Skip to content

chore(deps): bump dev and runtime dependencies#86

Merged
NormallyGaussian merged 3 commits intomainfrom
chore/bump-dependencies
Apr 30, 2026
Merged

chore(deps): bump dev and runtime dependencies#86
NormallyGaussian merged 3 commits intomainfrom
chore/bump-dependencies

Conversation

@NormallyGaussian
Copy link
Copy Markdown
Contributor

@NormallyGaussian NormallyGaussian commented Apr 30, 2026

Summary

Consolidates the 8 open Dependabot lockfile bumps (#78#85) into one PR and pulls in additional available updates in the same pass. Held back:

  • parallel-web — saved for a separate PR (0.4.2 → 0.5.1 wants its own review).
  • pandas — kept on 2.x. The full upgrade pulled pandas 3.0.2 in for Python ≥ 3.11, which broke 4 tests in our duckdb/spark integrations (None vs nan handling). Worth doing as its own migration PR.

Notable bumps

  • pytest 9.0.2 → 9.0.3
  • requests 2.32.5 → 2.33.1
  • cryptography 46.0.3 → 47.0.0
  • pyopenssl 25.3.0 → 26.1.0
  • pyasn1 0.6.2 → 0.6.3
  • pygments 2.19.2 → 2.20.0
  • python-dotenv 1.2.1 → 1.2.2
  • tornado 6.5.4 → 6.5.5
  • ruff 0.14.14 → 0.15.12
  • ty 0.0.21 → 0.0.33
  • rich 14.2.0 → 15.0.0
  • pydantic 2.12.5 → 2.13.3
  • duckdb 1.4.3 → 1.5.2
  • polars 1.37.1 → 1.40.1
  • snowflake-connector-python 4.2.0 → 4.4.0
  • sqlalchemy 2.0.45 → 2.0.49
  • google-cloud-bigquery 3.40.0 → 3.41.0
  • pyarrow 23.0.0 → 24.0.0
  • pyinstaller 6.18.0 → 6.20.0

The new ty 0.0.33 flagged a return-type mismatch in parse_inline_data (json.loads-derived dict values are inferred as object); the fix is a one-line annotation/cast in parallel_web_tools/cli/commands.py.

Closes #78, #79, #80, #81, #82, #83, #84, #85.

Test plan

  • uv sync --all-extras
  • uv run pytest — 602 passed
  • uv run pre-commit run --all-files — ruff + ty pass
  • parallel-cli --version smoke test

@NormallyGaussian
chore(deps): bump dev and runtime dependencies
03d959b 
Consolidates the open dependabot lockfile bumps and pulls in additional
available updates in one pass. Held back parallel-web (saved for a
separate PR) and pandas (still on 2.x; 3.0 is a major release with
breaking changes for our integrations).

Notable bumps:
- pytest 9.0.2 -> 9.0.3
- requests 2.32.5 -> 2.33.1
- cryptography 46.0.3 -> 47.0.0
- pyopenssl 25.3.0 -> 26.1.0
- pyasn1 0.6.2 -> 0.6.3
- pygments 2.19.2 -> 2.20.0
- python-dotenv 1.2.1 -> 1.2.2
- tornado 6.5.4 -> 6.5.5
- ruff 0.14.14 -> 0.15.12
- ty 0.0.21 -> 0.0.33
- rich 14.2.0 -> 15.0.0
- pydantic 2.12.5 -> 2.13.3
- duckdb 1.4.3 -> 1.5.2
- polars 1.37.1 -> 1.40.1
- snowflake-connector-python 4.2.0 -> 4.4.0
- sqlalchemy 2.0.45 -> 2.0.49
- google-cloud-bigquery 3.40.0 -> 3.41.0

Type fix in cli/commands.py for new ty 0.0.33 narrowing of
json.loads-derived dict values.
@NormallyGaussian
chore(deps): tighten pyproject.toml floors to tested versions
951ca1a 
Bumps the lower bounds on direct deps so the manifest reflects what
we actually test against, instead of being a much looser floor than
reality.

Runtime:
- python-dotenv >=1.0.0 -> >=1.2.0
- click >=8.1.0 -> >=8.3.0
- rich >=13.0.0 -> >=15.0.0

Extras:
- polars >=1.37.0 -> >=1.40.0
- pyarrow >=18.0.0 -> >=24.0.0
- duckdb >=1.0.0 -> >=1.5.0
- snowflake-connector-python >=3.0.0 -> >=4.4.0
- sqlalchemy >=2.0.0 -> >=2.0.49

Dev:
- pytest >=8.0.0 -> >=9.0.0
- pytest-cov >=4.0.0 -> >=7.0.0
- pyinstaller >=6.0.0 -> >=6.20.0
- pre-commit >=4.0.0 -> >=4.6.0
- ruff >=0.14.0 -> >=0.15.0
- ty >=0.0.21 -> >=0.0.33
- ipykernel >=7.1.0 -> >=7.2.0

parallel-web and pandas held back per the previous commit.
@NormallyGaussian
chore(deps): walk back runtime/extras floor bumps
ffd8e27 
Keep dev-tooling floors tightened (we have a real reason: ty 0.0.33 is
required to catch the type narrowing fixed in this PR), but revert the
runtime + extras floors to their previous values.

We don't actually use new APIs from rich 15, click 8.3, polars 1.40,
pyarrow 24, duckdb 1.5, snowflake-connector-python 4.x, etc. Tighter
floors there would force downstream users to upgrade with no real
benefit, and the snowflake 3 -> 4 jump in particular would break
people still on 3.x.

Reverted floors:
- python-dotenv >=1.0.0
- click >=8.1.0
- rich >=13.0.0
- polars >=1.37.0
- pyarrow >=18.0.0
- duckdb >=1.0.0
- snowflake-connector-python >=3.0.0
- sqlalchemy >=2.0.0

Kept tightened (dev only): pytest, pytest-cov, pyinstaller, pre-commit,
ruff, ty, ipykernel.
@NormallyGaussian NormallyGaussian merged commit f812eec into main Apr 30, 2026
7 checks passed
@NormallyGaussian NormallyGaussian deleted the chore/bump-dependencies branch April 30, 2026 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NormallyGaussian