A demonstration of OpenHands automatically fixing breaking changes caused by dependency updates.
When Dependabot (or a simulated update) bumps a dependency to a new major version:
- Tests fail due to breaking API changes
- OpenHands automatically analyzes the failures
- OpenHands fixes the code to work with the new dependency version
- OpenHands commits the fix and updates the PR
- Tests pass and the PR is ready for review
This demo specifically showcases the Pydantic v1 to v2 migration, which involves:
.dict()→.model_dump().parse_obj()→.model_validate()from_orm()→model_validate()class Config→model_config = ConfigDict(...)orm_mode→from_attributes@validator→@field_validator
- Go to Actions → Simulate Dependabot Update
- Click Run workflow
- Select
pydanticas the package - Click Run workflow
- Watch the magic happen!
# Set your GitHub token
export GITHUB_TOKEN=your_token
# Trigger the simulation
curl -X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/YOUR_ORG/dependabot-demo/actions/workflows/simulate-dependabot.yml/dispatches" \
-d '{"ref":"main"}'gh workflow run simulate-dependabot.yml --field package=pydantic./scripts/simulate_dependabot.sh┌─────────────────────────────────────────────────────────────────┐
│ DEMO WORKFLOW │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. TRIGGER │
│ ┌──────────────┐ │
│ │ curl/gh/UI │ ──triggers──▶ simulate-dependabot.yml │
│ └──────────────┘ │
│ │
│ 2. DEPENDENCY UPDATE │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ Workflow │ ───▶ │ Creates PR with │ │
│ │ updates deps │ │ pydantic 2.x │ │
│ └──────────────┘ └─────────────────┘ │
│ │ │
│ ▼ │
│ 3. CI RUNS │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ CI workflow │ ───▶ │ Tests FAIL! ❌ │ │
│ │ runs tests │ │ (v1 syntax) │ │
│ └──────────────┘ └─────────────────┘ │
│ │ │
│ ▼ │
│ 4. OPENHANDS ACTIVATES │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ OpenHands │ ───▶ │ Analyzes test │ │
│ │ workflow │ │ failures │ │
│ └──────────────┘ └─────────────────┘ │
│ │ │
│ ▼ │
│ 5. AUTOMATED FIX │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ OpenHands │ ───▶ │ Updates code to │ │
│ │ fixes code │ │ v2 syntax │ │
│ └──────────────┘ └─────────────────┘ │
│ │ │
│ ▼ │
│ 6. SUCCESS │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ Commits fix │ ───▶ │ Tests PASS! ✅ │ │
│ │ to PR │ │ PR ready │ │
│ └──────────────┘ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
dependabot-demo/
├── src/
│ ├── api/
│ │ ├── routes.py # FastAPI endpoints
│ │ └── schemas.py # Pydantic schemas (v1 syntax!)
│ ├── models/
│ │ ├── base.py # SQLAlchemy setup
│ │ ├── user.py # User model
│ │ └── task.py # Task model
│ ├── services/
│ │ ├── user_service.py # User business logic
│ │ └── task_service.py # Task business logic
│ ├── utils/
│ │ └── helpers.py # Utility functions
│ └── main.py # FastAPI app entry point
├── tests/
│ ├── unit/
│ │ ├── test_schemas.py # Schema tests (v1 syntax!)
│ │ └── test_services.py # Service tests
│ └── integration/
│ └── test_api.py # API integration tests
├── .github/
│ ├── workflows/
│ │ ├── ci.yml # CI pipeline
│ │ ├── openhands-dependabot.yml # OpenHands auto-fix
│ │ └── simulate-dependabot.yml # Demo trigger
│ └── dependabot.yml # Dependabot config
├── scripts/
│ ├── simulate_dependabot.sh # Local demo trigger
│ ├── reset_demo.sh # Reset for re-demo
│ └── trigger_via_curl.sh # curl trigger example
├── pyproject.toml # Dependencies (old versions!)
└── README.md
-
Secrets needed (Settings → Secrets → Actions):
Required:
LLM_API_KEY: Your OpenHands API key
Optional:
LLM_MODEL: Model to use (default:openhands/gpt-4o)
Available OpenHands models:
Model Description openhands/gpt-4oGPT-4o (default) openhands/gpt-4-turboGPT-4 Turbo openhands/gpt-5-mini-2025-08-07GPT-5 Mini openhands/o3O3 reasoning model openhands/o4-miniO4 Mini -
Permissions (Settings → Actions → General):
- Enable "Read and write permissions" for GITHUB_TOKEN
- Enable "Allow GitHub Actions to create and approve pull requests"
# Create virtual environment
python -m venv venv
source venv/bin/activate # or `venv\Scripts\activate` on Windows
# Install dependencies (with old versions for demo)
pip install -e ".[dev]"
# Run tests (should pass with v1 pydantic)
pytest tests/ -v
# Run the API locally
uvicorn src.main:app --reloadContains Pydantic v1 syntax that will break:
- Uses
.dict()method - Uses
class Configwithorm_mode - Uses
@validatordecorator - Uses
.from_orm()and.parse_obj()
Tests specifically exercise v1 features:
- Tests
.dict()method - Tests
from_orm() - Tests
parse_obj()
The OpenHands integration that:
- Detects Dependabot/dependency PRs
- Runs tests to check for failures
- Invokes OpenHands to fix breaking changes
- Commits fixes back to the PR
After running the demo, reset for another run:
./scripts/reset_demo.shThis will:
- Close any open dependency PRs
- Delete dependabot branches
- Reset pyproject.toml to old versions
While this is a demo, the same workflow works for real Dependabot updates:
- Enable Dependabot on any repository
- Add the
openhands-dependabot.ymlworkflow - Configure secrets with your LLM API key
- When Dependabot creates PRs, OpenHands will automatically fix any breaking changes
The pyproject.toml may already have new versions. Run ./scripts/reset_demo.sh.
Check that:
- PR has the
dependencieslabel - Workflow has correct permissions
LLM_API_KEYsecret is set
Check the workflow logs. Common issues:
- API key invalid or rate limited
- Complex changes requiring manual intervention
- Timeout (increase
max-iterationsif needed)
MIT License - See LICENSE file for details.