Python: Update pymongo requirement from <4.16,>=4.8.0 to >=4.8.0,<4.17 in /python#13866
Python: Update pymongo requirement from <4.16,>=4.8.0 to >=4.8.0,<4.17 in /python#13866dependabot[bot] wants to merge 2 commits intomainfrom
Conversation
Updates the requirements on [pymongo](https://github.com/mongodb/mongo-python-driver) to permit the latest version. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.8.0...4.16.0) --- updated-dependencies: - dependency-name: pymongo dependency-version: 4.16.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
github-actions
Bot
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Automated Code Review
Reviewers: 4 | Confidence: 95%
✓ Correctness
This is a trivial dependency version bump raising the pymongo upper bound from < 4.16 to < 4.17. The change is minimal, correct in form, and consistent with the existing version constraint pattern. No correctness issues found.
✓ Security Reliability
This is a minimal, low-risk change that bumps the upper bound of the pymongo dependency from <4.16 to <4.17, allowing users to install pymongo 4.16.x. No security or reliability concerns are introduced by this version range expansion.
✓ Test Coverage
This PR bumps the pymongo upper version bound from < 4.16 to < 4.17 in pyproject.toml. This is a purely declarative dependency constraint change with no code or behavioral modifications. Existing unit tests for the MongoDB Atlas connector (test_mongodb_atlas_store.py, test_mongodb_atlas_collection.py, conftest.py) continue to cover the same functionality. No new behavior is introduced that would require additional tests. No test coverage gaps identified.
✗ Design Approach
The change relaxes the pymongo upper bound from
< 4.16to< 4.17in pyproject.toml, which is straightforward. However, theuv.lockfile still records the semantic-kernel package's pymongo mongo-extra specifier as>=4.8.0,<4.15(uv.lock line 6458), which is inconsistent with both the old (< 4.16) and new (< 4.17) pyproject.toml constraints. The lock file was never regenerated after previous bumps and still isn't regenerated here, meaninguv syncusers remain pined to< 4.15regardless of this change. The constraint bump in pyproject.toml has no practical effect untiluv lockis re-run and the updated lock file is committed.
Flagged Issues
- The uv.lock file is out of sync: it still records the pymongo mongo-extra specifier as
>=4.8.0,<4.15(uv.lock:6458), not the new>=4.8.0,<4.17. Users installing viauv syncwill remain constrained to< 4.15, making this change a no-op in practice. The lock file must be regenerated withuv lockand the result committed alongside pyproject.toml.
Automated review by dependabot[bot]'s agents
Agent-Logs-Url: https://github.com/microsoft/semantic-kernel/sessions/84e7bb3d-5c6f-4804-840c-ac56a0125b75 Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
Updates the requirements on pymongo to permit the latest version.
Release notes
Sourced from pymongo's releases.
Changelog
Sourced from pymongo's changelog.
... (truncated)
Commits
3290101Prepare 4.16.0 release (#2672)1be94d2PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)6585d9cPYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)fdb1f7ePYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)0cd9763Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...2f263d4PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)e9658b2Add 4.15.5 release date to changelog (#2666)10dd204Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)1300677[Spec Resync] 12-22-2025 (#2663)18c1f14PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)