Skip to content

build: dependabot deps bump #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BKDDFS wants to merge 25 commits into
base: main
Choose a base branch
from
Open

build: dependabot deps bump #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
7c850c2
chore: bump version to 3.0.0
BKDDFS Jan 30, 2026
2c211e3
fix: add conventional commit prefix to Dependabot config (#81)
BKDDFS Feb 9, 2026
a02dea1
Merge branch 'main' into dev
BKDDFS Feb 9, 2026
d373e82
fix: set Dependabot target branch to dev (#85)
BKDDFS Feb 9, 2026
f62a706
Bump actions/checkout from 6.0.1 to 6.0.2 (#72)
dependabot[bot] Feb 9, 2026
b686f50
build: bump opencv-python from 4.13.0.90 to 4.13.0.92 (#90)
dependabot[bot] Feb 10, 2026
44bca77
build: bump ruff from 0.14.14 to 0.15.0 (#89)
dependabot[bot] Feb 10, 2026
eb64eb8
build: bump onnxruntime-gpu from 1.23.2 to 1.24.1 (#91)
dependabot[bot] Feb 10, 2026
78bc629
Merge branch 'main' into dev
BKDDFS Feb 10, 2026
cbb2679
build: bump ruff from 0.15.0 to 0.15.1 (#97)
dependabot[bot] Feb 16, 2026
6cd3861
build: bump fastapi from 0.128.0 to 0.129.0 (#96)
dependabot[bot] Feb 16, 2026
e1fc3e0
build: bump ty from 0.0.14 to 0.0.17 (#94)
dependabot[bot] Feb 16, 2026
6c6a7fd
build: bump github/codeql-action from 3.32.0 to 4.32.3 (#93)
dependabot[bot] Feb 16, 2026
02085b9
build: bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (#95)
dependabot[bot] Feb 16, 2026
2cdae85
Merge branch 'main' into dev
BKDDFS Feb 16, 2026
46cd6ee
fix: remove trailing whitespace in codeql.yml
BKDDFS Feb 16, 2026
f92f2ef
fix: add missing newline at end of codeql.yml
BKDDFS Feb 16, 2026
a296a7b
build: bump python base image from 3.13.11 to 3.13.12
BKDDFS Feb 16, 2026
702a260
build: bump onnxruntime-gpu from 1.24.1 to 1.24.2 (#104)
dependabot[bot] Feb 23, 2026
eb3de81
build: bump uvicorn from 0.40.0 to 0.41.0 (#103)
dependabot[bot] Feb 23, 2026
e038bdf
build: bump ruff from 0.15.1 to 0.15.2 (#102)
dependabot[bot] Feb 23, 2026
15be57e
build: bump starlette from 0.50.0 to 0.52.1 (#101)
dependabot[bot] Feb 23, 2026
6a346d7
build: bump github/codeql-action from 4.32.3 to 4.32.4 (#99)
dependabot[bot] Feb 23, 2026
506af7d
build: bump onnxruntime from 1.23.2 to 1.24.2 (#100)
dependabot[bot] Feb 23, 2026
bf2628b
Merge branch 'main' into dev
BKDDFS Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,14 @@ jobs:
security-events: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
<<<<<<< dev
- uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3
with:
languages: python
- uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3
=======
- uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v3
with:
languages: python
- uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v3
>>>>>>> main
4 changes: 4 additions & 0 deletions .github/workflows/run_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ jobs:
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results
<<<<<<< dev
uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3
=======
uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v3
>>>>>>> main
with:
sarif_file: 'trivy-results.sarif'
6 changes: 3 additions & 3 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ dependencies = [
"uvicorn==0.40.0", # Server
"opencv-python==4.13.0.92", # Frame extraction
"requests==2.32.5", # Model download
"onnxruntime==1.23.2; sys_platform == 'darwin' or (sys_platform == 'linux' and platform_machine == 'aarch64')",
"onnxruntime-gpu==1.24.1; sys_platform == 'win32' or (sys_platform == 'linux' and platform_machine == 'x86_64')",
"onnxruntime==1.24.2; sys_platform == 'darwin' or (sys_platform == 'linux' and platform_machine == 'aarch64')",
"onnxruntime-gpu==1.24.2; sys_platform == 'win32' or (sys_platform == 'linux' and platform_machine == 'x86_64')",
"numpy==2.4.1", # Image batch processing
# Security overrides for transitive dependencies
"h11==0.16.0", # CVE fix (uvicorn dep)
"starlette==0.50.0", # CVE fix (fastapi dep)
"starlette==0.52.1", # CVE fix (fastapi dep)
"urllib3==2.6.3", # CVE fix (requests dep)
"protobuf==6.33.5", # CVE fix (onnxruntime dep)
]
Expand Down
77 changes: 26 additions & 51 deletions uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.