⬆ bump aiohttp from 3.13.1 to 3.13.5#311
Conversation
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d1cb730f17
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| [package.metadata] | ||
| requires-dist = [ | ||
| { name = "aiohttp", specifier = ">=3.13.1" }, | ||
| { name = "aiohttp", specifier = ">=3.13.5" }, |
There was a problem hiding this comment.
This lockfile now says the editable discord-bot package requires aiohttp>=3.13.5, but the source manifest still declares aiohttp>=3.13.1 in apps/discord_bot/pyproject.toml. For workspace/editable packages, this package.metadata.requires-dist block is the lockfile snapshot of the package metadata, so the lock is inconsistent with the checked-in manifest and can be treated as stale or get reverted the next time uv lock is run; update the pyproject constraint too, or leave this metadata at the manifest value while only locking the resolved package to 3.13.5.
Useful? React with 👍 / 👎.
|
Superseded by the combined dependency update in #348, which includes these updates and has passing local + GitHub Actions checks. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)