fix: dependabot package upgrades by Ayaz-Microsoft · Pull Request #605 · microsoft/content-processing-solution-accelerator

Ayaz-Microsoft · 2026-06-01T10:27:40Z

Purpose

Resolve open Dependabot PRs and bring the dependabotchanges backlog forward into dev.

Scope note: Branch was created from dependabotchanges and merged with current dev. So the diff includes prior Dependabot batches (Azure SDKs, cryptography, fastapi, sas-cosmosdb, etc.) plus my new upgrades (idna, authlib, uv.lock refresh, opentelemetry-sdk alignment).

Changes (high-level)

Python — pyproject.toml direct deps

ContentProcessorAPI: azure-identity, azure-storage-blob/queue, certifi, fastapi, pydantic-settings, pymongo, uvicorn, sas-cosmosdb, cryptography 46→47 (major), pre-commit, ruff
ContentProcessorWorkflow: authlib 1.6.11→1.6.12

Python — requirements.txt pins (CP, CPAPI)

idna 3.11→3.17, cryptography 46→47, rich 14→15 (major, CPAPI), azure-* SDKs, fastapi/uvicorn/typer, msal, sentry-sdk, click, charset-normalizer, regex, tzdata, etc.

uv.lock — regenerated for all 3 Python projects.

GitHub Actions

actions/checkout v4/v5→v6, setup-python v5→v6, upload-artifact v4→v7
azure/login v2→v3, docker/build-push-action v6→v7
template-validation-action, pytest-coverage-comment, tj-actions/changed-files

Major bumps — risk

cryptography 46→47: only used transitively (Azure SDK / authlib) — low risk.
rich 14→15: console rendering only.

Fix

Pinned opentelemetry-sdk==1.40.0 in CPAPI/requirements.txt — sdk==1.41.1 was pre-existing on dependabotchanges and broke CI (opentelemetry-sdk strictly requires matching opentelemetry-api). Matches dev + uv.lock.

Deferred

opentelemetry-api/-sdk cannot move past 1.40.0 — azure-monitor-opentelemetry (latest 1.8.8) hard-pins opentelemetry-sdk==1.40. Awaits an upstream release that lifts the pin.

Validation

✅ uv lock clean for all 3 projects, no resolver conflicts
✅ No downgrades vs. dev/dependabotchanges
✅ pip resolver conflict fixed (ad42ce9)
🔜 Docker build + deployment + QA Golden Path: handled by author / QA

Closes

#589, #595, #596, #597 — plus all earlier Dependabot PRs already covered on dependabotchanges.

…-solution-accelerator into dependabotchanges

Bumps the all-uv-deps group in /src/ContentProcessorAPI with 28 updates: | Package | From | To | | --- | --- | --- | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.26.0b1` | `1.26.0b2` | | [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.29.0b1` | `12.30.0b1` | | [azure-storage-queue](https://github.com/Azure/azure-sdk-for-python) | `12.16.0b1` | `12.17.0b1` | | [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.4.22` | | [fastapi[standard]](https://github.com/fastapi/fastapi) | `0.135.2` | `0.136.1` | | [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.3` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.0` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.16.0` | `4.17.0` | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` | | [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.46.0` | | [sas-cosmosdb](https://github.com/mcaps-microsoft/python_cosmosdb_helper) | `0.1.4` | `0.1.5` | | [cryptography](https://github.com/pyca/cryptography) | `46.0.7` | `47.0.0` | | [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.12` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.39.0` | `1.40.0` | | [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.6` | `3.4.7` | | [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` | | [fastapi](https://github.com/fastapi/fastapi) | `0.135.2` | `0.136.1` | | [fastapi-cloud-cli](https://github.com/fastapilabs/fastapi-cloud-cli) | `0.15.1` | `0.17.1` | | [fastar](https://github.com/DoctorJohn/fastar) | `0.9.0` | `0.11.0` | | [idna](https://github.com/kjd/idna) | `3.11` | `3.13` | | [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) | `1.35.1` | `1.36.0` | | [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` | | [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.1` | `2.46.3` | | [rich](https://github.com/Textualize/rich) | `14.3.3` | `15.0.0` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.57.0` | `2.58.0` | | [typer](https://github.com/fastapi/typer) | `0.24.1` | `0.25.1` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.46.0` | Updates `azure-identity` from 1.26.0b1 to 1.26.0b2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.26.0b1...azure-identity_1.26.0b2) Updates `azure-storage-blob` from 12.29.0b1 to 12.30.0b1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.29.0b1...azure-storage-blob_12.30.0b1) Updates `azure-storage-queue` from 12.16.0b1 to 12.17.0b1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-storage-queue_12.16.0b1...azure-storage-queue_12.17.0b1) Updates `certifi` from 2026.2.25 to 2026.4.22 - [Commits](certifi/python-certifi@2026.02.25...2026.04.22) Updates `fastapi[standard]` from 0.135.2 to 0.136.1 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.135.2...0.136.1) Updates `pydantic` from 2.13.1 to 2.13.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.13.1...v2.13.3) Updates `pydantic-settings` from 2.13.1 to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.0) Updates `pymongo` from 4.16.0 to 4.17.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.16.0...4.17.0) Updates `python-multipart` from 0.0.22 to 0.0.27 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.22...0.0.27) Updates `uvicorn[standard]` from 0.42.0 to 0.46.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.42.0...0.46.0) Updates `sas-cosmosdb` from 0.1.4 to 0.1.5 - [Commits](https://github.com/mcaps-microsoft/python_cosmosdb_helper/commits) Updates `cryptography` from 46.0.7 to 47.0.0 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.7...47.0.0) Updates `pre-commit` from 4.5.1 to 4.6.0 - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0) Updates `ruff` from 0.15.8 to 0.15.12 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.8...0.15.12) Updates `azure-core` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.39.0...azure-core_1.40.0) Updates `charset-normalizer` from 3.4.6 to 3.4.7 - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@3.4.6...3.4.7) Updates `click` from 8.3.1 to 8.3.3 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.3.1...8.3.3) Updates `fastapi` from 0.135.2 to 0.136.1 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.135.2...0.136.1) Updates `fastapi-cloud-cli` from 0.15.1 to 0.17.1 - [Release notes](https://github.com/fastapilabs/fastapi-cloud-cli/releases) - [Changelog](https://github.com/fastapilabs/fastapi-cloud-cli/blob/main/release-notes.md) - [Commits](fastapilabs/fastapi-cloud-cli@0.15.1...0.17.1) Updates `fastar` from 0.9.0 to 0.11.0 - [Release notes](https://github.com/DoctorJohn/fastar/releases) - [Commits](DoctorJohn/fastar@v0.9.0...v0.11.0) Updates `idna` from 3.11 to 3.13 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.11...v3.13) Updates `msal` from 1.35.1 to 1.36.0 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases) - [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASES.md) - [Commits](AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0) Updates `opentelemetry-sdk` from 1.40.0 to 1.41.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.40.0...v1.41.1) Updates `pydantic-core` from 2.46.1 to 2.46.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@core-v2.46.1...core-v2.46.3) Updates `rich` from 14.3.3 to 15.0.0 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v14.3.3...v15.0.0) Updates `sentry-sdk` from 2.57.0 to 2.58.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.57.0...2.58.0) Updates `typer` from 0.24.1 to 0.25.1 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.24.1...0.25.1) Updates `uvicorn` from 0.42.0 to 0.46.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.42.0...0.46.0) --- updated-dependencies: - dependency-name: azure-identity dependency-version: 1.26.0b2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: azure-storage-blob dependency-version: 12.30.0b1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: azure-storage-queue dependency-version: 12.17.0b1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: certifi dependency-version: 2026.4.22 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: fastapi[standard] dependency-version: 0.136.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pydantic dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pymongo dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: uvicorn[standard] dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: sas-cosmosdb dependency-version: 0.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: cryptography dependency-version: 47.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-uv-deps - dependency-name: pre-commit dependency-version: 4.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: ruff dependency-version: 0.15.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: azure-core dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: charset-normalizer dependency-version: 3.4.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: click dependency-version: 8.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: fastapi dependency-version: 0.136.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: fastapi-cloud-cli dependency-version: 0.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: fastar dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: idna dependency-version: '3.13' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: msal dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: opentelemetry-sdk dependency-version: 1.41.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pydantic-core dependency-version: 2.46.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: rich dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-uv-deps - dependency-name: sentry-sdk dependency-version: 2.58.