[AVC] Resolve dependabot alerts (#15943)

* Resolve dependabot alerts.

* Fix pylint

Author: tjprescott

packages/python-packages/apiview-copilot/cli.py

@@ -96,58 +96,42 @@
 BOLD_BLUE = BOLD + BLUE
 
 
-helps[
-    "review"
-] = """
+helps["review"] = """
     type: group
     short-summary: Commands for creating and managing APIView reviews.
 """
 
-helps[
-    "agent"
-] = """
+helps["agent"] = """
     type: group
     short-summary: Commands for interacting with the agent.
 """
 
-helps[
-    "apiview"
-] = """
+helps["apiview"] = """
     type: group
     short-summary: Commands for querying APIView data.
 """
 
-helps[
-    "test"
-] = """
+helps["test"] = """
     type: group
     short-summary: Commands for development and testing.
 """
 
-helps[
-    "ops"
-] = """
+helps["ops"] = """
     type: group
     short-summary: Commands for deployment and infrastructure.
 """
 
-helps[
-    "kb"
-] = """
+helps["kb"] = """
     type: group
     short-summary: Commands for interacting with the knowledge base.
 """
 
-helps[
-    "db"
-] = """
+helps["db"] = """
     type: group
     short-summary: Commands for managing the database.
 """
 
-helps[
-    "report"
-] = """
+helps["report"] = """
     type: group
     short-summary: Commands for analytics, auditing, and reporting.
 """
@@ -1653,10 +1637,7 @@ def db_ingest_guidelines(
         )
 
     if result.total_memories:
-        print(
-            f"Memories: {len(result.memories_absorbed)} to absorb, "
-            f"{len(result.memories_retained)} to retain"
-        )
+        print(f"Memories: {len(result.memories_absorbed)} to absorb, " f"{len(result.memories_retained)} to retain")
 
     if result.errors:
         print(f"{Fore.RED}Errors ({len(result.errors)}):{RESET}")
@@ -1906,7 +1887,9 @@ def list_opened_revisions(
     Queries Application Insights for reviews that had page views, then enriches
     with revision metadata from Cosmos DB.
     """
-    data = get_opened_revisions(start_date, end_date, environment=environment, exclude_languages=exclude, created_in_window=created_in_window)
+    data = get_opened_revisions(
+        start_date, end_date, environment=environment, exclude_languages=exclude, created_in_window=created_in_window
+    )
     _print_revision_table(data, empty_msg="No opened revisions found in the specified date range.")
 
 
@@ -2415,9 +2398,7 @@ def get_architect_comments(
             params.append({"name": param_name, "value": rid})
         review_query = f"SELECT c.id, c.Language FROM c WHERE ({' OR '.join(clauses)})"
         review_results = list(
-            reviews_container.query_items(
-                query=review_query, parameters=params, enable_cross_partition_query=True
-            )
+            reviews_container.query_items(query=review_query, parameters=params, enable_cross_partition_query=True)
         )
         review_lang_map = {r["id"]: get_language_pretty_name(r.get("Language", "")) for r in review_results}
 
@@ -2430,19 +2411,13 @@ def get_architect_comments(
     start_iso = to_iso8601(start_date)
     end_iso = to_iso8601(end_date, end_of_day=True)
     thread_starts = get_thread_start_dates(filtered, environment=environment)
-    started_in_window = {
-        key for key, min_created in thread_starts.items() if start_iso <= min_created <= end_iso
-    }
+    started_in_window = {key for key, min_created in thread_starts.items() if start_iso <= min_created <= end_iso}
 
     # By default, exclude replies — keep only the thread-starting comment for threads
     # that actually *started* in the date window (not merely replied to).
     if not include_replies:
         # Keep only comments belonging to threads that started in the window
-        filtered = [
-            c
-            for c in filtered
-            if (c.get("ThreadId") or c.get("ElementId")) in started_in_window
-        ]
+        filtered = [c for c in filtered if (c.get("ThreadId") or c.get("ElementId")) in started_in_window]
 
         # Keep only the first (earliest) comment per thread
         seen_threads = {}
@@ -2466,11 +2441,7 @@ def get_architect_comments(
         # When including replies, identify threads started by an approver and include
         # *all* comments in those threads (not just approver-authored ones).
         # First, restrict to threads that actually started in the date window.
-        filtered = [
-            c
-            for c in filtered
-            if (c.get("ThreadId") or c.get("ElementId")) in started_in_window
-        ]
+        filtered = [c for c in filtered if (c.get("ThreadId") or c.get("ElementId")) in started_in_window]
 
         if allowed_commenters is not None:
             # Find who authored the earliest comment per thread
@@ -2485,20 +2456,18 @@ def get_architect_comments(
                     thread_earliest_in_window[thread_key] = created
                     thread_starters[thread_key] = c.get("CreatedBy", "")
 
-            approver_threads = {
-                k for k, author in thread_starters.items() if author in allowed_commenters
-            }
-            filtered = [
-                c
-                for c in filtered
-                if (c.get("ThreadId") or c.get("ElementId")) in approver_threads
-            ]
+            approver_threads = {k for k, author in thread_starters.items() if author in allowed_commenters}
+            filtered = [c for c in filtered if (c.get("ThreadId") or c.get("ElementId")) in approver_threads]
 
     comments = [APIViewComment(**c) for c in filtered]
 
     results = [
         {
-            **{k: v for k, v in comment.model_dump(by_alias=True, mode="json").items() if k in _APIVIEW_COMMENT_SELECT_FIELDS},
+            **{
+                k: v
+                for k, v in comment.model_dump(by_alias=True, mode="json").items()
+                if k in _APIVIEW_COMMENT_SELECT_FIELDS
+            },
             "Language": review_lang_map.get(comment.review_id, ""),
         }
         for comment in comments

packages/python-packages/apiview-copilot/dev_requirements.txt

@@ -1,5 +1,5 @@
 # regular requirements
-aiohttp==3.13.3
+aiohttp==3.14.0
 azure-ai-agents==1.1.0
 azure-ai-inference==1.0.0b9
 azure-monitor-opentelemetry==1.6.7
@@ -11,27 +11,27 @@ azure-keyvault-keys==4.11.0
 azure-keyvault-secrets==4.10.0
 azure-search-documents==11.5.2
 beautifulsoup4==4.13.4
-black==25.1.0
+black==26.3.1
 colorama==0.4.6
 fastapi==0.121.2
 httpx==0.28.1
 knack==0.12.0
 matplotlib==3.10.0
 markdown-it-py==3.0.0
 openai==2.4.0
-python-dotenv==1.0.1
+python-dotenv==1.2.2
 pydantic==2.10.6
 PyJWT==2.12.0
 pyyaml==6.0.2
-pytest==7.4.2
+pytest==9.0.3
 uvicorn[standard]==0.29.0
 
 # scripts requirements
 azure-monitor-query==2.0.0
 
 # evals requirements
 azure-ai-evaluation==1.15.3
-pytest==7.4.2
+pytest==9.0.3
 tabulate==0.9.0
 
 # dev requirements

packages/python-packages/apiview-copilot/evals/requirements.txt

@@ -1,4 +1,4 @@
 azure-ai-evaluation==1.15.3
-python-dotenv==1.0.1
+python-dotenv==1.2.2
 tabulate==0.9.0
 azure-identity==1.21.0

packages/python-packages/apiview-copilot/requirements.txt

@@ -1,4 +1,4 @@
-aiohttp==3.13.3
+aiohttp==3.14.0
 azure-ai-agents==1.1.0
 azure-ai-inference==1.0.0b9
 azure-monitor-opentelemetry==1.6.7
@@ -10,17 +10,17 @@ azure-keyvault-keys==4.11.0
 azure-keyvault-secrets==4.10.0
 azure-search-documents==11.5.2
 beautifulsoup4==4.13.4
-black==25.1.0
+black==26.3.1
 colorama==0.4.6
 fastapi==0.121.2
 httpx==0.28.1
 knack==0.12.0
 matplotlib==3.10.0
 markdown-it-py==3.0.0
 openai==2.4.0
-python-dotenv==1.0.1
+python-dotenv==1.2.2
 pydantic==2.10.6
 PyJWT==2.12.0
 pyyaml==6.0.2
-pytest==7.4.2
+pytest==9.0.3
 uvicorn[standard]==0.29.0

packages/python-packages/apiview-copilot/scripts/find_multi_memory_items.py

@@ -34,15 +34,15 @@ def _query_all(container, language_filter=None):
     else:
         query = "SELECT * FROM c WHERE NOT IS_DEFINED(c.isDeleted) OR c.isDeleted = false"
         params = None
-    return list(
-        container.client.query_items(query=query, parameters=params, enable_cross_partition_query=True)
-    )
+    return list(container.client.query_items(query=query, parameters=params, enable_cross_partition_query=True))
 
 
 def main():
     parser = argparse.ArgumentParser(description="Find KB items with multiple related memories.")
     parser.add_argument("--language", type=str, default=None, help="Filter by language (e.g. python, dotnet).")
-    parser.add_argument("--min-memories", type=int, default=2, help="Minimum number of related memories to include (default: 2).")
+    parser.add_argument(
+        "--min-memories", type=int, default=2, help="Minimum number of related memories to include (default: 2)."
+    )
     args = parser.parse_args()
 
     db = DatabaseManager.get_instance()

packages/python-packages/apiview-copilot/src/_apiview.py

@@ -826,9 +826,7 @@ def _get_implicit_bad_comments(
 
         rev_query = f"SELECT c.id, c.ChangeHistory FROM c WHERE ({' OR '.join(rev_clauses)})"
         rev_results = list(
-            revisions_container.query_items(
-                query=rev_query, parameters=rev_params, enable_cross_partition_query=True
-            )
+            revisions_container.query_items(query=rev_query, parameters=rev_params, enable_cross_partition_query=True)
         )
 
         for rev in rev_results:
@@ -1207,10 +1205,7 @@ def get_opened_revisions(
             date_filter = "WHERE "
 
         query = (
-            "SELECT c.ReviewId, c.APIRevisionType, c.Language "
-            "FROM c "
-            f"{date_filter}"
-            f"({' OR '.join(clauses)})"
+            "SELECT c.ReviewId, c.APIRevisionType, c.Language " "FROM c " f"{date_filter}" f"({' OR '.join(clauses)})"
         )
 
         revisions.extend(

packages/python-packages/apiview-copilot/src/_apiview_metrics.py

@@ -400,9 +400,7 @@ def build_compliance_reports(
         month_end_iso = to_iso8601(end.isoformat(), end_of_day=True)
 
         # Filter revisions to this month's window
-        month_revisions = [
-            rev for rev in all_revisions if month_start_iso <= rev.get("CreatedOn", "") <= month_end_iso
-        ]
+        month_revisions = [rev for rev in all_revisions if month_start_iso <= rev.get("CreatedOn", "") <= month_end_iso]
 
         # Group by ReviewId and keep only the latest revision per review
         latest_by_review: dict[str, dict] = {}
@@ -460,7 +458,9 @@ def build_compliance_reports(
                     "non_compliant": 0,
                     "total": 0,
                     "pct": 0.0,
-                    "buckets": {t: {"compliant": 0, "non_compliant": 0, "total": 0, "pct": 0.0} for t in _KNOWN_REVISION_TYPES},
+                    "buckets": {
+                        t: {"compliant": 0, "non_compliant": 0, "total": 0, "pct": 0.0} for t in _KNOWN_REVISION_TYPES
+                    },
                 },
             )
             buckets = entry["buckets"]

packages/python-packages/apiview-copilot/src/_comment_bucket_trends.py

@@ -127,13 +127,7 @@ def _build_language_comment_bucket_point(
     deleted_count = segment.deleted_ai_comment_count or 0
 
     total_included = (
-        good_count
-        + implicit_good_count
-        + neutral_count
-        + human_count
-        + implicit_bad_count
-        + bad_count
-        + deleted_count
+        good_count + implicit_good_count + neutral_count + human_count + implicit_bad_count + bad_count + deleted_count
     )
 
     good_percentage = _to_percentage(good_count, total_included)
@@ -243,8 +237,7 @@ def build_language_comment_bucket_reports(
     # Apply generic filter: keep non-AI comments as-is, filter AI comments by IsGeneric
     if generic_filter is not None:
         filtered_comments = [
-            c for c in non_diag
-            if c.get("CommentSource") != "AIGenerated" or bool(c.get("IsGeneric")) == generic_filter
+            c for c in non_diag if c.get("CommentSource") != "AIGenerated" or bool(c.get("IsGeneric")) == generic_filter
         ]
     else:
         filtered_comments = non_diag
@@ -295,8 +288,7 @@ def _query_items_by_id_batches(
     for start_index in range(0, len(ordered_ids), batch_size):
         id_batch = ordered_ids[start_index : start_index + batch_size]
         params = [
-            {"name": f"@{id_parameter_prefix}_{index}", "value": item_id}
-            for index, item_id in enumerate(id_batch)
+            {"name": f"@{id_parameter_prefix}_{index}", "value": item_id} for index, item_id in enumerate(id_batch)
         ]
         clauses = [f"c.id = @{id_parameter_prefix}_{index}" for index in range(len(id_batch))]
         query = f"SELECT {select_clause} FROM c WHERE ({' OR '.join(clauses)})"
@@ -588,7 +580,6 @@ def generate_comment_bucket_chart(
     return output_path
 
 
-
 def print_comment_bucket_report(
     reports: dict[str, list[dict]],
     output_path: Optional[Path],

packages/python-packages/apiview-copilot/src/_database_manager.py

@@ -376,8 +376,8 @@ def save_memory_with_links(
         # Track successful writes so we can undo them on failure.
         # - New items (examples, memory): rollback = soft-delete
         # - Existing items (guidelines): rollback = restore snapshot
-        saved_new_items = []       # (container, id) for new items to soft-delete
-        saved_guideline_ids = []   # DB-format IDs of guidelines we updated
+        saved_new_items = []  # (container, id) for new items to soft-delete
+        saved_guideline_ids = []  # DB-format IDs of guidelines we updated
 
         def _rollback(error_msg: str):
             """Best-effort undo of all successful writes."""
@@ -391,8 +391,10 @@ def _rollback(error_msg: str):
                     self.guidelines.client.upsert_item(guideline_snapshots[g_db_id])
                 except Exception as rb_err:
                     print(f"Rollback warning: failed to restore guideline {g_db_id}: {rb_err}")
-            print(f"Rolled back {len(saved_new_items)} new item(s) and "
-                  f"{len(saved_guideline_ids)} guideline update(s) after error: {error_msg}")
+            print(
+                f"Rolled back {len(saved_new_items)} new item(s) and "
+                f"{len(saved_guideline_ids)} guideline update(s) after error: {error_msg}"
+            )
 
         # 1. Examples (new items)
         for example in examples:

packages/python-packages/apiview-copilot/src/_github_manager.py

@@ -87,7 +87,7 @@ def resolve_owner(production_owner: str = "Azure", staging_owner: Optional[str]
         Production traffic targets ``production_owner`` (default
         ``Azure``); every other environment (local, staging, preview)
         targets the staging owner so test runs do not pollute the real
-        repo. 
+        repo.
         """
         if os.getenv("ENVIRONMENT_NAME") == "production":
             return production_owner