Skip to content

[codex] Refresh safe Python dependencies#333

Open
synfinner wants to merge 1 commit into
mainfrom
chore/dependency-sweep-2026-06-15
Open

[codex] Refresh safe Python dependencies#333
synfinner wants to merge 1 commit into
mainfrom
chore/dependency-sweep-2026-06-15

Conversation

@synfinner

Copy link
Copy Markdown
Owner

Summary

  • Update flask-cors from 6.0.4 to 6.0.5.
  • Update pytest from 9.0.3 to 9.1.0.
  • Keep redis pinned at 7.4.0 because 8.0.0 is a major release with runtime-sensitive connection, retry, timeout, and protocol-default changes.

Security

pip-audit reported no known vulnerabilities before or after this sweep, so this PR does not claim any CVE mitigation. The flask-cors update does move off a yanked 6.0.4 release that upstream replaced after a Blueprint typing regression.

Breaking-change risk and migrations

  • flask-cors 6.0.5: patch release superseding 6.0.4; no runtime migration identified for this repo's CORS(app) usage.
  • pytest 9.1.0: release notes include doctest/autouse-fixture and deprecation notes; repo search found no doctest collection usage or matching deprecated pytest patterns.
  • redis 8.0.0: deferred. KEVin imports Redis directly for cache setup and cache operations, and redis-py 8.0.0 changes connection defaults, retry behavior, timeout behavior, and RESP protocol defaults. That should be handled as a separate migration.

Verification

  • Fresh Python 3.12.12 venv install from requirements.txt
  • pip check
  • pip list --outdated --format=json returned only redis==7.4.0 -> 8.0.0
  • pip-audit -r requirements.txt
  • python -m py_compile kevin.py nvd_processor.py update.py schema/api.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant