Skip to content

chore(deps): lock file maintenance#13

Open
renovate[bot] wants to merge 1 commit into
trunkfrom
renovate/lock-file-maintenance
Open

chore(deps): lock file maintenance#13
renovate[bot] wants to merge 1 commit into
trunkfrom
renovate/lock-file-maintenance

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 4am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@renovate renovate Bot enabled auto-merge (squash) June 8, 2026 01:32
@socket-security

socket-security Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Install-time scripts: pypi rpds-py

Install script: Package overview

Source: undefined

From: uv.lockpypi/semgrep@1.164.0pypi/rpds-py@2026.5.1

ℹ Read more on: This package | This alert | What is an install script?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/rpds-py@2026.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/lock-file-maintenance branch 3 times, most recently from 49c49e7 to 3616a41 Compare June 9, 2026 20:18
@renovate renovate Bot force-pushed the renovate/lock-file-maintenance branch from 3616a41 to 8b40378 Compare June 10, 2026 08:44
@socket-security

socket-security Bot commented Jun 10, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​semgrep@​1.163.0 ⏵ 1.164.073 +110010010070
Updatedpypi/​ty@​0.0.37 ⏵ 0.0.40100100100100100
Updatedpypi/​ruff@​0.15.13 ⏵ 0.15.15100100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants