ROB-3755 - Update development dependencies to latest versions

[naomi-robusta]

Summary

This PR updates several development dependencies to their latest versions to ensure compatibility, security, and access to new features.

Key Changes

• Pillow: Updated from ^12.1.1 to ^12.2.0
• black: Updated from 22.3.0 to 26.3.1 (major version bump)
• tornado: Updated from ^6.5.1 to ^6.5.5

Notes

These are development and documentation dependencies that support the build, testing, and code formatting workflows. The black formatter update is a significant version bump that may introduce changes to code formatting behavior.

https://claude.ai/code/session_01Y29n73kfj8vU7nRPHXk4Dk

[github-actions]

✅ Docker image ready for 54407aa (built in 2m 26s)

• us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:54407aa

⚠️ Warning: does not support ARM (ARM images are built on release only - not on every PR)

Use this tag to pull the image for testing.

📋 Copy commands

⚠️ Temporary images are deleted after 30 days. Copy to a permanent registry before using them:

gcloud auth configure-docker us-central1-docker.pkg.dev
docker pull us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:54407aa
docker tag us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:54407aa me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:54407aa
docker push me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:54407aa

Patch Helm values in one line:

helm upgrade --install robusta robusta/robusta \
  --reuse-values \
  --set runner.image=me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:54407aa

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8208fcca-1b09-4236-bc54-16a61b505e6b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

Walkthrough

Updated dev dependency versions in pyproject.toml: Pillow from ^12.1.1 to ^12.2.0, black from 22.3.0 to 26.3.1, and tornado from ^6.5.1 to ^6.5.5.

Changes

Cohort / File(s)	Summary
Dependency Updates pyproject.toml	Bumped three dev dependencies: Pillow to ^12.2.0, black to 26.3.1, and tornado to ^6.5.5.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Patch cves #2028: Previous PR that bumped Pillow to ^12.1.1; this PR further updates it to ^12.2.0.

Suggested reviewers

• Avi-Robusta

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change of updating development dependencies to newer versions.
Description check	✅ Passed	The description is clearly related to the changeset, detailing which dependencies were updated and why, with appropriate context about the changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/fix-security-vulnerabilities-SbfKs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pyproject.toml (1)

10-12: ⚠️ Potential issue | 🟡 Minor

Update black target-version to match project Python version.

The black configuration specifies target-version = ['py37'] but the project requires Python >=3.10, <3.12 (line 20). This mismatch means black may not utilize Python 3.10+ syntax features or could apply incorrect formatting rules.

🔧 Proposed fix to align target-version with project Python version

 [tool.black]
 line-length = 120
-target-version = ['py37']
+target-version = ['py310', 'py311']

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 10 - 12, The Black config under [tool.black]
currently sets target-version = ['py37'], which mismatches the project's Python
requirement (>=3.10,<3.12); update the target-version setting to match supported
interpreters (e.g., target-version = ['py310', 'py311'] or at minimum ['py310'])
so Black will use Python 3.10+ formatting rules; modify the target-version key
in the [tool.black] section accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pyproject.toml`:
- Line 108: The dependency line setting Black to "26.3.1" may change formatting
results compared to 22.3.0; run the formatter across the repo with Black 26.3.1
(using the pyproject.toml setting "black = \"26.3.1\"") and review/commit any
formatting diffs, and re-enable or add the Black pre-commit hook in
.pre-commit-config.yaml so CI enforces the new formatter; if formatting changes
are unacceptable, adjust configuration (pyproject.toml Black options) or pin to
a different Black-compatible version and update tests/CI accordingly.

---

Outside diff comments:
In `@pyproject.toml`:
- Around line 10-12: The Black config under [tool.black] currently sets
target-version = ['py37'], which mismatches the project's Python requirement
(>=3.10,<3.12); update the target-version setting to match supported
interpreters (e.g., target-version = ['py310', 'py311'] or at minimum ['py310'])
so Black will use Python 3.10+ formatting rules; modify the target-version key
in the [tool.black] section accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 38eb5f9b-b9af-47b3-bc1c-ac23322662ec

📥 Commits

Reviewing files that changed from the base of the PR and between 410ef31 and d6dfa82.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

[Avi-Robusta]

LGTM