Closed dependabot[bot] closed 6 days ago
This PR does not seem to contain any modification to coverable code.
Note that urllib3
is an indirect dependency (i.e. we do not use anything from it directly) and so packaging guidelines say that we shouldn't constrain its version directly.
I don't see a sensible way to incorporate this fix beyond waiting for one of our dependencies to require it.
Note that
urllib3
is an indirect dependency (i.e. we do not use anything from it directly) and so packaging guidelines say that we shouldn't constrain its version directly.
I think we don't, at least not in the way the docs are talking about. It isn't in our list of dependencies (pyproject.toml
), but it is in the full pinned requirements.txt
.
I don't see a sensible way to incorporate this fix beyond waiting for one of our dependencies to require it.
If this PR doesn't break anything I think we can merge.
If this PR doesn't break anything I think we can merge.
We can merge it, but since it's only changing the auto-generated requirements.txt
files, it will be reverted the next time the update_python_dependencies
workflow runs.
We can merge it, but since it's only changing the auto-generated requirements.txt files, it will be reverted the next time the update_python_dependencies workflow runs.
Ah, yes. It might not if other packages don't have strict upper bounds, but I suppose that is out of our control.
@JimMadge : I've found that constraints on dependencies can be specified in another file that only applies to packages that were going to be installed anyway. Added to this PR - let me know what you think.
Bumps urllib3 from 2.2.1 to 2.2.2.
Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
27e2a5c
Release 2.2.2 (#3406)accff72
Merge pull request from GHSA-34jh-p97f-mpxf34be4a5
Pin CFFI to a new release candidate instead of a Git commit (#3398)da41058
Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)b07a669
Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)b8589ec
Measure coverage with v4 of artifact actions (#3394)f3bdc55
Allow triggering CI manually (#3391)5239265
Fix HTTP version in debug log (#3316)b34619f
Bump actions/checkout to 4.1.4 (#3387)9961d14
Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show