codeflash-admin/codeflash-agent
1
0
Fork 0
mirror of https://github.com/codeflash-ai/codeflash-agent.git synced 2026-05-04 18:25:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix Dependabot resolver and bump GitPython for security (#42)

Browse source 
* Fix Dependabot security updates and bump GitPython to 3.1.47+

Dependabot's uv ecosystem resolver was inferring Python 3.9 from the
workspace root's requires-python, then failing because sub-packages
require >=3.12. Adding .python-version=3.12 tells the resolver to use
a compatible Python. Also bumps gitpython>=3.1.47 to resolve the two
open security advisories (GHSA unsafe option check, command injection).

* Bump codeflash-core and codeflash-python versions for release
This commit is contained in:
Kevin Turcios 2026-04-28 20:28:42 -05:00 committed by GitHub
parent 0ad5e60523
commit 1e8cbbede4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 18 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.python-version Normal file
View file

@ -0,0 +1 @@
3.12

3
packages/codeflash-core/changelogs/fix-dependabot-python-version.md Normal file
View file

@ -0,0 +1,3 @@
### Fixes
- Bump gitpython>=3.1.47 to resolve security advisories (unsafe option check, command injection)

4
packages/codeflash-core/pyproject.toml
View file

@ -1,10 +1,10 @@
[project] [project]
name = "codeflash-core" name = "codeflash-core"
version = "0.1.0" version = "0.1.1.dev0"
requires-python = ">=3.9" requires-python = ">=3.9"
dependencies = [ dependencies = [
"attrs>=26.1.0", "attrs>=26.1.0",
"gitpython>=3.1.0", "gitpython>=3.1.47",
"posthog>=3.0.0", "posthog>=3.0.0",
"requests>=2.32.0", "requests>=2.32.0",
"sentry-sdk>=2.0.0", "sentry-sdk>=2.0.0",

3
packages/codeflash-python/changelogs/fix-dependabot-python-version.md Normal file
View file

@ -0,0 +1,3 @@
### Fixes
- Bump gitpython>=3.1.47 to resolve security advisories (unsafe option check, command injection)

4
packages/codeflash-python/pyproject.toml
View file

@ -1,12 +1,12 @@
[project] [project]
name = "codeflash-python" name = "codeflash-python"
version = "0.1.1.dev0" version = "0.1.2.dev0"
requires-python = ">=3.9" requires-python = ">=3.9"
dependencies = [ dependencies = [
"codeflash-core", "codeflash-core",
"coverage[toml]>=7.0", "coverage[toml]>=7.0",
"dill>=0.3", "dill>=0.3",
"gitpython>=3.1", "gitpython>=3.1.47",
"isort>=5.0", "isort>=5.0",
"jedi>=0.19", "jedi>=0.19",
"junitparser>=3.2", "junitparser>=3.2",