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: typer dependency-version: 0.25.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: uvicorn dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all-uv-deps group in /src/ContentProcessor with 21 updates: | Package | From | To | | --- | --- | --- | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.39.0` | `1.40.0` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.26.0b1` | `1.26.0b2` | | [azure-monitor-opentelemetry](https://github.com/Azure/azure-sdk-for-python) | `1.6.10` | `1.8.7` | | [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.29.0b1` | `12.30.0b1` | | [azure-storage-queue](https://github.com/Azure/azure-sdk-for-python) | `12.16.0b1` | `12.17.0b1` | | [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.4.22` | | [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.6` | `3.4.7` | | [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` | | [cryptography](https://github.com/pyca/cryptography) | `46.0.7` | `47.0.0` | | [idna](https://github.com/kjd/idna) | `3.11` | `3.13` | | [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) | `1.35.1` | `1.36.0` | | [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` | | [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.3` | | [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.1` | `2.46.3` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.0` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.16.0` | `4.17.0` | | [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` | | [regex](https://github.com/mrabarnett/mrab-regex) | `2026.3.32` | `2026.4.4` | | [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.12` | | [tzdata](https://github.com/python/tzdata) | `2025.3` | `2026.2` | Updates `azure-core` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.39.0...azure-core_1.40.0) Updates `azure-identity` from 1.26.0b1 to 1.26.0b2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.26.0b1...azure-identity_1.26.0b2) Updates `azure-monitor-opentelemetry` from 1.6.10 to 1.8.7 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-monitor-opentelemetry_1.6.10...azure-monitor-opentelemetry_1.8.7) Updates `azure-storage-blob` from 12.29.0b1 to 12.30.0b1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.29.0b1...azure-storage-blob_12.30.0b1) Updates `azure-storage-queue` from 12.16.0b1 to 12.17.0b1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-storage-queue_12.16.0b1...azure-storage-queue_12.17.0b1) Updates `certifi` from 2026.2.25 to 2026.4.22 - [Commits](certifi/python-certifi@2026.02.25...2026.04.22) Updates `charset-normalizer` from 3.4.6 to 3.4.7 - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@3.4.6...3.4.7) Updates `click` from 8.3.1 to 8.3.3 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.3.1...8.3.3) Updates `cryptography` from 46.0.7 to 47.0.0 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.7...47.0.0) Updates `idna` from 3.11 to 3.13 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.11...v3.13) Updates `msal` from 1.35.1 to 1.36.0 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases) - [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASES.md) - [Commits](AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0) Updates `packaging` from 26.0 to 26.2 - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@26.0...26.2) Updates `pillow` from 12.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.1.1...12.2.0) Updates `pydantic` from 2.13.1 to 2.13.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.13.1...v2.13.3) Updates `pydantic-core` from 2.46.1 to 2.46.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@core-v2.46.1...core-v2.46.3) Updates `pydantic-settings` from 2.13.1 to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.0) Updates `pymongo` from 4.16.0 to 4.17.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.16.0...4.17.0) Updates `pytest` from 9.0.2 to 9.0.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) Updates `regex` from 2026.3.32 to 2026.4.4 - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](mrabarnett/mrab-regex@2026.3.32...2026.4.4) Updates `ruff` from 0.15.8 to 0.15.12 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.8...0.15.12) Updates `tzdata` from 2025.3 to 2026.2 - [Release notes](https://github.com/python/tzdata/releases) - [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md) - [Commits](python/tzdata@2025.3...2026.2) --- updated-dependencies: - dependency-name: azure-core dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: azure-identity dependency-version: 1.26.0b2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: azure-monitor-opentelemetry dependency-version: 1.8.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: azure-storage-blob dependency-version: 12.30.0b1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: azure-storage-queue dependency-version: 12.17.0b1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: certifi dependency-version: 2026.4.22 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: charset-normalizer dependency-version: 3.4.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: click dependency-version: 8.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: cryptography dependency-version: 47.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-uv-deps - dependency-name: idna dependency-version: '3.13' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: msal dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: packaging dependency-version: '26.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pydantic dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: pydantic-core dependency-version: 2.46.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pymongo dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: regex dependency-version: 2026.4.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-uv-deps - dependency-name: ruff dependency-version: 0.15.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-uv-deps - dependency-name: tzdata dependency-version: '2026.2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-uv-deps ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [microsoft/template-validation-action](https://github.com/microsoft/template-validation-action) | `0.4.3` | `0.4.4` | | [azure/login](https://github.com/azure/login) | `2` | `3` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.5` | `47.0.6` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) | `1.6.0` | `1.7.2` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `microsoft/template-validation-action` from 0.4.3 to 0.4.4 - [Release notes](https://github.com/microsoft/template-validation-action/releases) - [Commits](microsoft/template-validation-action@v0.4.3...v0.4.4) Updates `azure/login` from 2 to 3 - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@v2...v3) Updates `tj-actions/changed-files` from 47.0.5 to 47.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@22103cc...9426d40) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) Updates `MishaKav/pytest-coverage-comment` from 1.6.0 to 1.7.2 - [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases) - [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md) - [Commits](MishaKav/pytest-coverage-comment@26f986d...dd5b80b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: microsoft/template-validation-action dependency-version: 0.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: azure/login dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: MishaKav/pytest-coverage-comment dependency-version: 1.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

# Conflicts: # src/ContentProcessor/requirements.txt # src/ContentProcessorAPI/pyproject.toml # src/ContentProcessorAPI/requirements.txt # src/ContentProcessorAPI/uv.lock

Resolves dependabot PRs #595, #596, #597 (idna), #589 (authlib). - idna: 3.13 -> 3.17 across requirements.txt and uv.lock files (bumped past dependabot's 3.15 to latest via uv resolution) - authlib: 1.6.11 -> 1.6.12 (ContentProcessorWorkflow) - Regenerated uv.lock for ContentProcessor, ContentProcessorAPI, ContentProcessorWorkflow with --upgrade-package flags - Side effects from re-resolution: - github-copilot-sdk: 0.2.2 -> 0.3.0 (transitive in CP) - urllib3 lock entry synced to 2.7.0 (matches pyproject) in CPAPI - jsonschema deps added to CPAPI lock (matches pyproject) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

github-actions · 2026-06-01T10:28:33Z

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	1217	161	86%

report-only-changed-files is enabled. No files were changed during this commit :)

Tests	Skipped	Failures	Errors	Time
244	0 💤	0 ❌	0 🔥	4.369s ⏱️

Copilot

Pull request overview

This PR upgrades multiple Python dependencies (direct and transitive) across the ContentProcessor, ContentProcessorAPI, and ContentProcessorWorkflow projects, and refreshes the corresponding uv.lock files. It also updates several GitHub Actions workflow dependencies (e.g., actions/checkout, azure/login, docker/build-push-action) to newer major versions.

Changes:

Update Python dependency pins in pyproject.toml / requirements.txt (e.g., idna, authlib, plus additional direct deps like fastapi, cryptography, Azure SDK packages).
Regenerate uv.lock files for the three Python sub-projects.
Bump GitHub Actions workflow action versions across CI/deployment workflows.

Reviewed changes

Copilot reviewed 19 out of 22 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/ContentProcessorWorkflow/pyproject.toml	Bumps direct dependency `authlib` to 1.6.12.
src/ContentProcessorWorkflow/uv.lock	Updates locked resolutions (notably `authlib` and `idna`).
src/ContentProcessorAPI/pyproject.toml	Updates multiple direct dependency pins (Azure SDKs, `fastapi`, `cryptography`, etc.).
src/ContentProcessorAPI/requirements.txt	Updates pinned dependency set used by CI installs.
src/ContentProcessorAPI/uv.lock	Refreshes resolved dependency graph after upgrades.
src/ContentProcessor/requirements.txt	Updates pinned dependency set used by CI installs.
src/ContentProcessor/uv.lock	Refreshes resolved dependency graph after upgrades (incl. `github-copilot-sdk`, `idna`).
.github/workflows/validate-bicep-params.yml	Updates core Actions used for infra parameter validation workflow.
.github/workflows/test.yml	Updates checkout action + coverage comment action revision for tests.
.github/workflows/test-automation.yml	Updates `azure/login` major version.
.github/workflows/test-automation-v2.yml	Updates `azure/login` major version.
.github/workflows/job-docker-build.yml	Updates `azure/login` and docker build/push action major versions.
.github/workflows/job-deploy.yml	Updates `azure/login` major version.
.github/workflows/job-deploy-windows.yml	Updates `azure/login` major version.
.github/workflows/job-deploy-linux.yml	Updates `azure/login` major version.
.github/workflows/job-cleanup-deployment.yml	Updates `azure/login` major version.
.github/workflows/deploy.yml	Updates `azure/login` major version.
.github/workflows/codeql.yml	Updates `actions/checkout` major version.
.github/workflows/build-docker-image.yml	Updates `azure/login` and docker build/push action major versions.
.github/workflows/broken-links-checker.yml	Updates pinned revision for `tj-actions/changed-files`.
.github/workflows/azure-dev.yaml	Updates `azure/login` major version.
.github/workflows/azd-template-validation.yml	Updates checkout and template validation action versions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Ayaz-Microsoft · 2026-06-01T12:08:46Z

