bump dependencies to make dependabot happier#303
Conversation
|
@claude review this change |
|
Claude finished @yangm2's task in 1m 45s —— View job Code Review
This is a straightforward dependency maintenance PR. Only lock files are modified — no changes to Frontend (
|
| Package | Old | New | Notes |
|---|---|---|---|
google-cloud-vectorsearch |
0.5.0 | 0.7.0 | Two minor versions — larger jump |
langsmith |
0.7.6 | 0.7.16 | Ten patch versions |
openai |
2.21.0 | 2.26.0 | Five minor versions |
websockets |
15.0.1 | 16.0 | Major version bump |
grpcio / grpcio-status |
1.78.1 | 1.78.0 | Downgrade (minor) |
websockets 15.0.1 → 16.0: This is a major version. websockets 16.0 did introduce some API changes, but since it's a transitive dependency (pulled in via Google Cloud / gRPC libs), this should be fine as long as the consuming libraries have been updated accordingly — which they appear to have been.
grpcio / grpcio-status 1.78.1 → 1.78.0: A minor version downgrade. This is expected when dependency resolution changes; 1.78.0 is the version that satisfies all updated constraints. Not a concern.
Overall Assessment
The changes look correct and appropriate. All hashes/integrity values are updated consistently in the lock files. Since only lock files were modified, it'd be worth confirming CI passes to validate nothing regressed. The PR directly targets the 5 dependabot alerts mentioned in the description.
LGTM once CI is green. ✓
3 participants
What type of PR is this? (check all applicable)
Description
address ...
Related Tickets & Documents
QA Instructions, Screenshots, Recordings
Please replace this line with instructions on how to test your changes, a note on the devices and browsers this has been tested on, as well as any relevant images for UI changes.
Added/updated tests?
Documentation
Architecture.mdhas been updated[optional] Are there any post deployment tasks we need to perform?