Skip to content

chore(deps): batch dependabot updates#483

Closed
leandrodamascena wants to merge 8 commits into
mainfrom
chore/batch-dependabot-updates
Closed

chore(deps): batch dependabot updates#483
leandrodamascena wants to merge 8 commits into
mainfrom
chore/batch-dependabot-updates

Conversation

@leandrodamascena

Copy link
Copy Markdown
Contributor

Summary

Batched into one PR to avoid merging one by one. The individual Dependabot PRs are left open so Dependabot closes them automatically once their changes land on main.

Test plan

  • CI passes (lock files and workflow pinned versions only)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

dependabot Bot and others added 8 commits June 19, 2026 23:50
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.1...v2.14.2)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.14.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 48.0.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pyjwt
  dependency-version: 2.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-multipart
  dependency-version: 0.0.31
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 1.3.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
  dependency-group: uv
- dependency-name: msgpack
  dependency-version: 1.2.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
…ith 9 updates

Bumps the github-actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |
| [actions/cache/restore](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.2.0` | `6.2.1` |
| [actions/cache/save](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `c0fc915677567258ee3c194d03ffe7ae3dc8d741` | `9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `c0fc915677567258ee3c194d03ffe7ae3dc8d741` | `9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `3.0.0` | `3.0.1` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |



Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

Updates `actions/cache/restore` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `aws-actions/configure-aws-credentials` from 6.2.0 to 6.2.1
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@e7f100c...254c19b)

Updates `actions/cache/save` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `github/codeql-action/init` from c0fc915677567258ee3c194d03ffe7ae3dc8d741 to 9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c0fc915...9cea582)

Updates `github/codeql-action/analyze` from c0fc915677567258ee3c194d03ffe7ae3dc8d741 to 9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c0fc915...9cea582)

Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@b430933...718ea10)

Updates `github/codeql-action/upload-sarif` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache/restore
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/cache/save
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 9cea5827c668a1fe7165dbce6e80c3f9cf3f83ac
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
…ith 6 updates

Bumps the evaluator-deps group with 6 updates in the /scripts/aidlc-evaluator directory:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.43.31` | `1.43.36` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.1.0` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.20` |
| [semgrep](https://github.com/semgrep/semgrep) | `1.166.0` | `1.168.0` |
| [strands-agents](https://github.com/strands-agents/harness-sdk) | `1.44.0` | `1.45.0` |
| [strands-agents-tools](https://github.com/strands-agents/tools) | `0.8.1` | `0.8.2` |



Updates `boto3` from 1.43.31 to 1.43.36
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.31...1.43.36)

Updates `pytest` from 9.1.0 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `semgrep` from 1.166.0 to 1.168.0
- [Release notes](https://github.com/semgrep/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.166.0...v1.168.0)

Updates `strands-agents` from 1.44.0 to 1.45.0
- [Release notes](https://github.com/strands-agents/harness-sdk/releases)
- [Commits](strands-agents/harness-sdk@python/v1.44.0...python/v1.45.0)

Updates `strands-agents-tools` from 0.8.1 to 0.8.2
- [Release notes](https://github.com/strands-agents/tools/releases)
- [Commits](strands-agents/tools@v0.8.1...v0.8.2)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
- dependency-name: semgrep
  dependency-version: 1.168.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: evaluator-deps
- dependency-name: strands-agents
  dependency-version: 1.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: evaluator-deps
- dependency-name: strands-agents-tools
  dependency-version: 0.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
…-actions-9f592c4787' into chore/batch-dependabot-updates
…review/uv-72d8a80032' into chore/batch-dependabot-updates
…uator/pydantic-settings-2.14.2' into chore/batch-dependabot-updates
…uator/evaluator-deps-1c49338a31' into chore/batch-dependabot-updates
@leandrodamascena leandrodamascena requested a review from a team as a code owner July 3, 2026 09:00
@github-actions github-actions Bot added the github label Jul 3, 2026
auto-merge was automatically disabled July 7, 2026 11:59

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant