Skip to content

chore(deps): bump filelock from 3.29.0 to 3.29.3#479

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/filelock-3.29.3
Closed

chore(deps): bump filelock from 3.29.0 to 3.29.3#479
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/filelock-3.29.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor

Bumps filelock from 3.29.0 to 3.29.3.

Release notes

Sourced from filelock's releases.

3.29.3

What's Changed

Full Changelog: tox-dev/filelock@3.29.2...3.29.3

3.29.2

What's Changed

Full Changelog: tox-dev/filelock@3.29.1...3.29.2

3.29.1

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.29.0...3.29.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########


3.29.3 (2026-06-10)


  • 🐛 fix(ci): restore release environment on tag job :pr:559
  • validate pid range in _parse_lock_holder :pr:556 - by :user:dxbjavid
  • 🔧 ci(release): publish to PyPI on tag push :pr:557
  • build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:558 - by :user:dependabot[bot]

3.29.2 (2026-06-10)


  • build(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:555 - by :user:dependabot[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:554 - by :user:pre-commit-ci[bot]
  • check hostname in is_lock_held_by_us :pr:553 - by :user:dxbjavid
  • 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:551
  • open marker reads non-blocking to refuse attacker-placed fifo :pr:549 - by :user:dxbjavid

3.29.1 (2026-06-03)


  • 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
  • [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
  • chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
  • chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
  • chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
  • docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
  • [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
  • docs: fix API docs of release() :pr:540 - by :user:MrAnno
  • [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
  • build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

3.29.0 (2026-04-19)


  • ✨ feat(soft): enable stale lock detection on Windows :pr:534
  • 🐛 fix(async): use single-thread executor for lock consistency :pr:533
  • build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

... (truncated)

Commits
  • 85e73d7 🐛 fix(ci): publish from release.yaml on tag push (#560)
  • f86dcb1 Release 3.29.3
  • 643bdbe 🐛 fix(ci): restore release environment on tag job (#559)
  • 7a8f74a validate pid range in _parse_lock_holder (#556)
  • d1d49a0 🔧 ci(release): publish to PyPI on tag push (#557)
  • b37e162 build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#558)
  • d9216de Release 3.29.2
  • ab6844d build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#555)
  • b862ead [pre-commit.ci] pre-commit autoupdate (#554)
  • 2ff7c3c check hostname in is_lock_held_by_us (#553)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.29.0 to 3.29.3.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.0...3.29.3)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: type:dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

yasha-dev1 added a commit that referenced this pull request Jun 16, 2026
* chore(deps): bump Python dependencies (dependabot batch)

Root (pyproject.toml + poetry.lock):
- click 8.3.3 -> 8.4.1 (#458)
- filelock 3.29.0 -> 3.29.4 (#479)
- pydantic 2.13.3 -> 2.13.4 (#422)
- aiobotocore 3.6.0 -> 3.7.0 (#414)
- aiohttp 3.13.5 -> 3.14.1 (#473)
- tornado 6.5.5 -> 6.5.7 (#476)
- urllib3 2.6.3 -> 2.7.0 (#429)
- idna 3.11 -> 3.18 (#450)
- aws-durable-execution-sdk-python 1.4.0 -> 1.5.0 (#464)
- redis 7.4.0 -> 8.0.0 (#472, major)
- mypy 1.20.2 -> 2.1.0 (#439, major)
- ruff 0.15.12 -> 0.15.17 (#480)
- black 26.3.1 -> 26.5.1 (#456)
- moto 5.2.0 -> 5.2.2 (#478)
- pytest-asyncio 1.3.0 -> 1.4.0 (#470)
- types-python-dateutil -> 2.9.0.20260518 (#466)
- types-pyyaml -> 6.0.12.20260518 (#453)

dashboard/backend: idna 3.11 -> 3.18 (#451, transitive)

mypy 2.1.0 surfaced two latent type errors in cli/utils/interactive.py;
collapsed the two-loop choice conversion into a single isinstance-narrowed
loop. Verified: ruff check, ruff format --check, mypy (net-neutral vs the
pre-existing AWS-module errors on main), and full pytest suite (971 passed).

redis floor kept at >=5.0.0 in optional-dependencies to avoid forcing redis 8
on library consumers; lockfile pins 8.0.0 for dev.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore(deps): bump frontend dependencies (dependabot batch)

dashboard/frontend (package.json + package-lock.json):
- @tabler/icons-react 3.41 -> 3.44.0 (#416)
- @tailwindcss/vite 4.2.4 -> 4.3.0 (#426)
- tailwindcss 4.2.4 -> 4.3.0 (#413)
- @tanstack/react-query 5.100.8 -> 5.100.13 (#454)
- @tanstack/react-query-devtools 5.99 -> 5.100.13 (#463)
- @tanstack/eslint-plugin-query 5.100.8 -> 5.100.13 (#457)
- @tanstack/react-router 1.169.1 -> 1.170.7 (#467)
- @tanstack/react-router-devtools 1.166.13 -> 1.167.0 (#446)
- @tanstack/router-plugin 1.167.32 -> 1.168.10 (#462)
- @uiw/react-codemirror 4.25.9 -> 4.25.10 (#460)
- @hookform/resolvers 5.2.2 -> 5.4.0 (#455)
- react-hook-form 7.75.0 -> 7.76.1 (#465)
- axios 1.16.0 -> 1.16.1 (#437)
- date-fns 4.1.0 -> 4.3.0 (#459)
- lucide-react 1.14.0 -> 1.16.0 (#443)
- react 19.2.5 -> 19.2.6 (#427)
- tailwind-merge 3.5.0 -> 3.6.0 (#432)
- zod 4.4.2 -> 4.4.3 (#418)
- zustand 5.0.12 -> 5.0.13 (#423)
- @types/node 25.6.0 -> 25.9.1 (#469)
- @vitejs/plugin-react-swc 4.3.0 -> 4.3.1 (#448)
- eslint 10.3.0 -> 10.4.0 (#440)
- typescript-eslint 8.59.1 -> 8.59.4 (#452)
- vite 8.0.10 -> 8.0.16 (#481, supersedes #468)

Held back: react-day-picker 9.14.0 -> 10.0.1 (#441) — the v10 major
removes the `table` key from its ClassNames type and breaks the build in
src/components/ui/calendar.tsx. Left at 9.14.0 pending a calendar migration.

Verified: npm run build passes. Frontend lint is unchanged vs main
(pre-existing errors, not gated in CI). yarn.lock/pnpm-lock are vestigial
(Dockerfile uses `npm ci`) and intentionally left untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore(deps): bump codecov/codecov-action from 6 to 7 (#477)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Looks like filelock is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 16, 2026
@dependabot dependabot Bot deleted the dependabot/pip/filelock-3.29.3 branch June 16, 2026 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant