Skip to content

build(deps): bump rich from 13.7.1 to 15.0.0#16

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/rich-15.0.0
Closed

build(deps): bump rich from 13.7.1 to 15.0.0#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/rich-15.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps rich from 13.7.1 to 15.0.0.

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

... (truncated)

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

[14.3.4] - 2026-04-11

Changed

[14.3.3] - 2026-02-19

Fixed

[14.3.2] - 2026-02-01

Fixed

[14.3.1] - 2026-01-24

Fixed

[14.3.0] - 2026-01-24

Fixed

Added

... (truncated)

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 22, 2026
@cursor
Copy link
Copy Markdown

cursor Bot commented Apr 22, 2026
edited
Loading

PR Summary

Low Risk
Low risk dependency-only change, but rich 15 drops Python 3.8 support which could break installs or CI if 3.8 is still in use.

Overview
Bumps rich in requirements.txt from 13.7.1 to 15.0.0.

This is a dependency-only update; note that rich 15 includes a breaking change by dropping Python 3.8 support.

Reviewed by Cursor Bugbot for commit 5b8e97d. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 22, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedrich@​13.7.1 ⏵ 15.0.098 +1100100100100

View full report

cursor[bot]
cursor Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 8cae8cb. Configure here.

Comment thread requirements.txt
dspy-ai>=3.0.0,<4.0.0
typer==0.12.3
rich==13.7.1
rich==15.0.0
Copy link
Copy Markdown

@cursor cursor Bot Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lock files not updated to match new rich version

High Severity

requirements.txt pins rich==15.0.0 but both requirements.lock and requirements-dev.lock still pin rich==13.7.1. Any environment that installs from the lock files (likely CI and production) will get the old version, making the version bump ineffective and creating a mismatch between declared and actually-installed dependencies.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 8cae8cb. Configure here.

@haasonsaas haasonsaas mentioned this pull request Apr 22, 2026
Merged
7 tasks
@dependabot
build(deps): bump rich from 13.7.1 to 15.0.0
5b8e97d 
Bumps [rich](https://github.com/Textualize/rich) from 13.7.1 to 15.0.0.
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v13.7.1...v15.0.0)

---
updated-dependencies:
- dependency-name: rich
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/rich-15.0.0 branch from 8cae8cb to 5b8e97d Compare April 22, 2026 02:11
haasonsaas added a commit that referenced this pull request Apr 22, 2026
@haasonsaas @claude
deps: batched major-version updates + sync pre-commit hook pins (#21)
610f378 
Consolidates four Dependabot major-bump PRs. Each was individually
reviewed against actual usage in the codebase and found low-risk:

  #13  flask-limiter    3.8.0  -> 4.1.1
       Only uses Limiter(key_func=..., default_limits=...) and
       get_remote_address — both stable across 3.x -> 4.x.
       Smoke-tested orbit_agent.sms_server import: OK.

  #15  pre-commit       3.8.0  -> 4.6.0
       Requires Python >=3.9; our matrix is 3.11/3.12. Config schema
       in .pre-commit-config.yaml is compatible as-is.

  #16  rich             13.7.1 -> 15.0.0
       Only uses rich.console.Console and rich.table.Table in
       orbit_agent/cli.py — both stable.

  #18  gunicorn         22.0.0 -> 25.3.0
       Used only via README's CLI example; no Python imports.

Also syncs .pre-commit-config.yaml hook revs to match the repo's
own pinned tool versions:
  black:  24.8.0 -> 26.3.1
  ruff:   0.6.3  -> 0.15.11
Previously the hooks installed older black/ruff than the repo uses,
which could produce different formatting locally vs in CI.

Verified on Python 3.12:
  - pytest -q: 16/16 pass
  - ruff check .: clean
  - black --check .: clean
  - orbit_agent.sms_server imports cleanly with Flask-Limiter 4.x

The 4 corresponding Dependabot PRs (#13, #15, #16, #18) will
close automatically once this merges.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@haasonsaas
Copy link
Copy Markdown
Contributor

haasonsaas commented Apr 22, 2026

Superseded by #21 (deps: batched major-version updates). All four majors are now on main; this PR is redundant.

@haasonsaas haasonsaas closed this Apr 22, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 22, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/rich-15.0.0 branch April 22, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haasonsaas