Skip to content

chore(deps): enable Renovate lock file maintenance + refresh uv.lock#323

Merged
Pyker merged 2 commits into
masterfrom
chore/renovate-lockfile-maintenance
Jun 13, 2026
Merged

chore(deps): enable Renovate lock file maintenance + refresh uv.lock#323
Pyker merged 2 commits into
masterfrom
chore/renovate-lockfile-maintenance

Conversation

@Pyker

@Pyker Pyker commented Jun 13, 2026

Copy link
Copy Markdown
Member

What

  1. Enable Renovate lock file maintenance (lockFileMaintenance, enabled + automerge): a weekly full re-resolution of uv.lock so transitive/indirect pins stay current. Renovate's normal PRs only bump direct deps within their constraints.
  2. Refresh uv.lock now (a one-time catch-up), within the 7-day cooldown.

Dependency refresh

aiohttp stays at 3.14.0 (3.14.1 is still inside the cooldown). Bumped:

Package From To Kind
aiohappyeyeballs 2.6.1 2.6.2 transitive
attrs 25.4.0 26.1.0 transitive
idna 3.15 3.18 transitive
packaging 26.0 26.2 direct
propcache 0.4.1 0.5.2 transitive
pytest-asyncio 1.3.0 1.4.0 direct (dev)
ruff 0.15.4 0.15.16 direct (dev)
soupsieve 2.8.3 2.8.4 transitive
yarl 1.23.0 1.24.2 transitive

Why it composes with the cooldown

The maintenance job runs uv, so it honors [tool.uv] exclude-newer; transitive bumps are subject to the same 7-day cooldown. With that plus green CI, the scheduled lock-refresh PR auto-merges.

Verification

uv run pytest reports 200 passed; ruff check and ruff format --check are clean on the bumped ruff 0.15.16.

Pyker added 2 commits June 13, 2026 20:40
@Pyker
chore(renovate): enable weekly lock file maintenance
b8b587b 
Add lockFileMaintenance (enabled + automerge). Renovate's per-dependency
PRs only bump direct deps within their constraints, leaving the
transitive pins in uv.lock to go stale. This adds a scheduled (weekly by
default) full re-resolution of uv.lock so indirect deps stay current.

The refresh runs uv, so it honors [tool.uv] exclude-newer; transitive
bumps are therefore subject to the same 7-day cooldown. With that plus
green CI, the lock-refresh PR auto-merges.
@Pyker
chore(deps): refresh uv.lock within the 7-day cooldown
d15fd01 
One-time catch-up equivalent to a lock file maintenance run. aiohttp
stays at 3.14.0 because 3.14.1 is still inside the cooldown window.

Bumped:
- aiohappyeyeballs 2.6.1 -> 2.6.2
- attrs 25.4.0 -> 26.1.0
- idna 3.15 -> 3.18
- packaging 26.0 -> 26.2
- propcache 0.4.1 -> 0.5.2
- pytest-asyncio 1.3.0 -> 1.4.0
- ruff 0.15.4 -> 0.15.16
- soupsieve 2.8.3 -> 2.8.4
- yarl 1.23.0 -> 1.24.2

Verified: ruff check + ruff format --check clean, 200 tests pass.
@Pyker Pyker merged commit 1c053ea into master Jun 13, 2026
5 checks passed
@Pyker Pyker deleted the chore/renovate-lockfile-maintenance branch June 13, 2026 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pyker