Skip to content

dependency bumps#344

Merged
Mestway merged 13 commits into
mainfrom
dev
May 12, 2026
Merged

dependency bumps#344
Mestway merged 13 commits into
mainfrom
dev

Conversation

@Chenglong-MS
Copy link
Copy Markdown
Collaborator

@Chenglong-MS Chenglong-MS commented May 12, 2026
edited
Loading

Dependency upgrades & security fixes

Resolves several open Dependabot PRs and GitHub security alerts in one coherent change. Upgrades to Vite 7 close two High-severity dev-server alerts.

Python (uv.lock)

JavaScript (package.json + yarn.lock)

Verification

  • yarn install clean, no peer-dep mismatches
  • yarn build
  • yarn test and uv run pytest — same failures as dev (pre-existing, unrelated)

Closes

#267, #283, #285, #286, #299, #304 (merge-on-push)

Stale Dependabot PRs to close on GitHub: #268, #278, #303, #320, #321, #332 (target packages no longer present or already at-or-above target)

Still upstream-blocked

urllib3 #158/#164 and litellm #165 — already at latest stable; awaiting upstream patches.

dependabot Bot and others added 13 commits May 8, 2026 08:01
@dependabot
Bump mistune from 3.2.0 to 3.2.1
75856ea 
Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst)
- [Commits](lepture/mistune@v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: mistune
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump urllib3 from 2.6.3 to 2.7.0
95103ab 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump pytest from 9.0.2 to 9.0.3
f3a7e5f 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump postcss from 8.5.8 to 8.5.14
d0146e1 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump litellm from 1.83.8 to 1.83.10
601d7a9 
Bumps [litellm](https://github.com/BerriAI/litellm) from 1.83.8 to 1.83.10.
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](https://github.com/BerriAI/litellm/commits)

---
updated-dependencies:
- dependency-name: litellm
  dependency-version: 1.83.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Chenglong-MS
Merge pull request #342 from microsoft/dependabot/uv/litellm-1.83.10
4696709 
build(deps): bump litellm from 1.83.8 to 1.83.10
@Chenglong-MS
Merge pull request #341 from microsoft/dependabot/npm_and_yarn/postcs…
9221675 
…s-8.5.14

build(deps): bump postcss from 8.5.8 to 8.5.14
@Chenglong-MS
Merge pull request #340 from microsoft/dependabot/uv/pytest-9.0.3
2e629f2 
build(deps): bump pytest from 9.0.2 to 9.0.3
@Chenglong-MS
Merge pull request #338 from microsoft/dependabot/uv/urllib3-2.7.0
faba38b 
Bump urllib3 from 2.6.3 to 2.7.0
@Chenglong-MS
Merge pull request #333 from microsoft/dependabot/uv/mistune-3.2.1
59bf438 
Bump mistune from 3.2.0 to 3.2.1
@Chenglong-MS
minor
1ecb538
@Chenglong-MS
build(deps): bump cryptography, requests, python-dotenv, dompurify, l…
9de0adb 
…odash
@Chenglong-MS
dependency fix
0a23c5c
@Chenglong-MS Chenglong-MS requested a review from Mestway May 12, 2026 18:50
@Mestway Mestway merged commit 6ac84a1 into main May 12, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mestway Mestway Mestway approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Chenglong-MS @Mestway