Skip to content

deps: bump the python-minor group with 3 updates#46

Merged
pcalnon merged 1 commit intomainfrom
dependabot/pip/python-minor-66a07f090a
May 4, 2026
Merged

deps: bump the python-minor group with 3 updates#46
pcalnon merged 1 commit intomainfrom
dependabot/pip/python-minor-66a07f090a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the python-minor group with 3 updates: juniper-data-client, sentry-sdk and virtualenv.

Updates juniper-data-client from 0.4.0 to 0.4.1

Release notes

Sourced from juniper-data-client's releases.

v0.4.1

What's Changed

Full Changelog: v0.4.0...v0.4.1

Changelog

Sourced from juniper-data-client's changelog.

[0.4.1] - 2026-05-02

Summary: METRICS-MON R4.3 + R4.6 ship the optional on_request instrumentation hook and outbound X-Request-ID propagation. Also rolls in the previously-accumulated [Unreleased] work (constants module, DC-01/03 / XREPO-01/01c/09/11, retry-policy change, GENERATOR_CIRCLE alias).

Added

  • METRICS-MON R4.3 / seed-13: optional on_request(method, url, status, duration_ms, error) instrumentation hook on JuniperDataClient.__init__. Default is a no-op so standalone use pays nothing; consumers (canopy, cascor) supply a closure that emits to their preferred surface (Prometheus, OpenTelemetry, structured logs). Hook fires once per HTTP call on every outcome — success, transport error, 404, 422, 500, timeout. Hook exceptions are caught and logged at WARNING so instrumentation never crashes a production HTTP path. New RequestHook type alias exported from the package's public surface so consumers can type their hook closures (mypy in CI catches drift). 11 unit tests pin all 6 outcome paths plus resilience.
  • METRICS-MON R4.6 / R3.6 sweep follow-up: outbound X-Request-ID propagation in _request(). Reads juniper_observability.request_id_var at call time; when the calling thread has a non-empty value, copies it into the outbound HTTP header so juniper-data can correlate the inbound request back to the caller's chain (canopy/cascor → data-client → data). Best-effort: ImportError (lib not installed) and LookupError (ContextVar unset) silently no-op. Caller-supplied X-Request-ID headers always win. New [observability] extra (pip install juniper-data-client[observability]) for standalone users; canopy/cascor get propagation transparently via their existing juniper-observability deps. 4 unit tests pin set / unset / caller-wins / standalone paths.
  • New juniper_data_client/constants.py module centralizing every previously inline literal: API_KEY_* and API_VERSION_* wire-protocol identifiers, the full set of ENDPOINT_* paths (including f-string templates for parameterized routes), DEFAULT_* constructor defaults, RETRY_* tuning, and per-generator parameter defaults (spiral, xor, circles, gaussian, checkerboard) used by testing/generators.py.
  • DC-03 / XREPO-01c: constants for the five server-side generators the client previously lacked -- GENERATOR_GAUSSIAN, GENERATOR_CHECKERBOARD, GENERATOR_CSV_IMPORT, GENERATOR_MNIST, GENERATOR_ARC_AGI -- with matching GENERATOR_DESCRIPTION_* entries. Downstream code should now import these instead of hardcoding string literals.
  • tests/test_generator_parity.py: parity suite that prevents future drift between client generator constants and the server GENERATOR_REGISTRY, and exercises the legacy "circle" -> "circles" alias through the fake client.
  • XREPO-09 (Phase 4B): create_dataset() on both JuniperDataClient and FakeDataClient now accepts tags: Optional[List[str]] and ttl_seconds: Optional[int]. Both are forwarded to the server's CreateDatasetRequest (the client previously dropped them even though the server has accepted them since juniper-data v0.6.0). The fake mirrors the server's ge=1 Pydantic bound on ttl_seconds.
  • tests/test_create_dataset_tags_ttl.py: regression suite covering POST-body shape (via mocked _request), fake-client metadata round-trip, validation of non-positive TTL, and JSON serializability.
  • tests/test_retry_policy.py: new suite guarding RETRY_ALLOWED_METHODS and RETRYABLE_STATUS_CODES against regression; asserts the Retry adapter mounted on the session reflects these constants end-to-end.

Changed

  • client.py, testing/fake_client.py, and testing/generators.py now import from juniper_data_client.constants instead of embedding inline literals (~87 replacements total).
  • API_KEY_HEADER_NAME and API_VERSION_PATH_SUFFIX are bit-identical to the corresponding values exposed by the juniper-data server, eliminating literal duplication across the client/server boundary.
  • AGENTS.md gained a new "Constants" section documenting the categories, server alignment, and contribution rules for the constants module.
  • DC-01 / XREPO-01 (BREAKING, with deprecation alias): GENERATOR_CIRCLE now resolves to "circles" to match the server registry key; the previous value "circle" was silently rejected by the server with HTTP 400. Callers passing the legacy string to FakeDataClient.create_dataset() or get_generator_schema() are transparently routed to the new name and emit a DeprecationWarning. A new GENERATOR_CIRCLE_LEGACY constant exposes the old value for one release cycle.
  • Existing fake-client tests updated to use the canonical "circles" name; a dedicated legacy-alias regression lives in tests/test_generator_parity.py.
  • XREPO-11 (Phase 4B, BEHAVIOR CHANGE): RETRY_ALLOWED_METHODS is now ["HEAD", "GET", "PUT"]. POST, PATCH, and DELETE were previously included, which could cause duplicate dataset creation (on POST) or repeated side-effects (on DELETE) when a transient 5xx retried a request that had already been applied server-side. Callers that need retry for mutations must layer their own idempotency (e.g., use client-supplied dataset names so POST collapses via the existing server-side dedupe path).

Deprecated

  • The legacy generator name "circle" (and the GENERATOR_CIRCLE_LEGACY constant). Both will be removed after the next release; migrate callers to GENERATOR_CIRCLE / "circles" now.

Notes

  • No public method signatures change; only the value of GENERATOR_CIRCLE and the set of available generator constants.
  • Server counterpart (juniper-data) is gaining a MoonGenerator to match GENERATOR_MOON in the same release cycle (XREPO-01b / DC-02).
Commits
  • 61c334a ci(lockfile-update): align with fleet's Dependabot-push pattern
  • 29d3e53 Merge pull request #41 from pcalnon/release/v0.4.1
  • f11a5e0 chore(release): juniper-data-client v0.4.1
  • ae4c3c8 Merge pull request #40 from pcalnon/metrics-mon-r4-3-on-request-hook
  • fe4d33f feat(client): METRICS-MON R4.3 — on_request instrumentation hook
  • 16594e0 Merge pull request #39 from pcalnon/metrics-mon-r4-6-x-request-id-propagation
  • c0ae0ad feat(client): METRICS-MON R4.6 — outbound X-Request-ID propagation
  • 52f89dc fix(ci): add --ignore-vuln CVE-2026-3219 to ci.yml pip-audit step (V26 — G-IN...
  • 0bdfbeb fix(ci): ignore pip CVE-2026-3219 in security-scan.yml (V07 — G-INFRA)
  • ada9b30 ci: add integration-tests job to ci.yml (alignment plan Phase 2)
  • Additional commits viewable in compare view

Updates sentry-sdk from 2.58.0 to 2.59.0

Release notes

Sourced from sentry-sdk's releases.

2.59.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

We've put additional data that might contain sensitive information, like GraphQL documents, behind the send_default_pii option.

Httpx

Langchain

Other

Internal Changes 🔧

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.59.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

We've put additional data that might contain sensitive information, like GraphQL documents, behind the send_default_pii option.

Httpx

Langchain

Other

... (truncated)

Commits
  • 689cb97 Update CHANGELOG.md
  • 397dda9 release: 2.59.0
  • c0c254a test: Rename file (#6194)
  • d90a923 ref(batcher): Only flush the bucket that triggered the flush event (#6168)
  • 6436518 ci: 🤖 Update test matrix with new releases (05/04) (#6186)
  • 98294ce fix: Introduce _get_current_streamed_span() to keep types backwards compati...
  • 66b3c6b test(fastmcp): Span streaming tests (#6167)
  • b5735ab fix(batcher): Reset lock and flusher in child after fork (#6163)
  • fc3eab4 fix(metrics,logs): Don't attach span_id if no active span (#6162)
  • 8e5bd96 test: Assert presence of profile chunks after shutdown (#6174)
  • Additional commits viewable in compare view

Updates virtualenv from 21.2.4 to 21.3.0

Release notes

Sourced from virtualenv's releases.

21.3.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@21.2.4...21.3.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.3.0

  • Re-introduce xonsh shell activator (activate.xsh) previously removed in 20.7.0, and make the plugin loader prefer virtualenv's built-in entry points so a third-party package cannot override them by registering a duplicate name. (:issue:3003)

Bugfixes - 21.3.0

  • Upgrade embedded wheels:

    • pip to 26.1 (:issue:3132)

v21.2.4 (2026-04-14)

Commits
  • e917cc2 release 21.3.0
  • 21152f1 Upgrade embedded pip/setuptools/wheel (#3132)
  • 096bdcd chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#3131)
  • 01610dc docs: Add usage instruction for Xonsh activation (#3130)
  • fb6ec7c 🐛 fix(test): prevent PowerShell activation test from crashing xdist workers o...
  • 6095679 [pre-commit.ci] pre-commit autoupdate (#3129)
  • 8d3179c chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#3127)
  • a159c50 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3126)
  • 9ba729b feat: Reintroduce xonsh shell support (#3125)
  • d42ea5c 🐛 fix(type): stop ty flagging default_source on Action (#3124)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the python-minor group with 3 updates
96a8435 
Bumps the python-minor group with 3 updates: [juniper-data-client](https://github.com/pcalnon/juniper-data-client), [sentry-sdk](https://github.com/getsentry/sentry-python) and [virtualenv](https://github.com/pypa/virtualenv).


Updates `juniper-data-client` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/pcalnon/juniper-data-client/releases)
- [Changelog](https://github.com/pcalnon/juniper-data-client/blob/main/CHANGELOG.md)
- [Commits](v0.4.0...v0.4.1)

Updates `sentry-sdk` from 2.58.0 to 2.59.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.58.0...2.59.0)

Updates `virtualenv` from 21.2.4 to 21.3.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.2.4...21.3.0)

---
updated-dependencies:
- dependency-name: juniper-data-client
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: sentry-sdk
  dependency-version: 2.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: virtualenv
  dependency-version: 21.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from pcalnon as a code owner May 4, 2026 16:56
@pcalnon pcalnon self-assigned this May 4, 2026
@pcalnon pcalnon merged commit 78037f1 into main May 4, 2026
23 of 24 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/python-minor-66a07f090a branch May 4, 2026 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcalnon pcalnon pcalnon approved these changes

Assignees

@pcalnon pcalnon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pcalnon