Skip to content

fix(ci): update audited dependencies#270

Merged
BANANASJIM merged 1 commit into
masterfrom
fix/dependency-audit-click-pillow
Jul 17, 2026
Merged

fix(ci): update audited dependencies#270
BANANASJIM merged 1 commit into
masterfrom
fix/dependency-audit-click-pillow

Conversation

@BANANASJIM

Copy link
Copy Markdown
Owner

What

Update the locked Click and Pillow versions used by development and CI.

Why

The dependency audit reported PYSEC-2026-2132 for Click 8.3.1 and eight
PYSEC-2026-* advisories for Pillow 12.2.0.

How

Regenerate only the affected entries with:

uv lock --upgrade-package click --upgrade-package pillow

This updates Click to 8.4.2 and Pillow to 12.3.0 without changing project dependency
constraints or any other locked package.

Test plan

  • CI-equivalent pip-audit: no known vulnerabilities found, one existing Pygments advisory ignored
  • pixi run check: 3104 passed, 6 skipped, 93.25% coverage
  • Pre-push E2E smoke suite: 26 passed

@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ddddb3c0-ba12-4a31-b3fa-5b7e5ed878c3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/dependency-audit-click-pillow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@BANANASJIM
BANANASJIM merged commit dd8de12 into master Jul 17, 2026
17 checks passed
@BANANASJIM
BANANASJIM deleted the fix/dependency-audit-click-pillow branch July 17, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant