chore(deps): bump rich from 14.1.0 to 14.3.2

[dependabot]

Bumps rich from 14.1.0 to 14.3.2.

Release notes

Sourced from rich's releases.

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

The Easy as Pi release

This release bumps Python compatibility to the just-released Python 3.14.

... (truncated)

Changelog

Sourced from rich's changelog.

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

[14.2.0] - 2025-10-09

Changed

• Python3.14 compatibility Textualize/rich#3861

Fixed

• Fixed exception when calling inspect on objects with unusual __qualname__ attribute Textualize/rich#3894

Commits

• 0752ff0 Merge pull request #3953 from Textualize/zwj-fix
• 54ae0cf simplify
• 07edb85 refine
• 31930dd fix test
• 454fcfc stupid comment
• 13f87a4 Fix ZWJ and edge cases
• 1d402e0 fix dates
• f2a1c3b Merge pull request #3944 from Textualize/nerf-fonts
• 2e5a5da changelog
• 73ee823 fix fonts
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5649432.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/rich	14.3.2	🟢 6.7	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 6 4 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/rich	14.3.2	🟢 6.7	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 6 4 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• cli_bundle/requirements.txt
• docker/requirements.txt

[chatgpt-codex-connector]

💡 Codex Review

Genesis-Code-Protocol/.github/dependency-review-config.yml

Lines 17 to 23 in 5649432

	- Unlicense
	- CC0-1.0
	- GPL-2.0
	- GPL-3.0
	- AGPL-3.0
	- LGPL-2.1
	- LGPL-3.0

Restore copyleft licenses to deny list

The dependency review config now explicitly allows GPL/AGPL/LGPL licenses and no longer lists any denied licenses, which means a PR that adds a copyleft dependency will pass the workflow. If the prior policy was to block copyleft (as the previous deny_licenses list implied), this change is a regression in license compliance because it removes the guardrail and turns those licenses into explicit allows. This will surface when a dependency with one of these licenses is introduced: it will no longer fail the dependency review job.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".