chore(deps): batch v1.9.9 dependency floor bumps (#76, #77, #78, #79, #80)#94
Merged
Conversation
…80) Bumps 5 dependency lower bounds, all minor versions within the existing upper bounds. Batched as a single PR for efficiency: 1 CI run vs 5, 1 merge vs 5, and the combination is smoke-tested together. | Package | Floor before | Floor after | Source PR | |----------------------------|---------------|--------------|-----------| | playwright | 1.56.0 | 1.59.0 | #80 | | weasyprint | 61.0 | 68.1 | #78 | | openpyxl | 3.1.0 | 3.1.5 | #76 | | google-api-python-client | 2.100.0 | 2.196.0 | #77 | | google-auth-oauthlib | 1.0.0 | 1.4.0 | #79 | Smoke tests (isolated venv at /tmp/v199-deps): - google-auth-oauthlib: InstalledAppFlow import OK - openpyxl: Workbook + Font/PatternFill/Alignment/Border/Side + get_column_letter OK - google-api-python-client: build() + BatchHttpRequest import OK - weasyprint: tiny HTML -> PDF generation OK - playwright: chromium install + headless screenshot of example.com OK (18.9 KB PNG) Caveat: google-auth-oauthlib 1.4.0 drops Python 3.9 support. Project pyproject.toml requires Python >=3.10, so no impact for this repo's declared support matrix. Will be called out in v1.9.9 CHANGELOG for external consumers. Closes Dependabot PRs #76, #77, #78, #79, #80 (each commented separately with reference to this commit).
This was referenced May 11, 2026
Closed
AgriciDaniel
added a commit
that referenced
this pull request
May 11, 2026
…, deps, Perfmatters Atomic bump of all version-bearing artifacts from 1.9.8 to 1.9.9: - .claude-plugin/plugin.json - CITATION.cff - pyproject.toml - install.sh REPO_TAG default - install.ps1 RepoTag default - skills/seo/SKILL.md metadata.version - 23 other in-tree skills/*/SKILL.md (except seo-content-brief at 1.0.0) - 3 extensions/*/skills/*/SKILL.md The atomic bump is required: existing v1.9.8 + PR #91 + PR #93 CI guards triangulate plugin.json against CITATION, pyproject, install scripts, and all skill metadata.version fields. Any split would fail CI mid-merge. This release also rolls up the v1.9.9 train: - PR #93: orchestrator + marketplace.json + AGENTS.md drift cleanup + 4 new CI assertions (closed #92) - PR #94: 5-package Dependabot floor bumps batched (playwright 1.59, weasyprint 68.1, openpyxl 3.1.5, google-api-python-client 2.196, google-auth-oauthlib 1.4.0; closed Dependabot PRs #76-80) - PR #95: Perfmatters / EWWW / generic JS lazy-loader detection in scripts/parse_html.py + consumer wiring + 11 unit tests (closed #41) CHANGELOG [1.9.9] section rolls up all the above and documents the v2 deferrals (#11 SPA, #51 subagent persistence, #61 google_report full type, #89 uv, #53 seo-notebooklm, #46 path/SSL). Local pytest: 39 passed (13 manifest + 15 sync_flow + 11 lazy detection). Tag-before-merge sequence applies: v1.9.9 tag will be pushed to remote pointing at this branch tip BEFORE this PR is merged, so the bumped install.sh REPO_TAG default of v1.9.9 resolves immediately for anyone running curl | bash during the merge window. Independently reviewed across 5 rounds of Codex GPT-5.5 xhigh.
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Batches the 5 open Dependabot floor bumps into one PR for the v1.9.9 release train. Single CI run, single merge, and smoke-tested together as a combination.
playwrightweasyprintopenpyxlgoogle-api-python-clientgoogle-auth-oauthlibAll bumps stay inside the existing upper bounds. No CVE-driven escalations.
Smoke tests (all passed locally)
Isolated venv at
/tmp/v199-deps, fresh install of the bumpedrequirements.txt:from google_auth_oauthlib.flow import InstalledAppFlowresolvesbuild()+BatchHttpRequestimport; metadata version2.196.0playwright install chromium+ headless screenshot of example.com produces an 18.9 KB PNGCaveats
google-auth-oauthlib1.4.0 drops Python 3.9 support. This repo'spyproject.tomlrequires Python>=3.10already, so no impact for our support matrix. Will be called out in v1.9.9 CHANGELOG for any external consumers still on 3.9.After merge
I'll close Dependabot PRs #76-80 with reference comments pointing to this PR.
Test plan
requirements.txtparses (verified by pip install succeeding)requirements.txtpyproject.tomlpython = ">=3.10"matches all 5 bumps' min Python🤖 Part of the v1.9.9 release train.