Relax msgpack and tornado dependency caps#5
Open
ihalatci wants to merge 2 commits into
Open
Conversation
Raise the upper bounds on msgpack (<=1.1.2 -> <=1.2.1) and tornado (<=6.5.5 -> <=6.5.7) so downstream consumers (citus regress tests) can pick up security-relevant patch releases while still pinning mitmproxy to a controlled range. Consistent with the fork's existing relaxations of urwid and cryptography. Verified: a real `pipenv lock` of the citus src/test/regress/Pipfile with mitmproxy pointed at this change resolves msgpack==1.2.1 and tornado==6.5.7 while preserving the cryptography==46.0.7 pin. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
Hi! I'm the It looks like you correctly set up a CI job that uses the autofix.ci GitHub Action, but the autofix.ci GitHub App has not been installed for this repository. This means that autofix.ci unfortunately does not have the permissions to fix this pull request. If you are the repository owner, please install the app and then restart the CI workflow! 😃 |
Regenerate uv.lock so uv sync --locked matches the pyproject.toml cap relaxation (msgpack<=1.2.1, tornado<=6.5.7). Only the requires-dist specifiers change; no resolved versions move (1.1.2/6.5.5 still satisfy the widened caps), keeping the fork diff minimal. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Raises the upper bounds on
msgpack(<=1.1.2-><=1.2.1) andtornado(<=6.5.5-><=6.5.7) so downstream consumers (citus regress tests) can pick up security-relevant patch releases while still pinning mitmproxy to a controlled range. Consistent with the fork's existing relaxations ofurwidandcryptography.Verified: a real
pipenv lockof citussrc/test/regress/Pipfilepointed at this change resolvesmsgpack==1.2.1andtornado==6.5.7while preserving thecryptography==46.0.7pin.Co-authored-by: Copilot App 223556219+Copilot@users.noreply.github.com