Bump SDK packages to v1.23.1#756
Conversation
Automated version bump after PyPI release. Co-authored-by: openhands <openhands@all-hands.dev>
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🟡 Acceptable - SDK version bump structure is correct, but waiting period required for supply chain safety.
[CRITICAL ISSUES]
[SUPPLY CHAIN RISK]
Both target versions were published less than 7 days ago and must wait before approval:
openhands-sdk==1.23.1published at2026-05-25T19:47:27Z(< 2 minutes ago)openhands-tools==1.23.1published at2026-05-25T19:47:34Z(< 2 minutes ago)
Per supply chain security policy, dependency updates must wait 7 days after publication before approval to allow time for community security review and potential vulnerability disclosure.
Action Required: Re-request review on or after 2026-06-01 (7 days from publish date).
[RISK ASSESSMENT]
- [Overall PR]
⚠️ Risk Assessment: 🟡 MEDIUM
Supply chain risk due to freshly published versions. The diff itself is clean (only dependency version bumps in pyproject.toml and uv.lock), but the 7-day waiting period is a critical control against supply chain attacks and zero-day vulnerabilities in new releases.
VERDICT:
❌ Needs waiting period: Come back in 7 days, then this will auto-approve.
KEY INSIGHT:
SDK version bumps are normally auto-approved, but supply chain safety trumps automation - fresh packages need time to bake.
Was this automated review useful? React with 👍 or 👎 to this review to help us measure review quality.
Workflow run: https://github.com/OpenHands/OpenHands-CLI/actions/runs/26417191824
|
@OpenHands why does ci fail? respond in pr, and fix |
|
@enyst your session has expired. Please login again at OpenHands Cloud and try again. |
2 participants
Automated Version Bump
This PR updates the following packages to version 1.23.1:
openhands-sdkopenhands-toolsTriggered by: Release of software-agent-sdk v1.23.1
This PR was automatically created by the version-bump-prs workflow.
🚀 Try this PR