rusackas opened a new pull request, #40560: URL: https://github.com/apache/superset/pull/40560
### SUMMARY Bumps several pinned Python dependencies to releases that address open security advisories surfaced by Dependabot. Grouped because they are all low-risk leaf or patch/minor bumps in the `requirements/` lockfiles. | Package | From | To | Lockfile(s) | |---|---|---|---| | idna | 3.10 | 3.15 | base.txt + development.txt | | Authlib | 1.6.9 | 1.6.12 | development.txt | | fontTools | 4.55.0 | 4.60.2 | development.txt | | python-ldap | 3.4.4 | 3.4.5 | development.txt | | virtualenv | 20.29.2 | 20.36.1 | development.txt | The existing transitive pins (cryptography 46.0.7, distlib 0.3.8, filelock 3.20.3, platformdirs 4.3.8, pyasn1 0.6.3) already satisfy the new packages' requirements, so no lockfile regeneration was needed — these are line-level pin edits matching the repo's Dependabot convention. `idna` is kept in sync across `base.txt` and `development.txt`. ### TESTING INSTRUCTIONS - [x] Verified the target version set resolves cleanly with `uv pip compile` - [x] Confirmed each bumped package's declared requirements are met by existing transitive pins - [ ] CI green ### ADDITIONAL INFORMATION - [ ] Has associated issue: n/a - [ ] Required feature flags: n/a - [ ] Changes UI: No - [ ] Includes DB Migration: No - [ ] Introduces new feature or API: No - [ ] Removes existing feature or API: No 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
