This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch ci/dependabot-pip-versioning-strategy in repository https://gitbox.apache.org/repos/asf/superset.git
commit 24909ac6ead198578f4c810e5c2216e0aa60126a Author: Claude Code <[email protected]> AuthorDate: Wed May 20 15:58:12 2026 -0700 ci(deps): bump lower bound on pip dependabot PRs (versioning-strategy: increase) Follow-up to @villebro's review on #40186. Dependabot's default behavior for the pip ecosystem is to only *widen the upper bound* of constraints in `pyproject.toml`, leaving the lower bound at the old version forever. Over time the lower bound becomes meaningless because no installed environment ever resolves that low. Setting `versioning-strategy: increase` makes dependabot bump both sides of the range to the new version, e.g. `sqlglot>=28.10.0, <29` → `sqlglot>=30.8.0, <31` in one PR. Lockfile regeneration (`./scripts/uv-pip-compile.sh`) still needs a human or a separate hook — dependabot for pip doesn't auto-run uv — but the pyproject.toml side is now consistent with what's intended. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5560dc56af6..590c64f29d9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -62,6 +62,11 @@ updates: - package-ecosystem: "pip" directory: "/" open-pull-requests-limit: 10 + # Bump the lower bound to the new version, not just widen the upper + # bound. Without this, a `sqlglot>=28.10.0, <29` constraint upgraded + # to `<30` would keep the stale lower bound forever, dragging + # transitively-resolved versions with it. See #40186 (review thread). + versioning-strategy: increase schedule: interval: "weekly" labels:
