Skip to content

[py] Bump dependencies#17368

Merged
cgoldberg merged 2 commits into
SeleniumHQ:trunkfrom
cgoldberg:py-bump-deps
Apr 22, 2026
Merged

[py] Bump dependencies#17368
cgoldberg merged 2 commits into
SeleniumHQ:trunkfrom
cgoldberg:py-bump-deps

Conversation

@cgoldberg
Copy link
Copy Markdown
Member

@cgoldberg cgoldberg commented Apr 22, 2026

🔗 Related Issues

Fixes https://github.com/SeleniumHQ/selenium/security/dependabot/325

💥 What does this PR do?

  • updates direct and transitive dependencies for Dev/CI
  • updates certifi in packaging dependencies
  • generates new requirements lock file
  • updates multitool binaries

🤖 AI assistance

  • No substantial AI assistance used
  • AI assisted (complete below)
    • Tool(s):
    • What was generated:
    • I reviewed all AI output and can explain the change

🔄 Types of changes

  • Dev/CI/Packaging

@cgoldberg cgoldberg self-assigned this Apr 22, 2026
@cgoldberg cgoldberg added C-py Python Bindings B-build Includes scripting, bazel and CI integrations labels Apr 22, 2026
@qodo-code-review
Copy link
Copy Markdown
Contributor

qodo-code-review Bot commented Apr 22, 2026

Review Summary by Qodo

✨ Enhancement

Grey Divider

Walkthroughs

Description 
• Updates ruff from 0.15.10 to 0.15.11 with new checksums
• Bumps multiple dev/CI dependencies to latest versions
• Updates certifi requirement from 2026.1.4 to 2026.2.25
• Regenerates requirements lock file with all transitive dependencies

Grey Divider

File Changes

1. multitool.lock.json Dependencies +10/-10

Update ruff binaries to 0.15.11

• Updates ruff binary downloads from version 0.15.10 to 0.15.11
• Updates SHA256 checksums for all five platform-specific ruff binaries (Linux ARM64/x86_64, macOS
 ARM64/x86_64, Windows x86_64)

multitool.lock.json

2. py/requirements.txt Dependencies +13/-13

Bump all dev/CI dependencies to latest

• Updates 20+ development and CI dependencies to their latest versions
• Notable updates: rich (14.3.3 → 15.0.0), mypy (1.20.0 → 1.20.2), packaging (26.0 → 26.1), filelock
 (3.25.2 → 3.29.0)
• Updates type stubs and utility packages across the board

py/requirements.txt

3. py/pyproject.toml Dependencies +3/-3

Update package dependencies and tool versions

• Updates certifi requirement from 2026.1.4 to 2026.2.25 in dependencies
• Updates ruff lint dependency from 0.15.9 to 0.15.11
• Updates packaging validate dependency from 26.0 to 26.1

py/pyproject.toml

View more (2)
4. py/BUILD.bazel Dependencies +1/-1

Update certifi requirement in Bazel build

• Updates certifi requirement constraint from 2026.1.4 to 2026.2.25 in py_wheel target

py/BUILD.bazel

5. py/requirements_lock.txt Dependencies +341/-343

Regenerate requirements lock file

• Regenerated lock file reflecting all transitive dependency updates

py/requirements_lock.txt

Grey Divider

Qodo Logo

@qodo-code-review
Copy link
Copy Markdown
Contributor

qodo-code-review Bot commented Apr 22, 2026
edited
Loading

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider


Advisory comments

1. Non-canonical package casing 🐞 Bug ⚙ Maintainability
Description 
py/requirements.txt uses a mixed-case package name (types-PySocks) while the generated lockfile
normalizes it (types-pysocks), which can cause confusion and unnecessary churn when reconciling
requirements vs lock output. Standardizing the name in py/requirements.txt to the normalized form
avoids this mismatch.
Code

py/requirements.txt[64]

+types-PySocks==1.7.1.20260408
Evidence 
The direct requirements pin uses mixed casing, but the lockfile entry for the same pinned version is
normalized to lowercase with hyphens. The repo’s dependency update script also lowercases names for
lookups, reinforcing that normalized naming is the intended convention.

py/requirements.txt[63-66]
py/requirements_lock.txt[1183-1191]
scripts/update_py_deps.py[22-32]
scripts/update_py_deps.py[64-72]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`py/requirements.txt` pins `types-PySocks`, but the generated lockfile normalizes the same dependency to `types-pysocks`. This inconsistency is harmless at runtime but creates confusion and can lead to noisy diffs or brittle string-based checks.

### Issue Context
The lockfile is generated (via `compile_pip_requirements` / pip tooling) and will keep emitting normalized distribution names.

### Fix Focus Areas
- py/requirements.txt[63-66]

### Proposed fix
Change the requirement line to use the normalized distribution name:
- `types-PySocks==1.7.1.20260408` -> `types-pysocks==1.7.1.20260408`

(Optionally, normalize other mixed-case entries similarly over time, but this PR can scope to the changed line.)

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Grey Divider

Qodo Logo

@cgoldberg cgoldberg merged commit 5773a5d into SeleniumHQ:trunk Apr 22, 2026
32 checks passed
@cgoldberg cgoldberg deleted the py-bump-deps branch April 22, 2026 02:43
This was referenced May 13, 2026
Open
Open
Open
Open
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cgoldberg cgoldberg

Labels

B-build Includes scripting, bazel and CI integrations C-py Python Bindings

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cgoldberg