From 3effda57bd8ca6aba0700c34252251d67c8dd787 Mon Sep 17 00:00:00 2001 From: Norris Date: Sat, 14 Mar 2026 23:21:10 -0400 Subject: [PATCH 1/6] fix: bump black and django to resolve dependabot security alerts --- example/django-app/requirements.txt | 2 +- requirements.test.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/example/django-app/requirements.txt b/example/django-app/requirements.txt index fbd3164..5b6b804 100644 --- a/example/django-app/requirements.txt +++ b/example/django-app/requirements.txt @@ -1,2 +1,2 @@ -django >= 4.2 +django >= 4.2.29 -e ../../ diff --git a/requirements.test.txt b/requirements.test.txt index e257c94..5c7a250 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,6 +1,6 @@ -r requirements.txt -black~=25.1.0 +black~=26.3.1 mypy~=1.15.0 mypy-extensions~=1.0.0 pytest~=7.4.0 From d2c7acfa42efd1529379fb2a056efd5f178cfe6f Mon Sep 17 00:00:00 2001 From: Norris Date: Sat, 14 Mar 2026 23:24:06 -0400 Subject: [PATCH 2/6] fix: split lint deps into requirements.lint.txt for Python 3.10+ compat black>=26.3.1 requires Python 3.10+, but unit tests run on 3.9. Move black, mypy, and ruff into a separate requirements.lint.txt used only by the lint workflow (Python 3.12). --- .github/workflows/lint.yml | 2 +- requirements.lint.txt | 8 ++++++++ requirements.test.txt | 4 ---- 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 requirements.lint.txt diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9000815..402e635 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: - name: Install dependencies run: | pip install --upgrade pip - pip install -r requirements.test.txt + pip install -r requirements.lint.txt - name: Check formatting run: | diff --git a/requirements.lint.txt b/requirements.lint.txt new file mode 100644 index 0000000..6f6b4dd --- /dev/null +++ b/requirements.lint.txt @@ -0,0 +1,8 @@ +-r requirements.txt + +black~=26.3.1 +mypy~=1.15.0 +mypy-extensions~=1.0.0 +ruff~=0.9.0 +types-requests~=2.32.0 +types-urllib3~=1.26.25.14 diff --git a/requirements.test.txt b/requirements.test.txt index 5c7a250..80e5b61 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,11 +1,7 @@ -r requirements.txt -black~=26.3.1 -mypy~=1.15.0 -mypy-extensions~=1.0.0 pytest~=7.4.0 pytest-benchmark~=4.0.0 responses~=0.25.6 -ruff~=0.9.0 types-requests~=2.32.0 types-urllib3~=1.26.25.14 From ca0d0d9f4f1042ad17aef7b4bc95384791f0a6c4 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 22 Apr 2026 15:46:05 -0400 Subject: [PATCH 3/6] fix: resolve remaining dependabot security alerts - requests >= 2.33.0 to address CVE (medium, alerts #7, #8) - pytest >= 9.0.3 to address vulnerability (medium, alert #14) - django >= 6.0.4 in example app to address multiple CVEs (alerts #9-#13) --- example/django-app/requirements.txt | 2 +- requirements.test.txt | 2 +- requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/example/django-app/requirements.txt b/example/django-app/requirements.txt index 5b6b804..1fec939 100644 --- a/example/django-app/requirements.txt +++ b/example/django-app/requirements.txt @@ -1,2 +1,2 @@ -django >= 4.2.29 +django >= 6.0.4 -e ../../ diff --git a/requirements.test.txt b/requirements.test.txt index 80e5b61..264afd1 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,6 +1,6 @@ -r requirements.txt -pytest~=7.4.0 +pytest>=9.0.3 pytest-benchmark~=4.0.0 responses~=0.25.6 types-requests~=2.32.0 diff --git a/requirements.txt b/requirements.txt index 1054d22..dc7ab31 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ setuptools >= 21.0.0 urllib3 >= 1.15.1 -requests >= 2.32 +requests >= 2.33.0 wasmtime ~= 30.0.0 protobuf >= 4.23.3 openfeature-sdk ~= 0.8.0 From a84133c01f317b8d923d42a8d33afd690dca1ecc Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 22 Apr 2026 16:32:55 -0400 Subject: [PATCH 4/6] fix: drop Python 3.9 from CI matrix Python 3.9 reached EOL in October 2025. requests>=2.33.0 requires Python>=3.10, so we replace 3.9 with 3.10 in the test matrix. --- .github/workflows/unit_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit_test.yml b/.github/workflows/unit_test.yml index 76b6124..64a3a66 100644 --- a/.github/workflows/unit_test.yml +++ b/.github/workflows/unit_test.yml @@ -11,7 +11,7 @@ jobs: runs-on: ${{matrix.os}} strategy: matrix: - python-version: ["3.12", "3.9"] + python-version: ["3.12", "3.10"] os: [ubuntu-latest, windows-latest] steps: From 1fd802f802ae39513f31066be1fb9dcbbc91a39d Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Fri, 24 Apr 2026 09:50:02 -0400 Subject: [PATCH 5/6] fix: update type stub versions and django example README - Relax types-requests and types-urllib3 pin to allow versions compatible with requests >= 2.33.0 and urllib3 >= 1.15.1 - Update django example README to reflect Django 6.0.4+ requirement --- example/django-app/README.md | 2 +- requirements.test.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/example/django-app/README.md b/example/django-app/README.md index 7d7e2ad..88e2415 100644 --- a/example/django-app/README.md +++ b/example/django-app/README.md @@ -5,7 +5,7 @@ To find Python SDK usage documentation, visit our [docs](https://docs.devcycle.c ## Requirements. -Python 3.7+ and Django 4.2+ +Python 3.7+ and Django 6.0.4+ ## Installation diff --git a/requirements.test.txt b/requirements.test.txt index 264afd1..0c32769 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -3,5 +3,5 @@ pytest>=9.0.3 pytest-benchmark~=4.0.0 responses~=0.25.6 -types-requests~=2.32.0 -types-urllib3~=1.26.25.14 +types-requests>=2.32.0 +types-urllib3>=1.26.0 From 5d4b46db1ba0517ecd3a58f94f27b25d6d900164 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Fri, 24 Apr 2026 16:47:19 -0400 Subject: [PATCH 6/6] fix: address Copilot review feedback on python version and dep pinning - setup.py: raise python_requires to >=3.10 (Django 6.0 requires 3.10+, CI matrix already reflects this) - example/django-app/README.md: update "Python 3.7+" -> "Python 3.10+" - requirements.test.txt: tighten pytest>=9.0.3 -> pytest~=9.0.3 for reproducibility - requirements.lint.txt: align types-requests~=2.32.0 -> ~=2.33.0 with bumped runtime dep --- example/django-app/README.md | 2 +- requirements.lint.txt | 2 +- requirements.test.txt | 2 +- setup.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/example/django-app/README.md b/example/django-app/README.md index 88e2415..989f3cc 100644 --- a/example/django-app/README.md +++ b/example/django-app/README.md @@ -5,7 +5,7 @@ To find Python SDK usage documentation, visit our [docs](https://docs.devcycle.c ## Requirements. -Python 3.7+ and Django 6.0.4+ +Python 3.10+ and Django 6.0.4+ ## Installation diff --git a/requirements.lint.txt b/requirements.lint.txt index 6f6b4dd..058441c 100644 --- a/requirements.lint.txt +++ b/requirements.lint.txt @@ -4,5 +4,5 @@ black~=26.3.1 mypy~=1.15.0 mypy-extensions~=1.0.0 ruff~=0.9.0 -types-requests~=2.32.0 +types-requests~=2.33.0 types-urllib3~=1.26.25.14 diff --git a/requirements.test.txt b/requirements.test.txt index 0c32769..41a457f 100644 --- a/requirements.test.txt +++ b/requirements.test.txt @@ -1,6 +1,6 @@ -r requirements.txt -pytest>=9.0.3 +pytest~=9.0.3 pytest-benchmark~=4.0.0 responses~=0.25.6 types-requests>=2.32.0 diff --git a/setup.py b/setup.py index 53350f2..a615a32 100644 --- a/setup.py +++ b/setup.py @@ -24,7 +24,7 @@ url="https://github.com/devcycleHQ/python-server-sdk", keywords=["DevCycle"], install_requires=REQUIRES, - python_requires=">=3.9", + python_requires=">=3.10", packages=find_packages(), package_data={ "": ["VERSION.txt"],