Skip to content

fix: use >= version constraints for action deps to enable Dependabot updates#419

Closed
Copilot wants to merge 2 commits intomainfrom
copilot/fix-dependency-update-issue
Closed

fix: use >= version constraints for action deps to enable Dependabot updates#419
Copilot wants to merge 2 commits intomainfrom
copilot/fix-dependency-update-issue

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 3, 2026
edited
Loading

cpp-linter and clang-tools were pinned with exact == constraints in the action dependency group, causing Dependabot to report "No update possible" — uv lock --upgrade-package cannot change the lockfile when the specifier only allows one exact version.

Changes

  • pyproject.toml: Change action group deps from exact (==) to minimum-version (>=) constraints, consistent with dev/docs groups. The lockfile still pins the runtime version precisely.
  • uv.lock: Regenerated with uv lock --upgrade-package cpp-linter, bumping cpp-linter to 1.12.1 for Python ≥ 3.10 (stays at 1.12.0 for Python < 3.10, as 1.12.1 transitively requires pygit2 ≥ 1.19.2 which dropped 3.9 support).
# before
action = [
    "clang-tools==0.17.0",
    "cpp-linter==1.12.0",
]

# after
action = [
    "clang-tools>=0.17.0",
    "cpp-linter>=1.12.0",
]

@github-actions github-actions bot added the bug Something isn't working label Apr 3, 2026
@shenxianpeng
fix: change action deps from == to >= to allow dependabot updates, bu…
582677e 
…mp cpp-linter to 1.12.1

Agent-Logs-Url: https://github.com/cpp-linter/cpp-linter-action/sessions/b460992a-13de-459d-beaf-8758cb4812f7

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix issue with dependency update not triggering fix: use >= version constraints for action deps to enable Dependabot updates Apr 3, 2026
Copilot AI requested a review from shenxianpeng April 3, 2026 18:42
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 3, 2026
edited
Loading

Cpp-Linter Report ⚠️

Some files did not pass the configured checks!

clang-format (v16.0.6) reports: 2 file(s) not formatted
  • docs/examples/demo/demo.hpp
  • docs/examples/demo/demo.cpp
clang-tidy (v16.0.6) reports: 7 concern(s)

Have any feedback or feature suggestions? Share it here.

@2bndy5
Copy link
Copy Markdown
Collaborator

2bndy5 commented Apr 3, 2026
edited
Loading

We switched to exact version requirements for a few reasons.

I didn't think dependabot errors is a good reason to revert that decision.

I suspect the uv.lock errors are more likely from still supporting python 3.9, but that should be resolved by #420

FYI, the recommended version of pygments in security alert #11 has other bugs that need to be resolved first before we upgrade pygments.

@2bndy5 2bndy5 closed this Apr 3, 2026
@2bndy5 2bndy5 deleted the copilot/fix-dependency-update-issue branch April 3, 2026 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shenxianpeng shenxianpeng Awaiting requested review from shenxianpeng

Assignees

@shenxianpeng shenxianpeng

Copilot code review Copilot

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@2bndy5 @shenxianpeng