may be too fresh, and
Renovate can't pin uv to an exact aged version (renovatebot/renovate#41624). So
it fails the artifact update instead of waiting — this is what stalled #816.

Fix: rangeStrategy=pin writes the exact aged version into pyproject.toml, so uv
can't overshoot and minimumReleaseAge is honored. internalChecksFilter=strict
ensures Renovate only ever acts on versions past the age gate. minimumReleaseAge
set explicitly (3 days) so the control is owned in git, tunable.

shapepipe ships as a container and isn't on PyPI (an app, not a library with
downstream installers), so pinning is the appropriate, standard choice; the
abstract-floors design targets libraries. Gates DIRECT deps only — transitive
deps in uv.lock still float via lockFileMaintenance.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01CBC6HKdgXaZ7ei5XfdvZGo
@renovate renovate Bot force-pushed the renovate/all-non-major branch 3 times, most recently from 4a68b9e to dbd14c4 Compare July 13, 2026 13:17
cailmdaley added a commit that referenced this pull request Jul 13, 2026
… config

The `//` documentation keys (a package.json convention) are not valid Renovate
options — `renovate-config-validator` rejects them ("Invalid configuration
option: //"), so Renovate discarded renovate.json entirely and fell back to
defaults: deps stayed on floors and the minimumReleaseAge/artifact failure on
#816 persisted. Move the rationale into Renovate's supported `description`
field; config now validates cleanly. Same three settings (rangeStrategy=pin,
internalChecksFilter=strict, minimumReleaseAge=3 days).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01CBC6HKdgXaZ7ei5XfdvZGo
@renovate renovate Bot force-pushed the renovate/all-non-major branch 3 times, most recently from 74a8a8e to 1602d0d Compare July 13, 2026 23:19
cailmdaley added a commit that referenced this pull request Jul 13, 2026
Renovate's rangeStrategy=pin packageRule failed to take effect against
the Mend org config even after 3fe9d3e (verified on the 2026-07-13
23:19 rebase of #816: no pins written, artifacts still failing on
renovatebot/renovate#41624). Stop depending on config-merge semantics:
write the pins directly into pyproject.toml at the currently-locked
versions and relock. Renovate now just bumps pins.

Also guard python: Renovate classifies 3.12 -> 3.14 as 'minor', which
would ride the non-major automerge group. A Python upgrade of the
science stack gets human review.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013ggNiT4bp685KyB4RraQBE
@cailmdaley cailmdaley changed the title chore(deps): update all non-major rebase!chore(deps): update all non-major Jul 13, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from 1602d0d to fb740b4 Compare July 13, 2026 23:36
@renovate renovate Bot changed the title rebase!chore(deps): update all non-major fix(deps): update all non-major Jul 13, 2026
cailmdaley added a commit that referenced this pull request Jul 13, 2026
numba 0.65.1 requires numpy<2.5; Renovate's grouped pin bump to
numpy 2.5.0 made uv lock unsatisfiable and failed the whole non-major
batch (#816 artifacts step). Cap numpy so the rest of the group flows;
drop when numba supports numpy 2.5.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013ggNiT4bp685KyB4RraQBE
@cailmdaley cailmdaley changed the title fix(deps): update all non-major rebase!fix(deps): update all non-major Jul 13, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from fb740b4 to 82798c6 Compare July 13, 2026 23:43
@renovate renovate Bot changed the title rebase!fix(deps): update all non-major fix(deps): update all non-major Jul 13, 2026
@cailmdaley cailmdaley changed the title fix(deps): update all non-major rebase!fix(deps): update all non-major Jul 13, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from 82798c6 to 48dd0a2 Compare July 13, 2026 23:49
@renovate renovate Bot changed the title rebase!fix(deps): update all non-major fix(deps): update all non-major Jul 13, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from 48dd0a2 to ef6548f Compare July 14, 2026 00:32
@cailmdaley cailmdaley changed the title fix(deps): update all non-major rebase!fix(deps): update all non-major Jul 14, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from ef6548f to ed68c5c Compare July 14, 2026 00:39
@renovate renovate Bot changed the title rebase!fix(deps): update all non-major chore(deps): update all non-major Jul 14, 2026
@cailmdaley cailmdaley changed the title chore(deps): update all non-major rebase!chore(deps): update all non-major Jul 14, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from ed68c5c to 797a480 Compare July 14, 2026 00:40
@renovate renovate Bot changed the title rebase!chore(deps): update all non-major chore(deps): update all non-major Jul 14, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch 7 times, most recently from 3b73cb4 to 8c4f53a Compare July 14, 2026 11:23
@renovate renovate Bot force-pushed the renovate/all-non-major branch from 8c4f53a to 756ea76 Compare July 14, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants