From db169e4aa8029daa4ac9f250858125cce433fe37 Mon Sep 17 00:00:00 2001 From: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> Date: Wed, 1 Apr 2026 15:37:20 -0600 Subject: [PATCH 1/4] :arrow_up::lock: Upgrade requests lower bound Signed-off-by: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> --- plugins/examples/nemocheck/pyproject.toml | 2 +- plugins/examples/nemocheck/uv.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/examples/nemocheck/pyproject.toml b/plugins/examples/nemocheck/pyproject.toml index e0e5e8c..38e8e8d 100644 --- a/plugins/examples/nemocheck/pyproject.toml +++ b/plugins/examples/nemocheck/pyproject.toml @@ -46,7 +46,7 @@ authors = [ dependencies = [ "cpex==0.1.0.dev10", "mcp>=1.16.0", - "requests>=2.32.5", + "requests>=2.33.0", ] # URLs diff --git a/plugins/examples/nemocheck/uv.lock b/plugins/examples/nemocheck/uv.lock index c68ae32..21aa39e 100644 --- a/plugins/examples/nemocheck/uv.lock +++ b/plugins/examples/nemocheck/uv.lock @@ -679,7 +679,7 @@ requires-dist = [ { name = "pytest-rerunfailures", marker = "extra == 'dev'", specifier = ">=15.1" }, { name = "pytest-trio", marker = "extra == 'dev'", specifier = ">=0.8.0" }, { name = "pytest-xdist", marker = "extra == 'dev'", specifier = ">=3.8.0" }, - { name = "requests", specifier = ">=2.32.5" }, + { name = "requests", specifier = ">=2.33.0" }, { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.12.9" }, { name = "uv", marker = "extra == 'dev'", specifier = ">=0.8.11" }, ] @@ -1242,7 +1242,7 @@ wheels = [ [[package]] name = "requests" -version = "2.32.5" +version = "2.33.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, @@ -1250,9 +1250,9 @@ dependencies = [ { name = "idna" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +sdist = { url = "https://files.pythonhosted.org/packages/5f/a4/98b9c7c6428a668bf7e42ebb7c79d576a1c3c1e3ae2d47e674b468388871/requests-2.33.1.tar.gz", hash = "sha256:18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517", size = 134120, upload-time = "2026-03-30T16:09:15.531Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, + { url = "https://files.pythonhosted.org/packages/d7/8e/7540e8a2036f79a125c1d2ebadf69ed7901608859186c856fa0388ef4197/requests-2.33.1-py3-none-any.whl", hash = "sha256:4e6d1ef462f3626a1f0a0a9c42dd93c63bad33f9f1c1937509b8c5c8718ab56a", size = 64947, upload-time = "2026-03-30T16:09:13.83Z" }, ] [[package]] From 93abc644ecd787e7119692b81b3c040bb3d5f68e Mon Sep 17 00:00:00 2001 From: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> Date: Wed, 1 Apr 2026 15:47:37 -0600 Subject: [PATCH 2/4] :bug: Update versioning comments Signed-off-by: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> --- .github/workflows/build.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/security-scans.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3854017..c968991 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v6 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8 - name: Build protobufs run: USE_HTTPS=true ./proto-build.sh @@ -71,7 +71,7 @@ jobs: - name: Extract Docker metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v5.6.1 with: images: ghcr.io/${{ github.repository }}/plugins-adapter flavor: | @@ -81,7 +81,7 @@ jobs: type=raw,value=latest,enable=${{ github.ref_type == 'tag' }} - name: Build and push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v6.10.0 with: context: . push: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c0027b8..c81997e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -56,7 +56,7 @@ jobs: publish_results: true - name: Upload SARIF to GitHub Security tab - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: scorecard.sarif diff --git a/.github/workflows/security-scans.yaml b/.github/workflows/security-scans.yaml index abbb8ae..a8f7ddd 100644 --- a/.github/workflows/security-scans.yaml +++ b/.github/workflows/security-scans.yaml @@ -305,16 +305,16 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: python queries: security-extended - name: Autobuild - uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: category: "/language:python" From be5b025bda9f9ddd736894775db3df1d0923ee5d Mon Sep 17 00:00:00 2001 From: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> Date: Wed, 1 Apr 2026 15:54:15 -0600 Subject: [PATCH 3/4] :pushpin: Pin to sha for workflow use Signed-off-by: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> --- .github/workflows/self-assign.yml | 2 +- .github/workflows/stale.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/self-assign.yml b/.github/workflows/self-assign.yml index a4130cf..77e2ded 100644 --- a/.github/workflows/self-assign.yml +++ b/.github/workflows/self-assign.yml @@ -17,6 +17,6 @@ permissions: jobs: self-assign: - uses: kagenti/.github/.github/workflows/self-assign-reusable.yml@main + uses: kagenti/.github/.github/workflows/self-assign-reusable.yml@679a2cd1cfde7eed742cf76e9f6608eb91cf1bdd # main secrets: ISSUE_ASSIGN_TOKEN: ${{ secrets.ISSUE_ASSIGN_TOKEN }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index b317f8c..e395c6d 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -18,4 +18,4 @@ permissions: jobs: stale: - uses: kagenti/.github/.github/workflows/stale.yaml@main + uses: kagenti/.github/.github/workflows/stale.yaml@679a2cd1cfde7eed742cf76e9f6608eb91cf1bdd # main From 357f22c53b453374bfcabd4d6307e75498502cd0 Mon Sep 17 00:00:00 2001 From: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> Date: Wed, 1 Apr 2026 15:56:06 -0600 Subject: [PATCH 4/4] :rewind: Revert incorrect version updates Signed-off-by: Evaline Ju <69598118+evaline-ju@users.noreply.github.com> --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c968991..c87cc69 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -71,7 +71,7 @@ jobs: - name: Extract Docker metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v5.6.1 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ghcr.io/${{ github.repository }}/plugins-adapter flavor: | @@ -81,7 +81,7 @@ jobs: type=raw,value=latest,enable=${{ github.ref_type == 'tag' }} - name: Build and push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v6.10.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . push: true