14
uv.lock
View file

@ -602,7 +602,7 @@ requires-dist = [
[[package]] [[package]]
name = "codeflash-core" name = "codeflash-core"
version = "0.1.0" version = "0.1.1.dev0"
source = { editable = "packages/codeflash-core" } source = { editable = "packages/codeflash-core" }
dependencies = [ dependencies = [
{ name = "attrs" }, { name = "attrs" },
@ -616,7 +616,7 @@ dependencies = [
[package.metadata] [package.metadata]
requires-dist = [ requires-dist = [
{ name = "attrs", url = "https://github.com/KRRT7/attrs/releases/download/26.1.0.post1/attrs-26.1.0.post1-py3-none-any.whl" }, { name = "attrs", url = "https://github.com/KRRT7/attrs/releases/download/26.1.0.post1/attrs-26.1.0.post1-py3-none-any.whl" },
{ name = "gitpython", specifier = ">=3.1.0" }, { name = "gitpython", specifier = ">=3.1.47" },
{ name = "platformdirs", specifier = ">=4.0.0" }, { name = "platformdirs", specifier = ">=4.0.0" },
{ name = "posthog", specifier = ">=3.0.0" }, { name = "posthog", specifier = ">=3.0.0" },
{ name = "requests", specifier = ">=2.32.0" }, { name = "requests", specifier = ">=2.32.0" },
@ -648,7 +648,7 @@ requires-dist = [{ name = "codeflash-core", editable = "packages/codeflash-core"
[[package]] [[package]]
name = "codeflash-python" name = "codeflash-python"
version = "0.1.1.dev0" version = "0.1.2.dev0"
source = { editable = "packages/codeflash-python" } source = { editable = "packages/codeflash-python" }
dependencies = [ dependencies = [
{ name = "codeflash-core" }, { name = "codeflash-core" },
@ -676,7 +676,7 @@ requires-dist = [
{ name = "coverage", extras = ["toml"], specifier = ">=7.0" }, { name = "coverage", extras = ["toml"], specifier = ">=7.0" },
{ name = "crosshair-tool", marker = "python_full_version < '3.15'", specifier = ">=0.0.78" }, { name = "crosshair-tool", marker = "python_full_version < '3.15'", specifier = ">=0.0.78" },
{ name = "dill", specifier = ">=0.3" }, { name = "dill", specifier = ">=0.3" },
{ name = "gitpython", specifier = ">=3.1" }, { name = "gitpython", specifier = ">=3.1.47" },
{ name = "isort", specifier = ">=5.0" }, { name = "isort", specifier = ">=5.0" },
{ name = "jedi", specifier = ">=0.19" }, { name = "jedi", specifier = ">=0.19" },
{ name = "junitparser", specifier = ">=3.2" }, { name = "junitparser", specifier = ">=3.2" },
@ -1451,14 +1451,14 @@ wheels = [
[[package]] [[package]]
name = "gitpython" name = "gitpython"
version = "3.1.46" version = "3.1.49"
source = { registry = "https://pypi.org/simple" } source = { registry = "https://pypi.org/simple" }
dependencies = [ dependencies = [
{ name = "gitdb" }, { name = "gitdb" },
] ]
sdist = { url = "https://files.pythonhosted.org/packages/df/b5/59d16470a1f0dfe8c793f9ef56fd3826093fc52b3bd96d6b9d6c26c7e27b/gitpython-3.1.46.tar.gz", hash = "sha256:400124c7d0ef4ea03f7310ac2fbf7151e09ff97f2a3288d64a440c584a29c37f", size = 215371, upload-time = "2026-01-01T15:37:32.073Z" } sdist = { url = "https://files.pythonhosted.org/packages/e1/63/210aaa302d6a0a78daa67c5c15bbac2cad361722841278b0209b6da20855/gitpython-3.1.49.tar.gz", hash = "sha256:42f9399c9eb33fc581014bedd76049dfbaf6375aa2a5754575966387280315e1", size = 219367, upload-time = "2026-04-29T00:31:20.478Z" }
wheels = [ wheels = [
{ url = "https://files.pythonhosted.org/packages/6a/09/e21df6aef1e1ffc0c816f0522ddc3f6dcded766c3261813131c78a704470/gitpython-3.1.46-py3-none-any.whl", hash = "sha256:79812ed143d9d25b6d176a10bb511de0f9c67b1fa641d82097b0ab90398a2058", size = 208620, upload-time = "2026-01-01T15:37:30.574Z" }, { url = "https://files.pythonhosted.org/packages/fd/6f/b842bfa6f21d6f87c57f9abf7194225e55279d96d869775e19e9f7236fc5/gitpython-3.1.49-py3-none-any.whl", hash = "sha256:024b0422d7f84d15cd794844e029ffebd4c5d42a7eb9b936b458697ef550a02c", size = 212190, upload-time = "2026-04-29T00:31:18.412Z" },
] ]
[[package]] [[package]]