Skip to content

Bump python-dotenv from 1.0.1 to 1.2.2 in /services/mcp_eval#20

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/services/mcp_eval/python-dotenv-1.2.2
Open

Bump python-dotenv from 1.0.1 to 1.2.2 in /services/mcp_eval#20
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/services/mcp_eval/python-dotenv-1.2.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026

Copy link
Copy Markdown
Contributor

Bumps python-dotenv from 1.0.1 to 1.2.2.

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

  • Move more config to pyproject.toml, removed setup.cfg
  • Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

[1.1.1] - 2025-06-24

Fixed

... (truncated)

Commits

Greptile Summary

  • Bumps python-dotenv from 1.0.1 to 1.2.2 across requirements.txt, pyproject.toml, and uv.lock; also aligns the lock file which was already at 1.1.1.
  • The 1.2.2 release contains breaking changes to set_key / unset_key symlink handling, but a search of services/mcp_eval confirms neither function is used, so there is no impact.
  • The minimum version specifier in pyproject.toml is tightened from >=1.0.0 to >=1.2.2, keeping the constraint consistent with the pinned version.

Confidence Score: 5/5

Safe to merge — routine dependency bump with no breaking changes affecting this codebase

The only breaking changes in 1.2.2 involve set_key/unset_key symlink behavior; the codebase does not use either function. All three files are updated consistently.

No files require special attention

Important Files Changed

Filename Overview
services/mcp_eval/pyproject.toml Minimum version constraint for python-dotenv bumped from >=1.0.0 to >=1.2.2
services/mcp_eval/requirements.txt Pinned python-dotenv version updated from ==1.0.1 to ==1.2.2, aligning with uv.lock
services/mcp_eval/uv.lock Lock file updated from python-dotenv 1.1.1 to 1.2.2 with new PyPI hashes

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[dependabot bump] --> B[pyproject.toml\npython-dotenv >=1.0.0 → >=1.2.2]
    A --> C[requirements.txt\npython-dotenv ==1.0.1 → ==1.2.2]
    A --> D[uv.lock\npython-dotenv 1.1.1 → 1.2.2]
    B & C & D --> E{Breaking changes?\nset_key / unset_key symlinks}
    E -->|Not used in codebase| F[No impact ✓]
Loading

Reviews (4): Last reviewed commit: "Bump python-dotenv from 1.0.1 to 1.2.2 i..." | Re-trigger Greptile

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 21, 2026
@socket-security

socket-security Bot commented Apr 21, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpython-dotenv@​1.1.1 ⏵ 1.2.299 +1100 +2100100100

View full report

@dependabot dependabot Bot force-pushed the dependabot/uv/services/mcp_eval/python-dotenv-1.2.2 branch from 61e4b4d to 5aad17d Compare April 24, 2026 18:53
@dependabot dependabot Bot force-pushed the dependabot/uv/services/mcp_eval/python-dotenv-1.2.2 branch from 5aad17d to b58fa2e Compare May 4, 2026 16:45
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.0.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.0.1...v1.2.2)

---
updated-dependencies:
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/services/mcp_eval/python-dotenv-1.2.2 branch from b58fa2e to 62df6c1 Compare May 9, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants