chore(deps-dev): bump pdoc from 15.0.4 to 16.0.0#1594
chore(deps-dev): bump pdoc from 15.0.4 to 16.0.0#1594dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [pdoc](https://github.com/mitmproxy/pdoc) from 15.0.4 to 16.0.0. - [Changelog](https://github.com/mitmproxy/pdoc/blob/main/CHANGELOG.md) - [Commits](mitmproxy/pdoc@v15.0.4...v16) --- updated-dependencies: - dependency-name: pdoc dependency-version: 16.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — straightforward Dependabot dev-dependency bump with no production impact.
Extended reasoning...
Overview
This PR bumps pdoc from 15.0.4 to 16.0.0 in two files: the version constraint in pyproject.toml (docs extra) and the pinned entry in uv.lock. pdoc is a docs-generation tool listed only under the docs dependency group — it is not a runtime or test dependency.
Security Risks
None. pdoc is a documentation-generation utility with no role in authentication, data handling, or production execution paths.
Level of Scrutiny
Low. This is a standard automated Dependabot bump for a dev-only tool. The lock file correctly pins pdoc 16.0.0 and adds the new markdown2 transitive dependency. The only concern (flagged as a nit in an inline comment) is that the lower bound in pyproject.toml was not tightened to >=16.0.0 — standard Dependabot behavior. Since this affects only the docs extra and no uv-based workflow bypasses the lock file, the practical impact is negligible.
Other Factors
No prior reviews on this PR. The change is mechanical, self-contained, and follows the established pattern for Dependabot PRs in this repo.
| @@ -36,7 +36,7 @@ dev = [ | |||
| "opentelemetry-instrumentation-threading>=0.59b0,<1", | |||
| ] | |||
| docs = [ | |||
There was a problem hiding this comment.
🟡 The pdoc version constraint was updated to >=15.0.4,<17 but the lower bound was not updated to >=16.0.0, meaning environments that install without the lock file (e.g., pip install langfuse[docs]) could resolve to pdoc 15.x instead of the intended 16.x. Consider changing the constraint to pdoc>=16.0.0,<17 to match the PR's intent.
Extended reasoning...
What the bug is: The PR bumps pdoc from 15.0.4 to 16.0.0, and correctly updates the lock file to pin pdoc 16.0.0. However, the version constraint in pyproject.toml was changed from >=15.0.4,<16 to >=15.0.4,<17 — only widening the upper bound — rather than >=16.0.0,<17. This means the lower bound still allows any pdoc 15.x release to satisfy the constraint.
The specific code path: In pyproject.toml line 38, the docs extra dependency is declared as pdoc>=15.0.4,<17. A resolver that sees this constraint (without the lock file) is free to choose pdoc 15.0.4 as a valid solution.
Why existing code doesn't prevent it: The uv.lock file pins pdoc to exactly 16.0.0, so any uv sync or uv run invocation respects the lock and gets 16.0.0. However, anyone running pip install "langfuse[docs]" (a common workflow for users installing the docs extra manually, or in CI pipelines not using uv) bypasses the lock file entirely and relies solely on the pyproject.toml constraint. With >=15.0.4,<17, pip could resolve to 15.x.
Impact: pdoc 16.0.0 is a major version release with meaningful changes: it adds markdown2 as a new dependency, drops Python 3.9 support, and changes templating behavior. Running with pdoc 15.x versus 16.x would produce different documentation output and could silently fail to include markdown2. That said, this is a docs-only dev dependency, so production users are entirely unaffected.
How to fix it: Change line 38 in pyproject.toml from pdoc>=15.0.4,<17 to pdoc>=16.0.0,<17.
Step-by-step proof:
- A user runs
pip install "langfuse[docs]"(not using uv, no lock file honored). - pip sees the constraint
pdoc>=15.0.4,<17. - pip resolves the latest compatible version — normally 16.0.0 — but if 16.0.0 is yanked or if the user has a conflicting constraint pinning an older version, pip could legitimately choose any pdoc 15.x release (e.g., 15.0.4).
- The installed pdoc 15.x lacks the
markdown2dependency and has different rendering behavior compared to 16.x. - The developer or CI system gets unexpected documentation output without any error indicating the wrong version is installed.
Addressing the refutation: The refutation correctly notes this is standard Dependabot behavior — Dependabot typically only widens the upper bound. However, "standard Dependabot behavior" and "correct constraint" are different things. The constraint >=15.0.4,<17 is technically imprecise for a PR whose stated goal is to adopt pdoc 16.0.0. This is a nit rather than a blocking issue because the lock file protects most real workflows, but tightening the lower bound is a small, low-risk improvement worth noting.
Bumps pdoc from 15.0.4 to 16.0.0.
Changelog
Sourced from pdoc's changelog.
Commits
6677d73pdoc 16.0.03f75834Support Pydantic model defaults + field descriptions (#802)f19fbf7Add support for Python 3.14 (#843)8aa648fBump mhils/workflows in the dependencies group (#844)b782455Add support for keyword args for Google flavor docs (#840)34c7759Drop Support for Python 3.9 (#842)0f27371fix: remove hard-coded pdoc mention from title in template (#841)a12c236Add new pdoc logo (#838)0f308abBump mhils/workflows in the dependencies group (#837)7c880c5Replace vendored markdown2 w/ official upstream (#836)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Disclaimer: Experimental PR review
Greptile Summary
This PR bumps the
pdocdocumentation tool from 15.0.4 to 16.0.0 in thedocsdependency group. The version constraint inpyproject.tomlis widened from<16to<17, and the lock file is updated accordingly.Key changes introduced by pdoc 16.0.0 relevant to this project:
markdown22.5.5 is now a declared dependency (it was previously vendored inside pdoc; pdoc 16 switched to the official upstreammarkdown2package).langfusealready requires Python>=3.10.Since
pdocis a dev-only tool used exclusively for documentation generation, this bump carries negligible runtime risk for the library itself.Confidence Score: 5/5
Safe to merge — affects only the docs toolchain, no runtime or test dependencies are changed.
This is a dev-only dependency bump confined to the
docsgroup. The project's minimum Python requirement (3.10) is already higher than what pdoc 16 requires (3.10+), so the Python 3.9 drop is a non-issue. The sole substantive lock-file change is addingmarkdown22.5.5 as an explicit dependency (previously vendored). No production code, tests, or public API are affected.No files require special attention.
Important Files Changed
docsoptional dependencypdocwidened from<16to<17, allowing pdoc 16.x.markdown22.5.5 (previously vendored inside pdoc, now a standalone upstream package).Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[pyproject.toml\ndocs group] -->|pdoc >=15.0.4,<17| B[pdoc 16.0.0] B --> C[jinja2] B --> D[markdown2 2.5.5\nnew explicit dep] B --> E[markupsafe] B --> F[pygments] note1["pdoc 15.x vendored markdown2 internally\npdoc 16.x uses the official upstream package"] D -.->|replaces| note1Reviews (1): Last reviewed commit: "chore(deps-dev): bump pdoc from 15.0.4 t..." | Re-trigger Greptile