Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several dependencies in the test/uv.lock file, including major version bumps for cffi and urllib3, and adds pynacl to the test/pyproject.toml dependencies. Feedback was provided regarding an inconsistency where the specific version updates for requests and urllib3 in the lock file are not reflected in test/pyproject.toml, which could lead to synchronization issues.
| { name = "requests", specifier = "==2.32.4" }, | ||
| { name = "taos-ws-py", specifier = ">=0.6.8" }, | ||
| { name = "taospy", specifier = ">=2.8.9" }, | ||
| { name = "threadpool", specifier = ">=1.3.2" }, | ||
| { name = "toml", specifier = ">=0.10.2" }, | ||
| { name = "tomli", specifier = "==2.2.1" }, | ||
| { name = "urllib3", specifier = "==1.26.20" }, | ||
| { name = "urllib3", specifier = "==2.5.0" }, |
There was a problem hiding this comment.
The specifier values for requests and urllib3 in the lock file have been updated to ==2.32.4 and ==2.5.0 respectively, but these changes are not reflected in the test/pyproject.toml file. This inconsistency will cause uv to report that the lock file is out of sync. Please ensure test/pyproject.toml is updated to match these versions.
There was a problem hiding this comment.
Pull request overview
Updates the test framework’s Python dependency set to explicitly require a newer PyNaCl version (likely for security/compliance), with the lockfile regenerated accordingly.
Changes:
- Add
pynacl>=1.6.2totest/pyproject.toml. - Regenerate
test/uv.lock, updating PyNaCl and multiple resolved/transitive packages and resolution markers.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| test/pyproject.toml | Adds an explicit PyNaCl dependency requirement. |
| test/uv.lock | Updates the resolved dependency graph and markers to match the updated requirements. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| requires-python = ">=3.9" | ||
| dependencies = [ | ||
| "asyncssh>=2.20.0", | ||
| "pynacl>=1.6.2", |
There was a problem hiding this comment.
pynacl is added to pyproject.toml, but the documented install path for the test framework uses pip3 install -r requirements.txt (see test/README.md). test/requirements.txt currently doesn't include pynacl, so environments set up per the docs/CI won't actually get this security upgrade. Please either add pynacl>=1.6.2 to test/requirements.txt as well, or update the install instructions/tooling to install from pyproject.toml/uv.lock instead of requirements.txt so dependencies stay in sync.
Description
Issue(s)
Checklist
Please check the items in the checklist if applicable.