Skip to content

fix(deps): bump uv lower bound to >=0.11.6 for GHSA-pjjw-68hj-v9mw#622

Merged
olivermeyer merged 2 commits into
release/v1.3.0from
chore/bump-uv-lower-bound-release-v1.3.0
May 4, 2026
Merged

fix(deps): bump uv lower bound to >=0.11.6 for GHSA-pjjw-68hj-v9mw#622
olivermeyer merged 2 commits into
release/v1.3.0from
chore/bump-uv-lower-bound-release-v1.3.0

Conversation

@olivermeyer
Copy link
Copy Markdown
Collaborator

@olivermeyer olivermeyer commented May 4, 2026

Why?
PR #620 (release/v1.3.0main) is blocked by a merge conflict caused by main bumping uv to >=0.11.6 (fixing GHSA-pjjw-68hj-v9mw) after the release branch was cut.

How?
Applies the same uv>=0.11.6 lower bound and extended CVE comment to release/v1.3.0 directly, so both sides of the merge become identical and git resolves the conflict automatically.

@olivermeyer @claude
fix(deps): bump uv lower bound to >=0.11.6 for GHSA-pjjw-68hj-v9mw
adfa2d3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 4, 2026 09:39
@olivermeyer olivermeyer requested a review from a team as a code owner May 4, 2026 09:39
@olivermeyer olivermeyer added the skip:test:long_running Skip long-running tests (≥5min) label May 4, 2026
@olivermeyer olivermeyer changed the base branch from release/v1.3.0 to main May 4, 2026 09:39

This comment was marked as outdated.

Sign in to view

@olivermeyer @claude
chore: revert uv.lock to release/v1.3.0 to avoid merge conflict with …
79c6a5e 
…main

The uv-lock hook updated uv.lock in the previous commit, which introduced
a new conflict with main's uv.lock. The original release branch lock
auto-merges cleanly with main, so we restore it here.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@olivermeyer olivermeyer changed the base branch from main to release/v1.3.0 May 4, 2026 09:45
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link
Copy Markdown

codecov Bot commented May 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

❗ There is a different number of reports uploaded between BASE (743f3bd) and HEAD (79c6a5e). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (743f3bd) HEAD (79c6a5e)
2 1

see 32 files with indirect coverage changes

@olivermeyer olivermeyer merged commit d66c597 into release/v1.3.0 May 4, 2026
25 of 26 checks passed
@olivermeyer olivermeyer deleted the chore/bump-uv-lower-bound-release-v1.3.0 branch May 4, 2026 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dima-aignostics dima-aignostics dima-aignostics approved these changes

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

skip:test:long_running Skip long-running tests (≥5min)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@olivermeyer @dima-aignostics