Dependencies update #3192
Dependencies update #3192
Conversation
Updates the requirements on [tenacity](https://github.com/jd/tenacity) to permit the latest version. - [Release notes](https://github.com/jd/tenacity/releases) - [Commits](jd/tenacity@8.0.0...9.1.2) --- updated-dependencies: - dependency-name: tenacity dependency-version: 9.1.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [google-cloud-storage](https://github.com/googleapis/python-storage) to permit the latest version. - [Release notes](https://github.com/googleapis/python-storage/releases) - [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md) - [Commits](googleapis/python-storage@v2.18.0...v3.3.1) --- updated-dependencies: - dependency-name: google-cloud-storage dependency-version: 3.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [langgraph](https://github.com/langchain-ai/langgraph) to permit the latest version. - [Release notes](https://github.com/langchain-ai/langgraph/releases) - [Commits](langchain-ai/langgraph@0.2.60...0.6.6) --- updated-dependencies: - dependency-name: langgraph dependency-version: 0.6.6 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…nsitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 2: Clear-text storage of sensitive information
…gte-0.2.60-and-lte-0.6.6 chore(deps): update langgraph requirement from <=0.4.10,>=0.2.60 to >=0.2.60,<=0.6.6
…ud-storage-gte-2.18.0-and-lt-4.0.0 chore(deps): update google-cloud-storage requirement from <3.0.0,>=2.18.0 to >=2.18.0,<4.0.0
…te-8.0.0-and-lt-10.0.0 chore(deps): update tenacity requirement from <9.0.0,>=8.0.0 to >=8.0.0,<10.0.0
…nsitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…nsitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 2: Clear-text storage of sensitive information
Potential fix for code scanning alert no. 2: Clear-text storage of sensitive information
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello @venkateshpabbati, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the project's maintainability and security posture. It introduces automated dependency management through Dependabot, establishes a formal security policy for version support and vulnerability reporting, and updates key Python library dependencies to ensure compatibility with newer releases. Furthermore, it improves the secure handling of sensitive configuration by preventing API keys and cloud project details from being stored in Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Hello @venkateshpabbati, thank you for your contribution! Before we can proceed with reviewing this pull request, could you please address the following:
This information is necessary for us to be able to review and merge your PR. You can find more details in our contribution guidelines. Thanks! Response from ADK Triaging Agent |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several dependencies, adds Dependabot configuration, and introduces a security policy file. The dependency updates seem appropriate given the PR's goal. The addition of Dependabot is a good practice for keeping dependencies up-to-date automatically. The change in cli_create.py to avoid writing secrets to the .env file is an excellent security enhancement. My only suggestion is to populate the new SECURITY.md file with project-specific details to make it truly effective, for which I've provided a template.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2 participants
No description provided.