revert: uvloop 0.22.1 → 0.21.0 in ci requirements#3822
Closed
Copilot wants to merge 3 commits intodependabot/pip/actions/gcp/setup/dependencies-441176d5a0from
Closed
revert: uvloop 0.22.1 → 0.21.0 in ci requirements#3822Copilot wants to merge 3 commits intodependabot/pip/actions/gcp/setup/dependencies-441176d5a0from
Copilot wants to merge 3 commits intodependabot/pip/actions/gcp/setup/dependencies-441176d5a0from
Conversation
…updates --- updated-dependencies: - dependency-name: gsutil dependency-version: '5.36' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: uvloop dependency-version: 0.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: uvloop dependency-version: 0.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: aiodocker dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: protobuf dependency-version: 7.34.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pytz dependency-version: 2026.1.post1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: types-protobuf dependency-version: 6.32.1.20260221 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: types-pytz dependency-version: 2026.1.1.20260304 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: yarl dependency-version: 1.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: setuptools dependency-version: 82.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…nts.txt Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Revert uvloop version change in dependencies
revert: uvloop 0.22.1 → 0.21.0 in ci requirements
Mar 11, 2026
phlax
force-pushed
the
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0
branch
2 times, most recently
from
5a2c8a5 to
b8290ef
Compare
dependabot
bot
deleted the branch
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependabot PR #3818 bumped uvloop from 0.21.0 → 0.22.1 as part of a multi-dependency update. This reverts only the uvloop portion, keeping all other dependency bumps from that PR intact.
Changes
ci/requirements.in— pin back touvloop==0.21.0ci/requirements.txt— replace 0.22.1 entry and its hashes with the 0.21.0 hashes frommainOriginal prompt
Context
PR #3818 (
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0branch) is a dependabot PR that bumps 9 dependencies across 3 directories. One of those updates is uvloop from 0.21.0 to 0.22.1, which we do NOT want.Task
Create a PR against the
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0branch (NOT againstmain) that reverts ONLY the uvloop-related changes from PR #3818.What needs to be reverted
ci/requirements.in— revert the uvloop version pin back:uvloop==0.22.1back touvloop==0.21.0ci/requirements.txt— this is the lock file. The uvloop entry and its hashes need to be reverted. In the current state on the dependabot branch, uvloop was bumped from 0.21.0 to 0.22.1 with new hashes. You need to:ci/requirements.txton the dependabot branch and change the version and hashes back to the 0.21.0 versionsmainbranch should be used as the source of truth for the hashesThe old entry on main is:
What should NOT be changed
actions/gcp/setup/requirements.txt— has NO uvloop changes, leave it alonepy/deps/requirements.txt— has NO uvloop changes, leave it aloneci/requirements.txtshould be LEFT AS-IS (don't revert the other dependency bumps in that file)Important notes
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0(the head branch of PR build(deps): bump the dependencies group across 3 directories with 9 updates #3818)ci/requirements.inandci/requirements.txtThe following is the prior conversation context from the user's chat exploration (may be truncated):
User: been trying various ways to stop dependabot updating without uvloop - no dice, fuck that
now please just open a pr - against this one to revert ONLY the changes to uvloop (and anything related/that needs the uvloop version change) ONLY - against that pr - it should update all req files lock files etc etc
Assistant:
Let me first examine the PR to understand what changes were made, particularly around uvloop.
Assistant: Now I have a clear picture of all the changes in PR #3818. Let me identify the uvloop-specific changes:
ci/requirements.in: Changesuvloop==0.21.0→uvloop==0.22.1— this is the only uvloop-specific.infile changeci/requirements.txt: This massive lock file was regenerated and contains the uvloop version bump plus all its cascading dependency changesThe other files (
actions/gcp/setup/requirements.txtandpy/deps/requirements.txt) don't contain uvloop changes — they have other dependency updates (gsutil, multidict, propcache, yarl, protobuf, etc.).So the PR to revert uvloop needs to:
ci/requirements.into keepuvloop==0.21.0ci/requirements.txtback to the old version/hashesLet me check what the uvloop section looks like in the PR's
ci/requirements.txt:Assistant: Now I have a clear picture. Let me analyze the PR #3818 changes:
Files changed:
actions/gcp/setup/requirements.txt- updates to google-auth-httplib2, gsutil, multidict, propcache, yarlci/requirements.in- uvloop 0.21.0 → 0.22.1 ← THIS is the uvloop changeci/requirements.txt- large lock file update (includes uvloop and all its transitive deps)py/deps/requirements.txt- updates to aiodocker, protobuf, pytz, types-protobuf, types-pytz, yarl, setuptoolsThe uvloop change is ONLY in
ci/requirements.in(the.infile) andci/requirements.txt(the lock file). No other file has uvloop changes. However, theci/requirements.txtlock file has many other changes too (massive update), so the PR needs to revert ONLY the uvloop-specific parts.Let me create the PR:
Assistant: I've kicked off the creation of a PR against the dependabot branch (
dependabot/pip/actions/gcp/setup/dependencies-441176d5a0) to revert only the uvloop changes. Specifically it will:ci/requirements.in: Revertuvloop==0.22.1→uvloop==0.21.0ci/requirements.txt: Revert the uvloop entry and hashes back to the 0.21.0 versionsAll other dependency updates from PR #3818 (google-auth-httplib2, gsutil, multidict, propcache, yarl, aiodocker, protobuf, pytz, setuptools, types-protobuf, types-pytz) will be left intact.
The coding agent is working on this now — you'll get a PR link shortly once it's created. This PR will target the dependabot branch so that when merged, it removes the uvloop bump while keeping everything else from the dependabot update.
This pull request was created from Copilot chat.
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.