Skip to content

chore(deps): refresh lockfile for remaining PR #7 updates#21

Merged
davidchris merged 1 commit intomainfrom
codex-pr7-lock-refresh
Apr 16, 2026
Merged

chore(deps): refresh lockfile for remaining PR #7 updates#21
davidchris merged 1 commit intomainfrom
codex-pr7-lock-refresh

Conversation

@davidchris
Copy link
Copy Markdown
Owner

@davidchris davidchris commented Apr 16, 2026

Summary

This replaces Dependabot PR #7 with a lockfile refresh rebased onto current main.

It keeps the dependency updates that still resolve cleanly today:

  • fonttools 4.59.2 -> 4.62.1
  • python-multipart 0.0.20 -> 0.0.24
  • urllib3 2.4.0 -> 2.6.3

Why starlette is not included

The original PR also attempted to bump starlette, but the current project dependency set resolves fastapi==0.115.12, which declares:

  • starlette >=0.40.0, <0.47.0

Because of that constraint, starlette remains at 0.46.2 in the refreshed lockfile. A Starlette security upgrade now needs to be handled as a separate FastAPI upgrade rather than by merging the old Dependabot PR directly.

Validation

Ran:

  • uv run -m pytest tests/test_app_factory.py tests/test_ml_api.py tests/test_upload_progress_htmx.py -q
  • repo push hook checks during git push

Local focused test result: 24 passed

@davidchris davidchris merged commit 3a63381 into main Apr 16, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davidchris