+    "sas-cosmosdb==0.1.5",
    "azure-monitor-events-extension>=0.1.0",
    "azure-monitor-opentelemetry==1.8.7",
-    "cryptography==46.0.7",
+    "cryptography==47.0.0",
    "pyjwt==2.12.1",


Thanks — you're right. Updated the PR description to fully enumerate direct-dep changes (Azure SDKs, cryptography 46→47, rich 14→15, fastapi/uvicorn/etc.), call out the major version bumps with risk notes, and clarify scope: this branch was based on dependabotchanges so the diff carries prior batched dependabot work plus my new idna/authlib/lockfile updates.

opentelemetry-sdk 1.41.1 strictly requires opentelemetry-api==1.41.1, but pyproject.toml pins opentelemetry-api at 1.40.0. The mismatch was introduced from the dependabotchanges branch during Phase 2 down-merge and broke pip resolution in CI build (3.11). Aligns with dev branch and uv.lock (both at 1.40.0). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Ayaz-Microsoft · 2026-06-01T12:15:38Z

Closing this PR as @shreyas is already working on same story and created PR

Pavan-Microsoft and others added 6 commits April 21, 2026 13:13

Merge branch 'dev' of https://github.com/microsoft/content-processing…

a10e26e

…-solution-accelerator into dependabotchanges

Merge remote-tracking branch 'origin/dev' into dependabotchanges

893f1e0

# Conflicts: # src/ContentProcessor/requirements.txt # src/ContentProcessorAPI/pyproject.toml # src/ContentProcessorAPI/requirements.txt # src/ContentProcessorAPI/uv.lock

Copilot AI review requested due to automatic review settings June 1, 2026 10:27

Ayaz-Microsoft requested review from Avijit-Microsoft, Prajwal-Microsoft, Roopan-Microsoft, Vinay-Microsoft, aniaroramsft, dgp10801, nchandhi and toherman-msft as code owners June 1, 2026 10:27

Ayaz-Microsoft temporarily deployed to production June 1, 2026 10:27 — with GitHub Actions Inactive

Copilot started reviewing on behalf of Ayaz-Microsoft June 1, 2026 10:27 View session

Copilot AI reviewed Jun 1, 2026

View reviewed changes

Ayaz-Microsoft temporarily deployed to production June 1, 2026 10:43 — with GitHub Actions Inactive

Shreyas-Microsoft mentioned this pull request Jun 1, 2026

chore(deps): bring dependabot upgrades (#589, #595, #596, #597) onto dev (AB#44960) #606

Open

Ayaz-Microsoft closed this Jun 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: dependabot package upgrades#605

fix: dependabot package upgrades#605
Ayaz-Microsoft wants to merge 7 commits into
devfrom
feat/dependabot-ayaz-june26

Ayaz-Microsoft commented Jun 1, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 1, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Ayaz-Microsoft Jun 1, 2026

Uh oh!

Ayaz-Microsoft commented Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Ayaz-Microsoft commented Jun 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Purpose

Changes (high-level)

Major bumps — risk

Fix

Deferred

Validation

Closes

Uh oh!

github-actions Bot commented Jun 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Ayaz-Microsoft Jun 1, 2026

Choose a reason for hiding this comment

Uh oh!

Ayaz-Microsoft commented Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Ayaz-Microsoft commented Jun 1, 2026 •

edited

Loading

github-actions Bot commented Jun 1, 2026 •

edited

Loading