[py] update python dependencies#17490
Conversation
Review Summary by QodoUpdate Python dependencies to latest patch versions
WalkthroughsDescription• Bumps ruff from 0.15.12 to 0.15.13 • Updates jaraco.functools from 4.4.0 to 4.5.0 • Updates requests from 2.34.1 to 2.34.2 • Updates dependency hashes in lock file Diagramflowchart LR
A["Python Dependencies"] -->|ruff 0.15.12→0.15.13| B["pyproject.toml"]
A -->|jaraco.functools 4.4.0→4.5.0| C["requirements.txt"]
A -->|requests 2.34.1→2.34.2| C
C -->|Update hashes| D["requirements_lock.txt"]
File Changes1. py/pyproject.toml
|
Code Review by Qodo
1.
|
|
Persistent review updated to latest commit ba3c704 |
|
Persistent review updated to latest commit 0cf1a72 |
There was a problem hiding this comment.
Pull request overview
This PR updates several Python development dependencies (cachetools, requests, types-PySocks, jaraco.functools, ruff, lxml, ast-serialize) in the lock file, and restructures py/requirements.txt and py/tox.ini to remove the dependency-groups mechanism in pyproject.toml in favor of explicit deps = ... in tox and a curated direct-dependencies list in requirements.txt.
Changes:
- Bump cachetools→7.1.3, requests→2.34.2, types-PySocks→1.7.1.20260518, jaraco-functools→4.5.0, ruff→0.15.13 (plus lxml 6.1.1, ast-serialize 0.5.0 in lock).
- Remove the
[dependency-groups]table frompyproject.tomland replacedependency_groups = ...intox.iniwith explicit pinneddeps. - Rewrite
py/requirements.txtfrom a fully pinned flat list into a curated set of direct dev tooling using~=version constraints, plus platform-specific transitive deps.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| py/pyproject.toml | Removes [dependency-groups] (lint/validate) now defined inline in tox. |
| py/tox.ini | Replaces dependency_groups = lint/validate with explicit pinned deps. |
| py/requirements.txt | Rewrites file as curated direct deps using ~= constraints, with platform-specific extras. |
| py/requirements_lock.txt | Refreshes lock with version bumps; drops several -r py/requirements.txt markers for deps now treated as transitive. |
|
Persistent review updated to latest commit ec78b44 |
* origin/trunk: (97 commits) [py] update python dependencies (SeleniumHQ#17490) [build] fix renovate reported issues with configuration [build] remove base-ref from renovate workflows it does not work for the use case I had for them [build] add renovate dependency workflow (SeleniumHQ#17504) [build] simplify commit-changes workflow (SeleniumHQ#17503) [build] clarify dependency pin and update tasks (SeleniumHQ#17463) [build] do not rerun or attempt to upload logs unless workflow failure is from the Bazel step [build] fix renovate ignore rules_python to v2 until upstream fixed [build] renovate ignore rules_python until upstream fixed [build] bump rules_closure version (SeleniumHQ#17500) [build] bump rules_jvm_external (SeleniumHQ#17501) [js] remove npm dependency by using bazel for everything (SeleniumHQ#17499) [build] bump ruby versions to latest patch releases (SeleniumHQ#17496) [dotnet] [build] Support deterministic build output (SeleniumHQ#17497) [build] remove renovate update requests pending work done in SeleniumHQ#17427 (SeleniumHQ#17498) [dotnet] [build] Fix remote linkage in SourceLink (SeleniumHQ#17495) [rust] update reqwest to 0.13 (SeleniumHQ#17488) [build] bump low-risk Bazel module dependencies (SeleniumHQ#17494) [dotnet] run format against slnx instead of looping csproj (SeleniumHQ#17483) [build] ignore renovate.json references in renovate recommendations ... # Conflicts: # MODULE.bazel # rust/BUILD.bazel
🔗 Related Issues
From #13964
💥 What does this PR do?
Bumps 3 versions that are currently hard coded. No issues detected.dependency-groupsfrom pyproject.toml because it isn't actually being used with bazel. Since it is tox-only and tox is essentially a convenience right now for local development, I've moved the versions to there directly.Verified that lockfile is equivalent before and after change.