Attempt fix for uv Dependabot #30

stefanvanburen · 2025-08-01T18:22:45Z

(Sorry for the barrage of PRs, calling it for the day after this one.)

Dependabot failed to run for uv:

https://github.com/connectrpc/connect-python/actions/runs/16681250850/job/47220205967

Found a fix, here:

dependabot/dependabot-core#12340 (comment)

Makes me nervous that a stray release could end up with a 0.0.0 version, but we could just yank it - hopefully the upstream bug is fixed soon.

Ref: https://setuptools-scm.readthedocs.io/en/latest/config/#configuration-parameters

Dependabot failed to run for uv: https://github.com/connectrpc/connect-python/actions/runs/16681250850/job/47220205967 Found a fix, here: dependabot/dependabot-core#12340 (comment) Makes me nervous that a stray release could end up with a 0.0.0 version, but we could just yank it - hopefully the upstream bug is fixed soon. Ref: https://setuptools-scm.readthedocs.io/en/latest/config/#configuration-parameters Signed-off-by: Stefan VanBuren <svanburen@buf.build>

We're failing to run Dependabot for uv dependencies: https://github.com/bufbuild/protovalidate-python/actions/runs/16629514901/job/47054963334 I found a fix for this issue, here: dependabot/dependabot-core#12340 (comment) Makes me nervous that a stray release could end up with a 0.0.0 version, but we could just yank it - hopefully the upstream bug is fixed soon. Ref: https://setuptools-scm.readthedocs.io/en/latest/config/#configuration-parameters I'm making a [similar fix for connect-python][1]. [1]: connectrpc/connect-python#30

stefanvanburen · 2025-08-01T19:08:43Z

Ugh, tried this out in protovalidate-python and it didn't seem to fix things; ran into this new error: dependabot/dependabot-core#12042.

I imagine we'll have similar here and have to wait for it to be fixed upstream, so I'm ambivalent about getting this landed now. The uv dependabot integration is just really underwhelming.

spenczar

Yeesh, what a mess.

Since this didn't work for protovalidate-python, I think we should defer this, and perhaps just make an issue for it.

Dependabot isn't super critical for us, fortunately. uv.lock is only relevant to developer environments and CI. We'll be able to get by without this for some time, I think.

stefanvanburen · 2025-08-04T16:18:25Z

Since this didn't work for protovalidate-python, I think we should defer this, and perhaps just make an issue for it.

Seems reasonable to me. For now I'll just close this out as a reminder — no need to track an issue for something that'll hopefully get fixed transparently upstream :)

stefanvanburen requested a review from spenczar August 1, 2025 18:22

stefanvanburen mentioned this pull request Aug 1, 2025

Attempt fix for uv Dependabot bufbuild/protovalidate-python#347

Merged

spenczar reviewed Aug 4, 2025

View reviewed changes

stefanvanburen closed this Aug 4, 2025

stefanvanburen deleted the svanburen/attempt-fix-dependabot-python branch August 4, 2025 16:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Attempt fix for uv Dependabot #30

Attempt fix for uv Dependabot #30

Uh oh!

stefanvanburen commented Aug 1, 2025

Uh oh!

stefanvanburen commented Aug 1, 2025

Uh oh!

spenczar left a comment

Uh oh!

stefanvanburen commented Aug 4, 2025

Uh oh!

Uh oh!

Attempt fix for uv Dependabot #30

Attempt fix for uv Dependabot #30

Uh oh!

Conversation

stefanvanburen commented Aug 1, 2025

Uh oh!

stefanvanburen commented Aug 1, 2025

Uh oh!

spenczar left a comment

Choose a reason for hiding this comment

Uh oh!

stefanvanburen commented Aug 4, 2025

Uh oh!

Uh oh!