chore(nightly-dependency-updates): track openai-agents-v2 and threading in dep allowlist#779
chore(nightly-dependency-updates): track openai-agents-v2 and threading in dep allowlist#779liustve wants to merge 11 commits into
Conversation
|
Claude finished @liustve's task in 3m 41s —— View job Review
Findings The change is small and the rename A few observations, none blocking:
Nothing security-sensitive; no test coverage exists for these scripts (also pre-existing). |
The openai-agents-v2 package has independent versioning from upstream opentelemetry-python and contrib, so the nightly bot was leaving it stuck at whatever was committed to main. Add it to the independently-versioned list so it gets bumped automatically alongside the AWS-owned packages. Renamed AWS_DEPS -> INDEPENDENT_DEPS to reflect the broader scope.
0eabe80 to
637cb41
Compare
|
Claude finished @liustve's task in 3m 30s —— View job Review (sync update)
The prior review covered the main observations (refactor opportunity at One new finding from this sync that the previous pass didn't flag:
Nothing else security-sensitive; no test coverage exists for these scripts (pre-existing). |
5f15d58 to
637cb41
Compare
|
Claude finished @liustve's task in 1m 7s —— View job Review (sync update)
No new findings on this sync. The diff is unchanged since the last two review passes, and the four prior findings (refactor at |
|
Claude finished @liustve's task in 37s —— View job Review (sync update)
No new findings on this sync. The diff is identical to the previous review pass, and the four prior findings (refactor at |
|
Claude finished @liustve's task in 40s —— View job Review (sync update)
No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at |
|
Claude finished @liustve's task in 26s —— View job Review (sync update)
No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at |
|
Claude finished @liustve's task in 28s —— View job Review (sync update)
No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at |
Summary
Two packages weren't being bumped by the nightly dependency bot:
opentelemetry-instrumentation-openai-agents-v2— has independent versioning from upstreamopentelemetry-python/opentelemetry-python-contrib, so the bot left it pinned to whatever was committed tomain.opentelemetry-instrumentation-threading— was missing from the bot's contrib allowlist entirely. This caused Nightly dependency update: OpenTelemetry 1.42.1/0.63b1 #762 to fail CI: every other contrib instrumentation was bumped to0.63b1while threading stayed at0.61b0, and threading transitively pinsopentelemetry-instrumentation==0.61b0, conflicting with the==0.63b1pin everywhere else.Changes:
opentelemetry-instrumentation-threadingtoCONTRIB_DEPSinscripts/update_dependencies.pyopentelemetry-instrumentation-openai-agents-v2to a newINDEPENDENT_DEPSlist (renamed fromAWS_DEPSsince it now covers more than AWS-owned packages)OPENTELEMETRY_INSTRUMENTATION_OPENAI_AGENTS_V2_VERSION) throughscripts/get_upstream_versions.pyand the nightly workflowExtracted from #762 so the version-bump PR doesn't carry tooling changes.
Test plan