Skip to content

chore(deps): bump tornado from 6.5.5 to 6.5.6 in /envs/coding_env#792

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/envs/coding_env/tornado-6.5.6
Open

chore(deps): bump tornado from 6.5.5 to 6.5.6 in /envs/coding_env#792
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/envs/coding_env/tornado-6.5.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Bumps tornado from 6.5.5 to 6.5.6.

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits
  • aba2569 Merge pull request #3626 from bdarnell/fixes-656
  • a24b260 httpclient_test: Accept an additional error message variant
  • a74240a Release notes and version bump for 6.5.6.
  • e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
  • 96dc88c speedups: validate mask length
  • ff808b3 http1connection: Enforce max_body_size in _GzipMessageDelegate
  • ede4e37 auth: Correctly parse check_authentication response
  • 1c178be Remove obsolete curl force_timeout workaround
  • c99d55b Replace deprecated pycurl IOCTLFUNCTION callback with SEEKFUNCTION
  • 2761431 Merge pull request #3587 from bdarnell/fix-link
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump tornado from 6.5.5 to 6.5.6 in /envs/coding_env
9c75208 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.5 to 6.5.6.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.5...v6.5.6)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added Dependencies python:uv Pull requests that update python:uv code labels Jun 12, 2026
@bot-ci-comment

bot-ci-comment Bot commented Jun 12, 2026

Copy link
Copy Markdown

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

Darktex
Darktex requested changes Jun 13, 2026
View reviewed changes

@Darktex Darktex left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This is an automated review by Claude Code, not a human review.

Review: tornado 6.5.5 → 6.5.6

The tornado bump itself is clean — correct sdist/wheel hashes for 6.5.6, scoped to envs/coding_env/uv.lock, no pyproject.toml entry to update (tornado is a transitive dependency, not a direct one).

However, the diff bundles a second unrelated change that blocks approval:

Bundled, unrelated change: openenv-coreopenenv rename

The lock file removes the openenv-core 0.2.3 package entry entirely and replaces it with openenv 0.3.1. The openenv-coding-env block's requires-dist is also rewritten from openenv-core[core]>=0.2.2 to openenv[core]>=0.2.2.

The problem: envs/coding_env/pyproject.toml still declares:

"openenv-core[core]>=0.2.2",

The pyproject.toml (source of truth) and uv.lock are now inconsistent on the name and version of this dependency. A uv sync from a clean state would likely fail or resolve differently than what the lock file encodes.

What needs to happen before this can merge:

  1. If openenv-core has been renamed to openenv on PyPI, pyproject.toml must be updated to openenv[core]>=0.3.1 (or whatever the correct minimum) and the lock file regenerated as a separate PR.
  2. If this rename is not yet intentional, the lock file entry for openenv-core → openenv should be reverted to keep this PR purely a tornado patch bump.

A pure tornado bump would be approved immediately — please split or fix the inconsistency.

Automated review by Claude Code | Learn more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Darktex Darktex Darktex requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Dependencies python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Darktex