Skip to content

fix: changes from dependabot #586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

fix: changes from dependabot #586

wants to merge 5 commits into from

Conversation

NirajC-Microsoft
Copy link
Contributor

Purpose

This pull request updates dependencies and GitHub Actions across multiple workflow files to ensure the project uses the latest versions for improved security, reliability, and compatibility. The most significant changes are grouped below.

GitHub Actions Version Updates:

  • All workflow files now use actions/checkout@v5 instead of v4, ensuring the latest features and security fixes for repository checkout. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]

  • Other actions updated to latest versions:

    • actions/setup-node upgraded to v5 [1] [2]
    • actions/setup-python upgraded to v6 [1] [2] [3] [4] [5]
    • amannn/action-semantic-pull-request upgraded to v6
    • actions/stale upgraded to v10
    • codfish/semantic-release-action upgraded to v4
    • lycheeverse/lychee-action upgraded to v2.6.1 [1] [2]
    • tj-actions/changed-files updated to a new commit hash

Python and Node Dependencies Updates:

  • src/requirements.txt and src/requirements-dev.txt have been updated to use newer versions of many dependencies, including openai, azure-* packages, requests, pytest, black, and isort, among others. This improves compatibility with upstream changes and may resolve security vulnerabilities. [1] [2]

Azure and Telemetry Packages:

  • Several Azure-related packages and OpenTelemetry dependencies have been updated to their latest stable or beta releases, ensuring better integration and support for new Azure features.

General Maintenance:

  • Routine updates across workflows and dependencies to keep the codebase up-to-date and minimize technical debt. [1] [2]
  • ...

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • I have built and tested the code locally and in a deployed app
  • For frontend changes, I have pulled the latest code from main, built the frontend, and committed all static files.
  • This is a change for all users of this app. No code or asset is specific to my use case or my organization.

Other Information

dependabot bot added 4 commits August 2, 2025 00:27
@dependabot @github-actions
build(deps): bump the all-backend-deps group in /src with 13 updates
a85fe30 
---
updated-dependencies:
- dependency-name: azure-identity
  dependency-version: 1.23.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: openai
  dependency-version: 1.98.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: azure-storage-blob
  dependency-version: 12.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: azure-ai-projects
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: aiohttp
  dependency-version: 3.12.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-sdk
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-api
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-semantic-conventions
  dependency-version: 0.57b0
  dependency-type: direct:production
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-instrumentation
  dependency-version: 0.57b0
  dependency-type: direct:production
  dependency-group: all-backend-deps
- dependency-name: azure-monitor-opentelemetry
  dependency-version: 1.6.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: langchain
  dependency-version: 0.3.27
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: pytest-asyncio
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: pymupdf
  dependency-version: 1.26.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github-actions
build(deps): bump actions/setup-python in the all-actions group
548c6c2 
Bumps the all-actions group with 1 update: [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/setup-python` from 4 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github-actions
build(deps): bump the all-backend-deps group in /src with 17 updates
f835c9e 
Bumps the all-backend-deps group in /src with 17 updates:

| Package | From | To |
| --- | --- | --- |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.23.1` | `1.25.0` |
| [openai](https://github.com/openai/openai-python) | `1.98.0` | `2.0.1` |
| [azure-search-documents](https://github.com/Azure/azure-sdk-for-python) | `11.6.0b12` | `11.7.0b1` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.35.0` | `0.37.0` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.10.1` | `2.11.0` |
| [black](https://github.com/psf/black) | `25.1.0` | `25.9.0` |
| [isort](https://github.com/PyCQA/isort) | `6.0.1` | `6.1.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.36.0` | `1.37.0` |
| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.36.0` | `1.37.0` |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.57b0` | `0.58b0` |
| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.57b0` | `0.58b0` |
| [azure-monitor-opentelemetry](https://github.com/Azure/azure-sdk-for-python) | `1.6.13` | `1.8.1` |
| [markdown](https://github.com/Python-Markdown/markdown) | `3.8.2` | `3.9` |
| [requests](https://github.com/psf/requests) | `2.32.4` | `2.32.5` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.4.1` | `8.4.2` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.1.0` | `1.2.0` |
| [pymupdf](https://github.com/pymupdf/pymupdf) | `1.26.3` | `1.26.4` |


