chore(deps): bump cairosvg from 2.8.2 to 2.9.0#1895
chore(deps): bump cairosvg from 2.8.2 to 2.9.0#1895dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [cairosvg](https://github.com/Kozea/CairoSVG) from 2.8.2 to 2.9.0. - [Release notes](https://github.com/Kozea/CairoSVG/releases) - [Changelog](https://github.com/Kozea/CairoSVG/blob/main/NEWS.rst) - [Commits](Kozea/CairoSVG@2.8.2...2.9.0) --- updated-dependencies: - dependency-name: cairosvg dependency-version: 2.9.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| optional = false | ||
| python-versions = ">=3.10" | ||
| groups = ["main", "dev"] | ||
| markers = "python_version == \"3.10\"" |
There was a problem hiding this comment.
Unintended IPython major version downgrade for Python 3.11+
Medium Severity
The lockfile re-resolution collapsed version-split entries, downgrading several packages for Python 3.11+ users. ipython drops from 9.10.0 to 8.38.0 (major version downgrade, marker python_version == "3.10" removed), myst-parser from 5.0.0 to 4.0.1, markdown-it-py from 4.0.0 to 3.0.0, sphinx-design from 0.7.0 to 0.6.1, and sphinx-prompt from 1.10.2 to 1.9.0. The ipython-pygments-lexers package is also removed entirely. These are unintended collateral changes in a PR that only intends to bump cairosvg.
Additional Locations (2)
|
Looks like cairosvg is up-to-date now, so this is no longer needed. |
Bumps cairosvg from 2.8.2 to 2.9.0.
Changelog
Sourced from cairosvg's changelog.
Commits
fe5cae5Version 2.9.06dde868Abort when more than 100k referenced elements are rendereda6b3a98Cut long line againce8b51dCut long lineb7818c9Clarify unsafe option scope without removing security warningDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Updates the
docsdependency set and lockfile resolution, including a CairoSVG security bump and changed Python version/marker constraints that could affect documentation builds across Python versions.Overview
Dependency lockfile refresh for docs tooling. Bumps optional
cairosvgfrom2.8.2to2.9.0(nowpython-versions >=3.10) and updates the locked artifact hashes.Also simplifies lock resolution by removing Python-version-split entries/markers for several docs dependencies (notably
ipython,markdown-it-py,myst-parser,sphinx-design,sphinx-prompt) and normalizing acoloramaWindows marker, which may change what gets installed for docs across Python versions.Written by Cursor Bugbot for commit 27415c1. This will update automatically on new commits. Configure here.