From 0f348789160b6a919f2155584d251c69dc69883e Mon Sep 17 00:00:00 2001 From: "Jingjing Jia (from Dev Box)" Date: Thu, 7 May 2026 12:49:08 -0700 Subject: [PATCH] chore(deps): consolidate dependabot dependency updates Combines 12 open dependabot PRs into a single update: requirements-dev.txt: - anyio: 4.10.0 -> 4.12.1 (#1458) - attrs: 25.3.0 -> 26.1.0 (#1460) - azure-core: 1.38.0 -> 1.39.0 (#1438) - azure-identity: 1.25.1 -> 1.25.3 (#1438) - msal: 1.33.0 -> 1.36.0 (#1457) - multidict: 6.7.0 -> 6.7.1 (#1452) - PyJWT: 2.12.0 -> 2.12.1 (#1459) - tomli: 2.3.0 -> 2.4.1 (#1453) - tomlkit: 0.13.3 -> 0.14.0 (#1454) - tzdata: 2025.2 -> 2026.1 (#1455) - zipp: 3.23.0 -> 3.23.1 (#1456) GitHub Actions: - googleapis/release-please-action: v4 -> v5 (#1463) - dependabot/fetch-metadata: v3.0.0 -> v3.1.0 (#1451) Note: msal bump to 1.36.0 resolves the dependency conflict that caused PR #1438 to fail (azure-identity 1.25.3 requires msal>=1.35.1). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/auto-merge-dependabot.yml | 2 +- .github/workflows/release-please-gha.yml | 2 +- requirements-dev.txt | 22 ++++++++++----------- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index dc346e53b3..86539adf32 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v3.0.0 + uses: dependabot/fetch-metadata@v3.1.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release-please-gha.yml b/.github/workflows/release-please-gha.yml index 195010cc82..0b19b78d52 100644 --- a/.github/workflows/release-please-gha.yml +++ b/.github/workflows/release-please-gha.yml @@ -29,7 +29,7 @@ jobs: private-key: ${{ secrets.RELEASE_PLEASE_TOKEN_PROVIDER_PEM }} - name: Release Please - uses: googleapis/release-please-action@v4 + uses: googleapis/release-please-action@v5 with: token: ${{ steps.app-token.outputs.token }} config-file: release-please-config.json diff --git a/requirements-dev.txt b/requirements-dev.txt index 6687d0920a..51693a144f 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,11 +1,11 @@ aiohttp==3.13.5 aiosignal==1.4.0 -anyio==4.10.0 +anyio==4.12.1 astroid==3.3.11 async-timeout==5.0.1 -attrs==25.3.0 -azure-core==1.38.0 -azure-identity==1.25.1 +attrs==26.1.0 +azure-core==1.39.0 +azure-identity==1.25.3 build==1.4.3 bumpver==2025.1131 certifi==2025.8.3 @@ -40,10 +40,10 @@ microsoft-kiota-serialization-form==1.9.10 microsoft-kiota-serialization-json==1.9.10 microsoft-kiota-serialization-multipart==1.9.10 microsoft-kiota-serialization-text==1.9.10 -msal==1.33.0 +msal==1.36.0 msal-extensions==1.3.1 msgraph-core==1.3.8 -multidict==6.7.0 +multidict==6.7.1 mypy==1.19.1 mypy-extensions==1.1.0 opentelemetry-api==1.41.0 @@ -54,7 +54,7 @@ pathlib2==2.3.7.post1 platformdirs==4.4.0 portalocker==2.10.1 pycparser==2.23 -PyJWT==2.12.0 +PyJWT==2.12.1 pylint==3.3.9 pyproject_hooks==1.2.0 python-dateutil==2.9.0.post0 @@ -64,14 +64,14 @@ sniffio==1.3.1 std-uritemplate>=2.0.0 time-machine==2.19.0 toml==0.10.2 -tomli==2.3.0 +tomli==2.4.1 tomli_w==1.2.0 -tomlkit==0.13.3 +tomlkit==0.14.0 typing_extensions==4.15.0 -tzdata==2025.2 +tzdata==2026.1 uritemplate==4.2.0 urllib3==2.6.3 wrapt==1.17.3 yapf==0.43.0 yarl==1.22.0 -zipp==3.23.0 +zipp==3.23.1