Skip to content

chore: update dependencies#79

Merged
PascalRepond merged 1 commit intorero:stagingfrom
PascalRepond:rep-deps
Mar 26, 2026
Merged

chore: update dependencies#79
PascalRepond merged 1 commit intorero:stagingfrom
PascalRepond:rep-deps

Conversation

@PascalRepond
Copy link
Copy Markdown
Contributor

@PascalRepond PascalRepond commented Mar 26, 2026

No description provided.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 26, 2026
edited
Loading

Warning

Rate limit exceeded

@PascalRepond has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 32 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: abb04ca9-36f0-4e07-b4bd-787c585368a7

📥 Commits

Reviewing files that changed from the base of the PR and between fe8ff3d and 7f5b57e.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • .github/workflows/continuous-integration-test.yml
  • pyproject.toml
  • scripts/test

Walkthrough

Updated project Python requirement from >= 3.9.2, <3.13 to >=3.10,<3.15. Moved poethepoet from dev dependencies to runtime and added markdown-captions>=2.1.2 to runtime dependencies. CI matrix expanded to Python 3.10–3.14. pip-audit exceptions updated to include PYSEC-2026-4539.

Changes

Cohort / File(s) Summary
Project metadata & dependencies
pyproject.toml		 Changed requires-python from >= 3.9.2, <3.13 to >=3.10,<3.15. Added markdown-captions>=2.1.2 and added poethepoet to top-level dependencies; removed poethepoet from dependency-groups.dev.
CI matrix
.github/workflows/continuous-integration-test.yml		 Expanded python-version matrix from ["3.12"] to ["3.10","3.11","3.12","3.13","3.14"], causing tests to run across those interpreters.
Test script adjustments
scripts/test		 In pretests, added add_exceptions "PYSEC-2026-4539" before running pip-audit and included an inline comment referencing pygments 2.19.2 - CVE-2026-4539.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Description check ❓ Inconclusive No pull request description was provided by the author, making it impossible to assess whether any description exists that relates to the changeset. Add a pull request description explaining the motivation for the dependency updates, Python version range changes, and CI workflow expansion.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'chore: update dependencies' accurately describes the main changes in the pull request, which include updating the Python version range, adding new dependencies, and updating the CI workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot requested changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
pyproject.toml (1)

23-24: Move non-runtime dependencies from [project.dependencies] to [dependency-groups] dev.

markdown-captions is not registered in the markdown extension setup (only codehilite, fenced_code, toc, meta, tables, and BootstrapExtension are used in api.py). poethepoet is exclusively used for developer task configuration in [tool.poe.tasks] and is not imported in any source code. Both should be moved to the dev dependency group.

Proposed dependency placement update 
 [project]
 dependencies = [
@@
-    "markdown-captions>=2.1.2",
-    "poethepoet",
 ]

 [dependency-groups]
 dev = [
+    "poethepoet",
     "ipython",
     "pip-audit",
     "pytest",
     "ruff (>=0.12.3)",
 ]
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 23 - 24, Remove "markdown-captions" and
"poethepoet" from the top-level [project.dependencies] and add them into the
development dependency group (e.g.,
[project.dependency-groups.dev.dependencies]) so they are treated as dev-only
dependencies; keep their version specifiers unchanged and ensure
[tool.poe.tasks] continues to work with poethepoet listed under the dev group
and that markdown-captions is not expected as a runtime dependency in api.py.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pyproject.toml`:
- Line 9: The declared requires-python = ">=3.10" in pyproject.toml doesn't
match the CI test matrix; either update the CI workflow to include Python 3.10
and 3.11 (expand the test matrix to 3.10, 3.11, 3.12) or change requires-python
to ">=3.12" to reflect the single tested interpreter; modify the
pyproject.toml's requires-python or the CI job matrix (whichever you choose) so
the declared Python support and the CI matrix are consistent.

---

Nitpick comments:
In `@pyproject.toml`:
- Around line 23-24: Remove "markdown-captions" and "poethepoet" from the
top-level [project.dependencies] and add them into the development dependency
group (e.g., [project.dependency-groups.dev.dependencies]) so they are treated
as dev-only dependencies; keep their version specifiers unchanged and ensure
[tool.poe.tasks] continues to work with poethepoet listed under the dev group
and that markdown-captions is not expected as a runtime dependency in api.py.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9ca8c54f-c78d-4fcf-a464-c283ce2abb7e

📥 Commits

Reviewing files that changed from the base of the PR and between e325376 and aea5597.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • pyproject.toml

Comment thread pyproject.toml Outdated
@PascalRepond
chore: update dependencies
7f5b57e 
Co-Authored-by: Pascal Repond <pascal.repond@rero.ch>
@PascalRepond PascalRepond merged commit cf3d90d into rero:staging Mar 26, 2026
11 checks passed
@coderabbitai coderabbitai Bot mentioned this pull request Mar 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

@PascalRepond PascalRepond

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PascalRepond