Updates `azure-identity` from 1.23.1 to 1.25.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.23.1...azure-identity_1.25.0)

Updates `openai` from 1.98.0 to 2.0.1
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.98.0...v2.0.1)

Updates `azure-search-documents` from 11.6.0b12 to 11.7.0b1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/search/azure-search-documents/CHANGELOG.md)
- [Commits](Azure/azure-sdk-for-python@azure-search-documents_11.6.0b12...azure-search-documents_11.7.0b1)

Updates `uvicorn` from 0.35.0 to 0.37.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.35.0...0.37.0)

Updates `pydantic-settings` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@2.10.1...v2.11.0)

Updates `black` from 25.1.0 to 25.9.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.1.0...25.9.0)

Updates `isort` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@6.0.1...6.1.0)

Updates `opentelemetry-sdk` from 1.36.0 to 1.37.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.36.0...v1.37.0)

Updates `opentelemetry-api` from 1.36.0 to 1.37.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.36.0...v1.37.0)

Updates `opentelemetry-semantic-conventions` from 0.57b0 to 0.58b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/commits)

Updates `opentelemetry-instrumentation` from 0.57b0 to 0.58b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `azure-monitor-opentelemetry` from 1.6.13 to 1.8.1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-monitor-opentelemetry_1.6.13...azure-monitor-opentelemetry_1.8.1)

Updates `markdown` from 3.8.2 to 3.9
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.8.2...3.9.0)

Updates `requests` from 2.32.4 to 2.32.5
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.32.5)

Updates `pytest` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.1...8.4.2)

Updates `pytest-asyncio` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.1.0...v1.2.0)

Updates `pymupdf` from 1.26.3 to 1.26.4
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/main/changes.txt)
- [Commits](pymupdf/PyMuPDF@1.26.3...1.26.4)

---
updated-dependencies:
- dependency-name: azure-identity
  dependency-version: 1.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: openai
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-backend-deps
- dependency-name: azure-search-documents
  dependency-version: 11.7.0b1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: uvicorn
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: pydantic-settings
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: black
  dependency-version: 25.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: isort
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-sdk
  dependency-version: 1.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-api
  dependency-version: 1.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-semantic-conventions
  dependency-version: 0.58b0
  dependency-type: direct:production
  dependency-group: all-backend-deps
- dependency-name: opentelemetry-instrumentation
  dependency-version: 0.58b0
  dependency-type: direct:production
  dependency-group: all-backend-deps
- dependency-name: azure-monitor-opentelemetry
  dependency-version: 1.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: markdown
  dependency-version: '3.9'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
- dependency-name: pytest-asyncio
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-backend-deps
- dependency-name: pymupdf
  dependency-version: 1.26.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-backend-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github-actions
build(deps): bump the all-actions group with 8 updates
151d559 
Bumps the all-actions group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `5` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.0` |
| [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.4.1` | `2.6.1` |
| [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action) | `3` | `4` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `5` |
| [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5` | `6` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [actions/stale](https://github.com/actions/stale) | `9` | `10` |


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `tj-actions/changed-files` from 46.0.5 to 47.0.0
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@ed68ef8...24d32ff)

Updates `lycheeverse/lychee-action` from 2.4.1 to 2.6.1
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@v2.4.1...v2.6.1)

Updates `codfish/semantic-release-action` from 3 to 4
- [Release notes](https://github.com/codfish/semantic-release-action/releases)
- [Commits](codfish/semantic-release-action@v3...v4)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v5)

Updates `amannn/action-semantic-pull-request` from 5 to 6
- [Release notes](https://github.com/amannn/action-semantic-pull-request/releases)
- [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md)
- [Commits](amannn/action-semantic-pull-request@v5...v6)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-actions
- dependency-name: codfish/semantic-release-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: amannn/action-semantic-pull-request
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@malrose07 malrose07 Awaiting requested review from malrose07 malrose07 is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NirajC-Microsoft @Vemarthula-Microsoft