Skip to content

Update dependabot alert dependencies#74

Merged
TheEdgeOfRage merged 1 commit into
mainfrom
update-deps
Jun 24, 2026
Merged

Update dependabot alert dependencies#74
TheEdgeOfRage merged 1 commit into
mainfrom
update-deps

Conversation

@TheEdgeOfRage

Copy link
Copy Markdown
Member

No description provided.

@TheEdgeOfRage TheEdgeOfRage requested review from a team and jeff-dude June 19, 2026 09:34
@cursor

cursor Bot commented Jun 19, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Lockfile-only but bumps the HTTP client stack and a sizable dbt-common revision; validate dbt runs/CI still pass.

Overview
Refreshes the uv lockfile only—no changes to direct dependency specifiers in pyproject.toml (dbt-core, dbt-trino, trino stay the same).

Resolved transitive versions move forward to address Dependabot alerts, including urllib3 (2.5.0 → 2.7.0), requests (2.32.5 → 2.34.2), and idna (3.10 → 3.18), plus dbt-related packages such as dbt-common (1.32.0 → 1.38.0), dbt-protos, protobuf, sqlparse, deepdiff, and orjson (with updated wheel entries).

Reviewed by Cursor Bugbot for commit a1b91f5. Configure here.

@TheEdgeOfRage TheEdgeOfRage requested a review from 0xRobin June 24, 2026 09:58
@TheEdgeOfRage TheEdgeOfRage merged commit b5ccadc into main Jun 24, 2026
4 checks passed
@TheEdgeOfRage TheEdgeOfRage deleted the update-deps branch June 24, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants