Chore/upgrade dependencies after v0.33#2215
Merged
Merged
Conversation
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
…r attribute to client_list() Signed-off-by: Nicolas Höning <nicolas@seita.nl>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Flix6x
reviewed
Jun 1, 2026
Flix6x
approved these changes
Jun 1, 2026
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Flix6x
approved these changes
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Here is a summary of upgraded versions (made by Codex). Nothing highly remarkable as we see it now. We will test this for a while until v1.0 is released.
The diff is mostly
uvresolver/marker normalization, but these are the real package version changes I’d flag.Largest / Highest-Risk Jumps
redis:7.4.0 -> 8.0.0Major release. Important because FlexMeasures uses Redis/RQ-style background work and caching patterns. Worth checking queue workers, connection options, and any direct Redis client calls.
mypy:1.20.2 -> 2.1.0Major tooling jump. Runtime risk is low, but CI/type-checking behavior may change.
cryptography:47.0.0 -> 48.0.0Major security-sensitive jump. Important for TLS, certificates, WebAuthn, PyOpenSSL, auth-adjacent code.
zipp:3.23.1 -> 4.1.0Major-ish dependency jump, usually low runtime risk unless importlib/resource behavior is relied on indirectly.
rpds-py:0.30.0 -> 2026.5.1Big versioning scheme jump. Used underneath JSON schema/reference machinery, so worth smoke-testing API/schema validation and docs generation.
pyod:3.2.1 -> 3.5.2Not a major version, but a meaningful ML/anomaly-detection jump. Relevant if FlexMeasures forecasting or analytics paths use PyOD models.
librt:0.9.0 -> 0.11.0Minor jump across pre-1.0 versions, which can be less stable semantically. Worth checking why it is present and whether it affects optimization/runtime bindings.
Core FlexMeasures / Security-Relevant Updates
flask-security-too:5.8.0 -> 5.8.1Auth/security-critical, even though it is only a patch bump. Should be included in auth smoke tests.
sqlalchemy:2.0.49 -> 2.0.50Core persistence layer. Patch bump, but still important for DB behavior and migrations.
rq:2.8.0 -> 2.9.0Core background job infrastructure. Check worker startup and job enqueue/execute paths.
requests:2.33.1 -> 2.34.2Core HTTP client behavior. Minor bump, relevant for integrations and external service calls.
certifi:2026.4.22 -> 2026.5.20andidna:3.13 -> 3.17TLS/certificate and URL/domain handling dependencies. Security-relevant, generally positive updates.
pyopenssl:26.1.0 -> 26.2.0pluscryptographyaboveSecurity/TLS stack. Worth checking anything involving certificates, WebAuthn, or SSL handling.
pydantic:2.13.3 -> 2.13.4,pydantic-core:2.46.3 -> 2.46.4Small bumps, but relevant if validation models are used around API/config/data boundaries.
holidays:0.96 -> 0.98Relevant to scheduling, calendars, and forecasting semantics. Worth checking calendar-sensitive tests.
shap:0.51.0 -> 0.52.0ML/explainability dependency. Relevant if forecasting explainability paths are exercised.
sentry-sdk:2.59.0 -> 2.61.1Observability. Low product-risk, but check app startup/config if Sentry is enabled.
New Package
ast-serialize: added at0.5.0New transitive dependency. I’d trace which upgraded package pulled this in before merging, just to understand supply-chain surface.
Overall: the most important ones to review/test are
redis,cryptography/pyopenssl,flask-security-too,sqlalchemy,rq,requests, and the calendar/ML stack (holidays,pyod,shap).