chore(deps): bump gitpython from 3.1.49 to 3.1.50#3272
Conversation
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.49 to 3.1.50. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.49...3.1.50) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.50 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Python API breakage checks — ✅ PASSEDResult: ✅ PASSED |
REST API breakage checks (OpenAPI) — ✅ PASSEDResult: ✅ PASSED |
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🟢 Good taste - Routine dependency update with bug fixes.
[RISK ASSESSMENT]
- [Overall PR]
⚠️ Risk Assessment: 🟢 LOW
This is a routine dependency update for GitPython from 3.1.49 to 3.1.50. The package was uploaded on 2026-05-06 (~9+ days ago), which is outside the repository's 7-day freshness guardrail, so there are no supply-chain timing concerns.
The upstream release includes:
- Bug fixes for Repo() autodiscovery in linked worktrees
- Config key validation improvements
- Internal dependency updates (gitdb, ruff-pre-commit)
No breaking changes or security vulnerabilities reported. Standard low-risk dependency maintenance.
VERDICT:
✅ Worth merging: Standard dependency update with bug fixes and no breaking changes.
KEY INSIGHT:
Clean dependency update that respects the repository's supply-chain safety guardrails.
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
✅ QA Report: PASS
Successfully verified GitPython upgrade from 3.1.49 to 3.1.50. Dependency update applied cleanly, all GitPython functionality works correctly, and streamlit integration remains intact.
Does this PR achieve its stated goal?
Yes. This PR successfully updates GitPython from version 3.1.49 to 3.1.50 as intended. The lock file correctly reflects the new version, the dependency installs without issues, and all GitPython functionality (repository operations, config management, commit iteration, and status checks) works correctly. The streamlit package, which depends on GitPython, continues to function normally with the updated version.
| Phase | Result |
|---|---|
| Environment Setup | ✅ Built successfully with make build, all 234 packages installed |
| CI Status | ✅ 21 checks passed, 9 pending, 0 failing |
| Functional Verification | ✅ All GitPython features tested and working |
Functional Verification
Test 1: Verify Version Update
Baseline (main branch):
git show origin/main:uv.lock | grep -A3 'name = "gitpython"'name = "gitpython"
version = "3.1.49"
source = { registry = "https://pypi.org/simple" }
This confirms the baseline version is 3.1.49.
After PR changes:
source .venv/bin/activate && python -c "import git; print(f'GitPython version: {git.__version__}')"GitPython version: 3.1.50
This confirms the upgrade to 3.1.50 was successful.
Test 2: Basic GitPython Functionality
Test command:
import git
repo = git.Repo('.')
print(f"Repository path: {repo.working_dir}")
print(f"Current branch: {repo.active_branch}")
print(f"Latest commit: {repo.head.commit.hexsha[:7]}")Output:
Repository path: /home/runner/work/software-agent-sdk/software-agent-sdk/pr-repo
Current branch: dependabot/uv/gitpython-3.1.50
Latest commit: ffcf33b
GitPython basic functionality test: PASSED
Basic repository operations work correctly.
Test 3: GitPython Features (including 3.1.50 fixes)
Test command: Tested config reading/writing, commit iteration, and git status functionality.
Output:
✓ Config reading works
✓ Valid config key writing works (validates fix for config key section validation)
✓ Can iterate commits (3 fetched)
✓ Can read git status (0 changed files)
✅ All GitPython functionality tests PASSED
All core GitPython features work correctly, including the new config validation introduced in 3.1.50.
Test 4: Streamlit Integration
Test command: Verified streamlit (which depends on GitPython) can import and access GitPython.
Output:
Streamlit version: 1.54.0
GitPython available to streamlit: 3.1.50
✓ Streamlit imports successfully
✓ Streamlit can access GitPython
✅ Streamlit integration test PASSED
The dependent package (streamlit) works correctly with the updated GitPython version.
Issues Found
None.
Coverage Report •
|
2 participants
Bumps gitpython from 3.1.49 to 3.1.50.
Release notes
Sourced from gitpython's releases.
Commits
5a294a6bump version to 3.1.50d7b029fMerge pull request #2142 from gitpython-developers/fix-validate-config-key-ne...5453842Validate config key section names before writing1085a7cMerge pull request #2128 from meliezer/fix-worktree-git-dirb7f5fdeMerge pull request #2141 from gitpython-developers/dependabot/submodules/git/...4e8cd45Bump git/ext/gitdb from335c0f6to53c94d69e94459Merge pull request #2140 from gitpython-developers/dependabot/pre_commit/pre-...714e2e1Xfail Windows symlink-capable index mutation testb17f113Bump https://github.com/astral-sh/ruff-pre-commit4c6ec60fix: support Repo() autodiscovery from linked worktree GIT_DIRDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server
Variants & Base Images
eclipse-temurin:17-jdknikolaik/python-nodejs:python3.13-nodejs22-slimgolang:1.21-bookwormPull (multi-arch manifest)
# Each variant is a multi-arch manifest supporting both amd64 and arm64 docker pull ghcr.io/openhands/agent-server:ffcf33b-pythonRun
All tags pushed for this build
About Multi-Architecture Support
ffcf33b-python) is a multi-arch manifest supporting both amd64 and arm64ffcf33b-python-amd64) are also available if needed