Skip to content

Add poetry to bump-dev-dep workflow options#1758

Merged
nathanjmcdougall merged 2 commits intomainfrom
copilot/support-bump-poetry-dev-deps
Apr 2, 2026
Merged

Add poetry to bump-dev-dep workflow options#1758
nathanjmcdougall merged 2 commits intomainfrom
copilot/support-bump-poetry-dev-deps

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 2, 2026
edited
Loading

Poetry is a test dependency of this project and needs to be bumpable via the bump-dev-dep workflow to address CVEs like GHSA-2599-h6xx-hpxp (path traversal in Poetry ≤2.3.2).

  • Added poetry to the workflow_dispatch choice options in .github/workflows/bump-dev-dep.yml

Copilot AI linked an issue Apr 2, 2026 that may be closed by this pull request
Support bumping poetry in dev deps github action #1757
Closed
@nathanjmcdougall
Add poetry to bump-dev-dep workflow options
713a46f 
Adds `poetry` to the list of packages that can be bumped via the
`bump-dev-dep` GitHub Actions workflow. This allows maintainers to
easily bump poetry when security advisories (e.g. GHSA-2599-h6xx-hpxp)
affect the dependency.

Agent-Logs-Url: https://github.com/usethis-python/usethis-python/sessions/77aa27cf-624f-46a2-b17a-dbbddf76af9d

Co-authored-by: nathanjmcdougall <18602289+nathanjmcdougall@users.noreply.github.com>
Copilot AI changed the title [WIP] Update GitHub action to support bumping poetry in dev dependencies Add poetry to bump-dev-dep workflow options Apr 2, 2026
Copilot AI requested a review from nathanjmcdougall April 2, 2026 00:16
@nathanjmcdougall nathanjmcdougall marked this pull request as ready for review April 2, 2026 01:11
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 2, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq bot commented Apr 2, 2026

Merging this PR will not alter performance

✅ 2 untouched benchmarks

Comparing copilot/support-bump-poetry-dev-deps (713a46f) with main (c7f7f55)

Open in CodSpeed

Copilot AI mentioned this pull request Apr 2, 2026
Merged
@nathanjmcdougall nathanjmcdougall merged commit 6db241a into main Apr 2, 2026
20 checks passed
@nathanjmcdougall nathanjmcdougall deleted the copilot/support-bump-poetry-dev-deps branch April 2, 2026 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nathanjmcdougall nathanjmcdougall Awaiting requested review from nathanjmcdougall

Assignees

@nathanjmcdougall nathanjmcdougall

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support bumping poetry in dev deps github action

2 participants

@nathanjmcdougall