Merge pull request #61 from dunderrrrrr/bump-deps

dunderrrrrr · web-flow · commit 3492da419441 · 2026-01-02T11:56:20.000+01:00
bump dependencies - urllib3 streaming API improperly handles highly compressed data - urllib3 allows an unbounded number of links in the decompression chain - filelock has a TOCTOU race condition which allows symlink attacks during lock file creation Closes #56, #55
diff --git a/pyproject.toml b/pyproject.toml
@@ -7,15 +7,14 @@ readme = "README.md"
 requires-python = ">=3.10"
 dependencies = [
     "httpx>=0.28.1",
-    "pre-commit>=3.7.1",
-    "pytest>=8.2.2",
-    "respx>=0.21.1",
-    "mypy>=1.15.0",
-    "pydantic>=2.11.7",
+    "pre-commit>=4.5.1",
+    "pytest>=9.0.2",
+    "respx>=0.22.0",
+    "mypy>=1.19.1",
     "mkdocs>=1.6.1",
-    "mkdocs-material>=9.6.21",
+    "mkdocs-material>=9.7.1",
     "mkdocs-swagger-ui-tag>=0.7.2",
-    "beautifulsoup4>=4.14.2",
+    "beautifulsoup4>=4.14.3",
 ]
 
 
diff --git a/requirements.txt b/requirements.txt
@@ -1,14 +1,12 @@
 # This file was autogenerated by uv via the following command:
 #    uv pip compile pyproject.toml -o requirements.txt
-annotated-types==0.7.0
-    # via pydantic
 anyio==4.9.0
     # via httpx
 babel==2.17.0
     # via mkdocs-material
 backrefs==5.9
     # via mkdocs-material
-beautifulsoup4==4.14.2
+beautifulsoup4==4.14.3
     # via
     #   blocket-api (pyproject.toml)
     #   mkdocs-swagger-ui-tag
@@ -52,6 +50,8 @@ jinja2==3.1.6
     # via
     #   mkdocs
     #   mkdocs-material
+librt==0.7.7
+    # via mypy
 markdown==3.9
     # via
     #   mkdocs
@@ -71,13 +71,13 @@ mkdocs==1.6.1
     #   mkdocs-material
 mkdocs-get-deps==0.2.0
     # via mkdocs
-mkdocs-material==9.6.21
+mkdocs-material==9.7.1
     # via blocket-api (pyproject.toml)
 mkdocs-material-extensions==1.3.1
     # via mkdocs-material
 mkdocs-swagger-ui-tag==0.7.2
     # via blocket-api (pyproject.toml)
-mypy==1.16.1
+mypy==1.19.1
     # via blocket-api (pyproject.toml)
 mypy-extensions==1.1.0
     # via mypy
@@ -99,19 +99,15 @@ platformdirs==4.3.8
     #   virtualenv
 pluggy==1.6.0
     # via pytest
-pre-commit==4.2.0
-    # via blocket-api (pyproject.toml)
-pydantic==2.12.0
+pre-commit==4.5.1
     # via blocket-api (pyproject.toml)
-pydantic-core==2.41.1
-    # via pydantic
 pygments==2.19.2
     # via
     #   mkdocs-material
     #   pytest
 pymdown-extensions==10.16.1
     # via mkdocs-material
-pytest==8.4.1
+pytest==9.0.2
     # via blocket-api (pyproject.toml)
 python-dateutil==2.9.0.post0
     # via ghp-import
@@ -138,11 +134,6 @@ typing-extensions==4.14.1
     # via
     #   beautifulsoup4
     #   mypy
-    #   pydantic
-    #   pydantic-core
-    #   typing-inspection
-typing-inspection==0.4.2
-    # via pydantic
 urllib3==2.5.0
     # via requests
 virtualenv==20.31.2
diff --git a/scripts/check_all_exports.py b/scripts/check_all_exports.py
@@ -29,7 +29,7 @@ def get_all_exports(init_file: Path) -> set[str]:
                 if isinstance(target, ast.Name) and target.id == "__all__":
                     if isinstance(node.value, ast.List):
                         return {
-                            elt.value
+                            elt.value  # type: ignore[misc]
                             for elt in node.value.elts
                             if isinstance(elt, ast.Constant)
                         }
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ def get_all_exports(init_file: Path) -> set[str]:`
`29`	`29`	`if isinstance(target, ast.Name) and target.id == "__all__":`
`30`	`30`	`if isinstance(node.value, ast.List):`
`31`	`31`	`return {`
`32`		`- elt.value`
	`32`	`+ elt.value # type: ignore[misc]`
`33`	`33`	`for elt in node.value.elts`
`34`	`34`	`if isinstance(elt, ast.Constant)`
`35`	`35`	`}`