chore: Update dependencies

[m1so]

Summary by CodeRabbit

• Chores
  • Pinned core database packages to the 1.4.x LTS line and added ujson and idna to project dependencies.
  • Expanded CI dependency-audit ignore list to include PYSEC-2026-113 so audit runs account for this vulnerability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: bb091eff-4aca-49d7-b868-ff7fdef687dd

📥 Commits

Reviewing files that changed from the base of the PR and between 9e3a709 and b60f292.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

---

📝 Walkthrough

Walkthrough

Pinned DuckDB core and its extensions to the 1.4.x LTS line and added ujson and idna to [project].dependencies in pyproject.toml. Extended the CI pip-audit ignore-vulns anchor to include PYSEC-2026-113 so both the production audit and the Audit - All job ignore that vulnerability.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• deepnote/deepnote-toolkit#100: Both PRs update [project].dependencies in pyproject.toml by adding or bumping third-party package versions.

Suggested reviewers

• tkislan
• saltenasl
• mfranczel

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	Title 'chore: Update dependencies' is generic and doesn't specify which dependencies or what the main change is, though it's technically related to the changeset.	Consider a more specific title like 'chore: Update DuckDB to 1.4.x LTS and add dependency pins' to clarify the primary changes.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Updates Docs	✅ Passed	PR updates dependencies and CI config, not implementing a feature; documentation update requirement only applies to feature implementations.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Python package built successfully!

• Version: 2.3.0.dev6+2e64160
• Wheel: deepnote_toolkit-2.3.0.dev6+2e64160-py3-none-any.whl
• Install:

  pip install "deepnote-toolkit @ https://deepnote-staging-runtime-artifactory.s3.amazonaws.com/deepnote-toolkit-packages/2.3.0.dev6%2B2e64160/deepnote_toolkit-2.3.0.dev6%2B2e64160-py3-none-any.whl"

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.09%. Comparing base (b5abbd5) to head (2e4abf7).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #103   +/-   ##
=======================================
  Coverage   74.09%   74.09%           
=======================================
  Files          95       95           
  Lines        5678     5678           
  Branches      843      843           
=======================================
  Hits         4207     4207           
  Misses       1195     1195           
  Partials      276      276           

Flag	Coverage Δ
combined	74.09% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[deepnote-bot]

🚀 Review App Deployment Started

📝 Description	🌐 Link / Info
🌍 Review application	ra-103
🔑 Sign-in URL	Click to sign-in
📊 Application logs	View logs
🔄 Actions	Click to redeploy
🚀 ArgoCD deployment	View deployment
⏰ Last deployed	2026-05-28 09:31:13 (UTC)
📜 Deployed commit	20c85fd7d7738fb004cf748cb98cb2a77d235c02
🛠️ Toolkit version	2e64160

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pyproject.toml`:
- Around line 58-60: Consolidate the redundant duckdb dependency entries in
pyproject.toml: replace the three duplicate lines specifying
"duckdb>=1.4.2,<1.5.0" with a single dependency line (e.g.,
"duckdb>=1.4.2,<1.5.0") and remove the overlapping environment markers
("python_version >= '3.12'" and "python_version >= '3.13'") so only one
canonical entry for duckdb remains.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a85132d5-3664-4b92-9b99-efd8f313ef31

📥 Commits

Reviewing files that changed from the base of the PR and between c1cae1a and 9e3a709.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• pyproject.toml