Skip to content

chore(deps): consolidate dependabot updates and bump all dependencies#266

Merged
viraatc merged 1 commit intomainfrom
feat/viraatc-dependencies-2
Apr 3, 2026
Merged

chore(deps): consolidate dependabot updates and bump all dependencies#266
viraatc merged 1 commit intomainfrom
feat/viraatc-dependencies-2

Conversation

@viraatc
Copy link
Copy Markdown
Collaborator

@viraatc viraatc commented Apr 2, 2026
edited
Loading

apply dependabot fixes:

  • psutil 6.1.1 → 7.2.2
  • transformers 4.57.1 → 5.4.0
  • protobuf 6.33.5 → 7.34.1
  • sphinx 8.2.3 → 9.1.0
  • sphinx-rtd-theme 3.0.2 → 3.1.0
  • sphinx-autodoc-typehints 3.1.0 → 3.9.11
  • myst-parser 4.0.1 → 5.0.0
  • pytest-cov 7.0.0 → 7.1.0
  • scipy 1.16.3 → 1.17.1
  • aiohttp 3.13.4 → 3.13.5

change dependabot to run weekly and have upto 1 open PR at a time.

What does this PR do?

Type of change

  • Bug fix
  • New feature
  • Documentation update
  • Refactor/cleanup

Related issues

Testing

  • Tests added/updated
  • All tests pass locally
  • Manual testing completed

Checklist

  • Code follows project style
  • Pre-commit hooks pass
  • Documentation updated (if needed)

@viraatc @claude
chore(deps): consolidate dependabot updates and bump all dependencies
dd52e80 
Bump all pending dependabot PRs in one commit and reconfigure
dependabot to run weekly with max 1 open PR per ecosystem.

- psutil 6.1.1 → 7.2.2
- transformers 4.57.1 → 5.4.0
- protobuf 6.33.5 → 7.34.1
- sphinx 8.2.3 → 9.1.0
- sphinx-rtd-theme 3.0.2 → 3.1.0
- sphinx-autodoc-typehints 3.1.0 → 3.9.11
- myst-parser 4.0.1 → 5.0.0
- pytest-cov 7.0.0 → 7.1.0
- scipy 1.16.3 → 1.17.1
- aiohttp 3.13.4 → 3.13.5

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 2, 2026 21:35
@viraatc viraatc requested a review from a team as a code owner April 2, 2026 21:35
@github-actions github-actions bot requested review from arekay-nv and nvzhihanj April 2, 2026 21:35
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 2, 2026

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Consolidates multiple pending Dependabot updates into a single dependency bump commit, and adjusts Dependabot configuration to reduce update noise by switching to a weekly cadence with a 1-PR limit per ecosystem.

Changes:

  • Bumped pinned versions for several runtime/dev/test Python dependencies in pyproject.toml (including multiple major-version upgrades).
  • Reconfigured Dependabot to run weekly (Monday) and limit to 1 open PR per ecosystem in .github/dependabot.yml.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pyproject.toml Updates pinned dependency versions across core, dev-docs, and test extras.
.github/dependabot.yml Changes update cadence to weekly (Monday) and caps open Dependabot PRs at 1 per ecosystem.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the Dependabot configuration to run weekly on Mondays and limits open pull requests to one per ecosystem. It also updates several dependencies in pyproject.toml, including major version bumps for psutil, transformers, protobuf, sphinx, and myst-parser. Feedback was provided regarding the risk of bundling multiple major version upgrades into a single pull request, suggesting they be isolated to simplify testing and debugging.

arekay-nv
arekay-nv approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@arekay-nv arekay-nv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@viraatc viraatc merged commit 8c0c63d into main Apr 3, 2026
11 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Apr 3, 2026
@viraatc viraatc deleted the feat/viraatc-dependencies-2 branch April 3, 2026 08:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@arekay-nv arekay-nv arekay-nv approved these changes

@nvzhihanj nvzhihanj Awaiting requested review from nvzhihanj

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viraatc @arekay-nv