chore: update dependencies #66
Conversation
Summary of ChangesHello @DaxServer, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request systematically updates the project's Python dependencies to their most recent versions, aiming to enhance stability, security, and leverage new features. It also refines the dependency graph by removing an unused package and adjusts Python version compatibility for certain libraries, ensuring the development environment remains current and efficient. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several project dependencies and adds .pytest_cache to .gitignore. While updating dependencies is good practice, I've noticed that some of the updated package versions (for certifi and protobuf) do not correspond to official releases on PyPI. This suggests the use of a custom package source, which could lead to reproducibility problems. I've added specific comments on these dependencies. The other updates and the .gitignore change are correct.
| [[package]] | ||
| name = "certifi" | ||
| version = "2025.11.12" | ||
| version = "2026.1.4" |
There was a problem hiding this comment.
The certifi package is updated to version 2026.1.4. This version, as well as the previous one (2025.11.12), do not appear to be official releases on PyPI (the latest is 2024.x.x). This points to the use of a private or forked package source, which can cause reproducibility issues. It is advisable to document the source of these packages to ensure other contributors can build the project.
| [[package]] | ||
| name = "protobuf" | ||
| version = "6.33.2" | ||
| version = "6.33.3" |
There was a problem hiding this comment.
The protobuf package is pinned to version 6.33.3, which does not seem to be an official version available on PyPI (the latest is 5.x). Additionally, the dependency constraints for protobuf in several dependent packages appear to be loosened in this lock file compared to their definitions on PyPI (e.g., from <5.0.0 to <7.0.0). This suggests a custom dependency resolution setup, which could lead to reproducibility issues for other developers or in CI environments. It's recommended to clarify the origin of this protobuf version and ensure the project's dependency management is transparent and reproducible.
No description provided.