From 21c582b2ae49b343c4c1f54c17b3e906b600b8af Mon Sep 17 00:00:00 2001 From: "Gavin Barron (from Dev Box)" Date: Thu, 21 May 2026 10:54:12 -0700 Subject: [PATCH 1/2] chore(deps-dev): consolidate dependabot dependency updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bump the following dev dependencies: - aiohttp: 3.12.15 → 3.13.5 - anyio: 4.10.0 → 4.13.0 - attrs: 25.3.0 → 26.1.0 - cryptography: 46.0.5 → 48.0.0 - dill: 0.4.0 → 0.4.1 - idna: 3.10 → 3.15 - opentelemetry-api: 1.38.0 → 1.42.0 - opentelemetry-sdk: 1.38.0 → 1.42.0 - opentelemetry-semantic-conventions: 0.59b0 → 0.63b0 - requests: 2.32.5 → 2.33.0 - tomlkit: 0.13.3 → 0.15.0 - tzdata: 2025.2 → 2026.2 Consolidates PRs #1047, #1050, #1051, #1052, #1053, #1054, #1055, #1056, #1057, #1059 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- requirements-dev.txt | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index de10282b4f9..959fc7d8114 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,9 +1,9 @@ -aiohttp==3.12.15 +aiohttp==3.13.5 aiosignal==1.4.0 -anyio==4.10.0 +anyio==4.13.0 astroid==3.3.11 async-timeout==5.0.1 -attrs==25.3.0 +attrs==26.1.0 azure-core==1.36.0 azure-identity==1.25.1 build==1.3.0 @@ -12,9 +12,9 @@ certifi==2025.8.3 cffi==2.0.0 click==8.1.8 colorama==0.4.6 -cryptography==46.0.5 +cryptography==48.0.0 Deprecated==1.2.18 -dill==0.4.0 +dill==0.4.1 docutils==0.22 flit==3.12.0 flit_core==3.12.0 @@ -25,7 +25,7 @@ hpack==4.1.0 httpcore==1.0.9 httpx==0.28.1 hyperframe==6.1.0 -idna==3.10 +idna==3.15 importlib-metadata==6.8.0 isort==6.0.1 lazy-object-proxy==1.12.0 @@ -45,9 +45,9 @@ msgraph-core==1.3.8 multidict==6.7.0 mypy==1.17.1 mypy-extensions==1.1.0 -opentelemetry-api==1.38.0 -opentelemetry-sdk==1.38.0 -opentelemetry-semantic-conventions==0.59b0 +opentelemetry-api==1.42.0 +opentelemetry-sdk==1.42.0 +opentelemetry-semantic-conventions==0.63b0 packaging==25.0 pathlib2==2.3.7.post1 platformdirs==4.4.0 @@ -57,7 +57,7 @@ PyJWT==2.9.0 pylint==3.3.8 pyproject_hooks==1.2.0 python-dateutil==2.9.0.post0 -requests==2.32.5 +requests==2.33.0 six==1.17.0 sniffio==1.3.1 std-uritemplate==2.0.0 @@ -65,9 +65,9 @@ time-machine==2.19.0 toml==0.10.2 tomli==2.2.1 tomli_w==1.2.0 -tomlkit==0.13.3 +tomlkit==0.15.0 typing_extensions==4.15.0 -tzdata==2025.2 +tzdata==2026.2 uritemplate==4.2.0 urllib3==2.6.0 wrapt==1.17.3 From 56c3394a82772019d13230adb63999aefe861db0 Mon Sep 17 00:00:00 2001 From: "Gavin Barron (from Dev Box)" Date: Thu, 21 May 2026 10:56:21 -0700 Subject: [PATCH 2/2] chore: group remaining dependabot updates with catch-all pattern Add an 'other-dependencies' group with a wildcard pattern to catch all packages not already matched by a specific group. This reduces individual PRs for ungrouped packages like requests, idna, attrs, cryptography, etc. into a single grouped PR. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bb4997d6e6a..e931cdfaa7a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,6 +22,9 @@ updates: flit: patterns: - "*flit*" + other-dependencies: + patterns: + - "*" - package-ecosystem: github-actions directory: "/" schedule: