chore(deps): bump pip from 26.0.1 to 26.1#3125
Conversation
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) --- updated-dependencies: - dependency-name: pip dependency-version: '26.1' dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Python API breakage checks — ✅ PASSEDResult: ✅ PASSED |
REST API breakage checks (OpenAPI) — ✅ PASSEDResult: ✅ PASSED |
Coverage Report •
|
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
LGTM! Clean dependency update with performance improvements and security fixes.
[RISK ASSESSMENT]
🟢 LOW - Routine pip version bump (26.0.1 → 26.1) with:
- Performance improvements (faster resolution, reduced memory)
- Security updates (certifi, packaging, requests, urllib3, tomli)
- Upload date (2026-04-26) is 12 days old, beyond the 7-day freshness guardrail ✅
- No agent behavior impact (infrastructure dependency)
- Python 3.9 drop is not a concern (project uses Python 3.13)
VERDICT:
✅ Worth merging
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
✅ QA Report: PASS
Dependency update verified successfully. pip 26.1 installs correctly, SDK functionality confirmed working, and all CI checks pass.
Does this PR achieve its stated goal?
Yes. This PR successfully updates the pip dependency from version 26.0.1 to 26.1 in the uv.lock file. The SDK continues to work correctly with the new pip version. All dependency installation operations complete without errors, SDK imports and object instantiation work as expected, and pip's core functionality (version check, list, show, dependency resolution) operates correctly. The update introduces performance improvements and bug fixes from pip 26.1 without introducing any breaking changes for this project.
| Phase | Result |
|---|---|
| Environment Setup | ✅ Successfully synced 233 packages with pip 26.1 |
| CI Status | ✅ All checks passing (build, tests, pre-commit, linting) |
| Functional Verification | ✅ SDK + pip 26.1 compatibility confirmed |
Functional Verification
Test 1: Verify pip version update
Step 1 — Check the lockfile change:
Inspected uv.lock to confirm the dependency bump:
$ grep -A 3 'name = "pip"' uv.lock
name = "pip"
version = "26.1"
source = { registry = "https://pypi.org/simple" }This confirms the lockfile was updated from pip 26.0.1 to 26.1 as intended.
Step 2 — Install dependencies with new pip version:
Ran dependency sync to install pip 26.1:
$ uv sync --frozen
Using CPython 3.13.13
Creating virtual environment at: .venv
Prepared 233 packages in 5.59s
Installed 233 packages in 410ms
+ pip==26.1
+ [232 other packages...]All packages installed successfully without errors, confirming pip 26.1 works with the project's dependency tree.
Step 3 — Verify pip 26.1 is active:
Confirmed the new version is installed:
$ pip --version
pip 26.1 from /home/runner/.../site-packages/pip (python 3.13)
$ pip show pip | grep Version
Version: 26.1This shows pip 26.1 is correctly installed and active in the virtual environment.
Test 2: SDK compatibility check
Step 1 — Test SDK imports:
Created and ran a test script to verify core SDK functionality:
from openhands.sdk import LLM, Agent, Conversation, Tool
from openhands.tools.file_editor import FileEditorTool
from openhands.tools.terminal import TerminalTool
from openhands.tools.task_tracker import TaskTrackerToolResult:
✓ All imports successful
All SDK modules import without errors, confirming no import-time issues with pip 26.1.
Step 2 — Test SDK instantiation:
Verified SDK objects can be created:
llm = LLM(model="anthropic/claude-sonnet-4-5-20250929", api_key="test-key")
agent = Agent(llm=llm, tools=[Tool(name=TerminalTool.name)])Result:
✓ LLM instantiated
✓ Agent instantiated
SDK core objects instantiate correctly with pip 26.1 in the environment.
Step 3 — Test pip operations:
Verified pip's core functionality:
$ pip list --format=json # Returns package list successfully
$ pip show pip # Returns package metadata successfully
$ pip install --dry-run requests # Dependency resolution works correctlyResult:
✓ pip list command works
✓ pip 26.1 confirmed
All pip operations execute successfully, confirming the new version's functionality.
Test 3: CI validation
Checked PR CI status:
$ gh pr checks 3125
✓ sdk-tests (pass)
✓ tools-tests (pass)
✓ agent-server-tests (pass)
✓ cross-tests (pass)
✓ windows-tests (pass)
✓ pre-commit (pass)
✓ build-binary-and-test (macos, ubuntu) (pass)
✓ All 28 checks passingAll test suites pass with pip 26.1, confirming no regressions across platforms.
Issues Found
None. The dependency update works cleanly with no compatibility issues.
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 participants
Bumps pip from 26.0.1 to 26.1.
Changelog
Sourced from pip's changelog.
... (truncated)
Commits
90b2b3eBump for release193f289Update AUTHORS.txt63c3709Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbie5fe702Merge pull request #13949 from pypa/revert-13888-resolver-editable-links122a14aRevert "Allow editable installs to satisfy direct-URL dependencies (#13888)"c335252-r pylock.toml: add pip-wheel -r pylock.toml testba2fc12-r pylock.toml: proper error with remote pylock.toml containing directory ent...747c4aeMerge pull request #13948 from ichard26/reword-news3517841-r pylock: refine filename pylock-ness test2f7ad8c-r pylock.toml: fix crash with pip wheel and pip lockDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server
Variants & Base Images
eclipse-temurin:17-jdknikolaik/python-nodejs:python3.13-nodejs22-slimgolang:1.21-bookwormPull (multi-arch manifest)
# Each variant is a multi-arch manifest supporting both amd64 and arm64 docker pull ghcr.io/openhands/agent-server:a0f4e05-pythonRun
All tags pushed for this build
About Multi-Architecture Support
a0f4e05-python) is a multi-arch manifest supporting both amd64 and arm64a0f4e05-python-amd64) are also available if needed