Skip to content

Chore/upgrade dependencies after v0.33#2215

Merged
Flix6x merged 5 commits into
mainfrom
chore/upgrade-dependencies-after-v0.33
Jun 2, 2026
Merged

Chore/upgrade dependencies after v0.33#2215
Flix6x merged 5 commits into
mainfrom
chore/upgrade-dependencies-after-v0.33

Conversation

@nhoening

@nhoening nhoening commented Jun 1, 2026

Copy link
Copy Markdown
Member

Description

  • Upgrading dependencies after releasing v0.33
  • Fix tests after a RQ upgrade
  • changelog entry

Here is a summary of upgraded versions (made by Codex). Nothing highly remarkable as we see it now. We will test this for a while until v1.0 is released.

The diff is mostly uv resolver/marker normalization, but these are the real package version changes I’d flag.

Largest / Highest-Risk Jumps

  • redis: 7.4.0 -> 8.0.0
    Major release. Important because FlexMeasures uses Redis/RQ-style background work and caching patterns. Worth checking queue workers, connection options, and any direct Redis client calls.

  • mypy: 1.20.2 -> 2.1.0
    Major tooling jump. Runtime risk is low, but CI/type-checking behavior may change.

  • cryptography: 47.0.0 -> 48.0.0
    Major security-sensitive jump. Important for TLS, certificates, WebAuthn, PyOpenSSL, auth-adjacent code.

  • zipp: 3.23.1 -> 4.1.0
    Major-ish dependency jump, usually low runtime risk unless importlib/resource behavior is relied on indirectly.

  • rpds-py: 0.30.0 -> 2026.5.1
    Big versioning scheme jump. Used underneath JSON schema/reference machinery, so worth smoke-testing API/schema validation and docs generation.

  • pyod: 3.2.1 -> 3.5.2
    Not a major version, but a meaningful ML/anomaly-detection jump. Relevant if FlexMeasures forecasting or analytics paths use PyOD models.

  • librt: 0.9.0 -> 0.11.0
    Minor jump across pre-1.0 versions, which can be less stable semantically. Worth checking why it is present and whether it affects optimization/runtime bindings.

Core FlexMeasures / Security-Relevant Updates

  • flask-security-too: 5.8.0 -> 5.8.1
    Auth/security-critical, even though it is only a patch bump. Should be included in auth smoke tests.

  • sqlalchemy: 2.0.49 -> 2.0.50
    Core persistence layer. Patch bump, but still important for DB behavior and migrations.

  • rq: 2.8.0 -> 2.9.0
    Core background job infrastructure. Check worker startup and job enqueue/execute paths.

  • requests: 2.33.1 -> 2.34.2
    Core HTTP client behavior. Minor bump, relevant for integrations and external service calls.

  • certifi: 2026.4.22 -> 2026.5.20 and idna: 3.13 -> 3.17
    TLS/certificate and URL/domain handling dependencies. Security-relevant, generally positive updates.

  • pyopenssl: 26.1.0 -> 26.2.0 plus cryptography above
    Security/TLS stack. Worth checking anything involving certificates, WebAuthn, or SSL handling.

  • pydantic: 2.13.3 -> 2.13.4, pydantic-core: 2.46.3 -> 2.46.4
    Small bumps, but relevant if validation models are used around API/config/data boundaries.

  • holidays: 0.96 -> 0.98
    Relevant to scheduling, calendars, and forecasting semantics. Worth checking calendar-sensitive tests.

  • shap: 0.51.0 -> 0.52.0
    ML/explainability dependency. Relevant if forecasting explainability paths are exercised.

  • sentry-sdk: 2.59.0 -> 2.61.1
    Observability. Low product-risk, but check app startup/config if Sentry is enabled.

New Package

  • ast-serialize: added at 0.5.0
    New transitive dependency. I’d trace which upgraded package pulled this in before merging, just to understand supply-chain surface.

Overall: the most important ones to review/test are redis, cryptography/pyopenssl, flask-security-too, sqlalchemy, rq, requests, and the calendar/ML stack (holidays, pyod, shap).

nhoening added 2 commits June 1, 2026 23:29
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
…r attribute to client_list()

Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening nhoening added this to the 1.0.0 milestone Jun 1, 2026
@nhoening nhoening self-assigned this Jun 1, 2026
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening
nhoening requested a review from Flix6x June 1, 2026 21:53
Comment thread flexmeasures/app.py Outdated
nhoening added 2 commits June 2, 2026 11:04
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@Flix6x
Flix6x merged commit 213f7af into main Jun 2, 2026
15 of 16 checks passed
@Flix6x
Flix6x deleted the chore/upgrade-dependencies-after-v0.33 branch June 2, 2026 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants