Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.6
to 46.0.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.1 - 2025-09-16</p>
<pre><code>
* Fixed an issue where users installing via ``pip`` on Python 3.14
development
versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
<p>.. _v46-0-0:</p>
<p>46.0.0 - 2025-09-16<br />
</code></pre></p>
<ul>
<li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for Python 3.7 has
been removed.</li>
<li>Support for OpenSSL < 3.0 is deprecated and will be removed in
the next
release.</li>
<li>Support for <code>x86_64</code> macOS (including publishing wheels)
is deprecated
and will be removed in two releases. We will switch to publishing an
<code>arm64</code> only wheel for macOS.</li>
<li>Support for 32-bit Windows (including publishing wheels) is
deprecated
and will be removed in two releases. Users should move to a 64-bit
Python installation.</li>
<li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.3.</li>
<li>We now build <code>ppc64le</code> <code>manylinux</code> wheels and
publish them to PyPI.</li>
<li>We now build <code>win_arm64</code> (Windows on Arm) wheels and
publish them to PyPI.</li>
<li>Added support for free-threaded Python 3.14.</li>
<li>Removed the deprecated <code>get_attribute_for_oid</code> method on
:class:<code>~cryptography.x509.CertificateSigningRequest</code>. Users
should use
:meth:<code>~cryptography.x509.Attributes.get_attribute_for_oid</code>
instead.</li>
<li>Removed the deprecated <code>CAST5</code>, <code>SEED</code>,
<code>IDEA</code>, and <code>Blowfish</code>
classes from the cipher module. These are still available in
:doc:<code>/hazmat/decrepit/index</code>.</li>
<li>In X.509, when performing a PSS signature with a SHA-3 hash, it is
now
encoded with the official NIST SHA3 OID.</li>
</ul>
<p>.. _v45-0-7:</p>
<p>45.0.7 - 2025-09-01</p>
<pre><code>
* Added a function to support an upcoming ``pyOpenSSL`` release.
<p>.. _v45-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e735cfc275"><code>e735cfc</code></a>
release 46.0.1 (<a
href="https://redirect.github.com/pyca/cryptography/issues/13450">#13450</a>)</li>
<li><a
href="4e457ffba4"><code>4e457ff</code></a>
Explicitly specify python in mac uv build invocation (<a
href="https://redirect.github.com/pyca/cryptography/issues/13447">#13447</a>)</li>
<li><a
href="2726efdb6d"><code>2726efd</code></a>
Depend on CFFI 2.0.0 or newer on Python > 3.8 (<a
href="https://redirect.github.com/pyca/cryptography/issues/13448">#13448</a>)</li>
<li><a
href="62230623d1"><code>6223062</code></a>
release 46.0.0 (<a
href="https://redirect.github.com/pyca/cryptography/issues/13446">#13446</a>)</li>
<li><a
href="563c4915b0"><code>563c491</code></a>
Update comment for pyopenssl-release tag (<a
href="https://redirect.github.com/pyca/cryptography/issues/13445">#13445</a>)</li>
<li><a
href="d2f6f7face"><code>d2f6f7f</code></a>
Bump downstream dependencies in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/13439">#13439</a>)</li>
<li><a
href="e7ab02bd67"><code>e7ab02b</code></a>
we'll ship this with 3.5.3 why not (<a
href="https://redirect.github.com/pyca/cryptography/issues/13442">#13442</a>)</li>
<li><a
href="0b68a4bffb"><code>0b68a4b</code></a>
Another pair of bump dependencies fix (<a
href="https://redirect.github.com/pyca/cryptography/issues/13444">#13444</a>)</li>
<li><a
href="e076d08ee4"><code>e076d08</code></a>
Attempt to fix commit message for bump downstreams (<a
href="https://redirect.github.com/pyca/cryptography/issues/13440">#13440</a>)</li>
<li><a
href="6835ce899e"><code>6835ce8</code></a>
Put correct version bounds for pyenchant in pins (<a
href="https://redirect.github.com/pyca/cryptography/issues/13441">#13441</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/45.0.6...46.0.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nick Tindle <nick@ntindle.com>
We'll soon be needing a more feature-complete external API. To make way
for this, I'm moving some files around so:
- We can more easily create new versions of our external API
- The file structure of our internal API is more homogeneous
These changes are quite opinionated, but IMO in any case they're better
than the chaotic structure we have now.
### Changes 🏗️
- Move `backend/server` -> `backend/api`
- Move `backend/server/routers` + `backend/server/v2` ->
`backend/api/features`
- Change absolute sibling imports to relative imports
- Move `backend/server/v2/AutoMod` -> `backend/executor/automod`
- Combine `backend/server/routers/analytics_*test.py` ->
`backend/api/features/analytics_test.py`
- Sort OpenAPI spec file
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- CI tests
- [x] Clicking around in the app -> no obvious breakage
We want to provide Single Sign-On for multiple AutoGPT apps that use the
Platform as their backend.
### Changes 🏗️
Backend:
- DB + logic + API for OAuth flow (w/ tests)
- DB schema additions for OAuth apps, codes, and tokens
- Token creation/validation/management logic
- OAuth flow endpoints (app info, authorize, token exchange, introspect,
revoke)
- E2E OAuth API integration tests
- Other OAuth-related endpoints (upload app logo, list owned apps,
external `/me` endpoint)
- App logo asset management
- Adjust external API middleware to support auth with access token
- Expired token clean-up job
- Add `OAUTH_TOKEN_CLEANUP_INTERVAL_HOURS` setting (optional)
- `poetry run oauth-tool`: dev tool to test the OAuth flows and register
new OAuth apps
- `poetry run export-api-schema`: dev tool to quickly export the OpenAPI
schema (much quicker than spinning up the backend)
Frontend:
- Frontend UI for app authorization (`/auth/authorize`)
- Re-redirect after login/signup
- Frontend flow to batch-auth integrations on request of the client app
(`/auth/integrations/setup-wizard`)
- Debug `CredentialInputs` component
- Add `/profile/oauth-apps` management page
- Add `isOurProblem` flag to `ErrorCard` to hide action buttons when the
error isn't our fault
- Add `showTitle` flag to `CredentialsInput` to hide built-in title for
layout reasons
DX:
- Add [API
guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/api-guide.md)
and [OAuth
guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/oauth-guide.md)
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Manually verify test coverage of OAuth API tests
- Test `/auth/authorize` using `poetry run oauth-tool test-server`
- [x] Works
- [x] Looks okay
- Test `/auth/integrations/setup-wizard` using `poetry run oauth-tool
test-server`
- [x] Works
- [x] Looks okay
- Test `/profile/oauth-apps` page
- [x] All owned OAuth apps show up
- [x] Enabling/disabling apps works
- [ ] ~~Uploading logos works~~ can only test this once deployed to dev
#### For configuration changes:
- [x] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
Implements foundational backend infrastructure for chat-based agent
interaction system. Users will be able to discover, configure, and run
marketplace agents through conversational AI.
**Note:** Chat routes are behind a feature flag
### Changes 🏗️
**Core Chat System:**
- Chat service with LLM orchestration (Claude 3.5 Sonnet, Haiku, GPT-4)
- REST API routes for sessions and messages
- Database layer for chat persistence
- System prompts and configuration
**5 Conversational Tools:**
1. `find_agent` - Search marketplace by keywords
2. `get_agent_details` - Fetch agent info, inputs, credentials
3. `get_required_setup_info` - Check user readiness, missing credentials
4. `run_agent` - Execute agents immediately
5. `setup_agent` - Configure scheduled execution with cron
**Testing:**
- 28 tests across chat tools (23 passing, 5 skipped for scheduler)
- Test fixtures for simple, LLM, and Firecrawl agents
- Service and data layer tests
**Bug Fixes:**
- Fixed `setup_agent.py` to create schedules instead of immediate
execution
- Fixed graph lookup to use UUID instead of username/slug
- Fixed credential matching by provider/type instead of ID
- Fixed internal tool calls to use `._execute()` instead of `.execute()`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] All 28 chat tool tests pass (23 pass, 5 skip - require scheduler)
- [x] Code formatting and linting pass
- [x] Tool execution flow validated through unit tests
- [x] Agent discovery, details, and execution tested
- [x] Credential parsing and matching tested
#### For configuration changes:
- [x] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
No configuration changes required - all existing settings compatible.
## Summary
Implement comprehensive admin user impersonation functionality to enable
admins to act on behalf of any user for debugging and support purposes.
## 🔐 Security Features
- **Admin Role Validation**: Only users with 'admin' role can
impersonate others
- **Header-Based Authentication**: Uses `X-Act-As-User-Id` header for
impersonation requests
- **Comprehensive Audit Logging**: All impersonation attempts logged
with admin details
- **Secure Error Handling**: Proper HTTP 403/401 responses for
unauthorized access
- **SSR Safety**: Client-side environment checks prevent server-side
rendering issues
## 🏗️ Architecture
### Backend Implementation (`autogpt_libs/auth/dependencies.py`)
- Enhanced `get_user_id` FastAPI dependency to process impersonation
headers
- Admin role verification using existing `verify_user()` function
- Audit trail logging with admin email, user ID, and target user
- Seamless integration with all existing routes using `get_user_id`
dependency
### Frontend Implementation
- **React Hook**: `useAdminImpersonation` for state management and API
calls
- **Security Banner**: Prominent warning when impersonation is active
- **Admin Panel**: Control interface for starting/stopping impersonation
- **Session Persistence**: Maintains impersonation state across page
refreshes
- **Full Page Refresh**: Ensures all data updates correctly on state
changes
### API Integration
- **Header Forwarding**: All API requests include impersonation header
when active
- **Proxy Support**: Next.js API proxy forwards headers to backend
- **Generated Hooks**: Compatible with existing React Query API hooks
- **Error Handling**: Graceful fallback for storage/authentication
failures
## 🎯 User Experience
### For Admins
1. Navigate to `/admin/impersonation`
2. Enter target user ID (UUID format with validation)
3. System displays security banner during active impersonation
4. All API calls automatically use impersonated user context
5. Click "Stop Impersonation" to return to admin context
### Security Notice
- **Audit Trail**: All impersonation logged with `logger.info()`
including admin email
- **Session Isolation**: Impersonation state stored in sessionStorage
(not persistent)
- **No Token Manipulation**: Uses header-based approach, preserving
admin's JWT
- **Role Enforcement**: Backend validates admin role on every
impersonated request
## 🔧 Technical Details
### Constants & Configuration
- `IMPERSONATION_HEADER_NAME = "X-Act-As-User-Id"`
- `IMPERSONATION_STORAGE_KEY = "admin-impersonate-user-id"`
- Centralized in `frontend/src/lib/constants.ts` and
`autogpt_libs/auth/dependencies.py`
### Code Quality Improvements
- **DRY Principle**: Eliminated duplicate header forwarding logic
- **Icon Compliance**: Uses Phosphor Icons per coding guidelines
- **Type Safety**: Proper TypeScript interfaces and error handling
- **SSR Compatibility**: Environment checks for client-side only
operations
- **Error Consistency**: Uniform silent failure with logging approach
### Testing
- Updated backend auth dependency tests for new function signatures
- Added Mock Request objects for comprehensive test coverage
- Maintained existing test functionality while extending capabilities
## 🚀 CodeRabbit Review Responses
All CodeRabbit feedback has been addressed:
1. ✅ **DRY Principle**: Refactored duplicate header forwarding logic
2. ✅ **Icon Library**: Replaced lucide-react with Phosphor Icons
3. ✅ **SSR Safety**: Added environment checks for sessionStorage
4. ✅ **UI Improvements**: Synchronous initialization prevents flicker
5. ✅ **Error Handling**: Consistent silent failure with logging
6. ✅ **Backend Validation**: Confirmed comprehensive security
implementation
7. ✅ **Type Safety**: Addressed TypeScript concerns
8. ✅ **Code Standards**: Followed all coding guidelines and best
practices
## 🧪 Testing Instructions
1. **Login as Admin**: Ensure user has admin role
2. **Navigate to Panel**: Go to `/admin/impersonation`
3. **Test Impersonation**: Enter valid user UUID and start impersonation
4. **Verify Banner**: Security banner should appear at top of all pages
5. **Test API Calls**: Verify credits/graphs/etc show impersonated
user's data
6. **Check Logging**: Backend logs should show impersonation audit trail
7. **Stop Impersonation**: Verify return to admin context works
correctly
## 📝 Files Modified
### Backend
- `autogpt_libs/auth/dependencies.py` - Core impersonation logic
- `autogpt_libs/auth/dependencies_test.py` - Updated test signatures
### Frontend
- `src/hooks/useAdminImpersonation.ts` - State management hook
- `src/components/admin/AdminImpersonationBanner.tsx` - Security warning
banner
- `src/components/admin/AdminImpersonationPanel.tsx` - Admin control
interface
- `src/app/(platform)/admin/impersonation/page.tsx` - Admin page
- `src/app/(platform)/admin/layout.tsx` - Navigation integration
- `src/app/(platform)/layout.tsx` - Banner integration
- `src/lib/autogpt-server-api/client.ts` - Header injection for API
calls
- `src/lib/autogpt-server-api/helpers.ts` - Header forwarding logic
- `src/app/api/proxy/[...path]/route.ts` - Proxy header forwarding
- `src/app/api/mutators/custom-mutator.ts` - Enhanced error handling
- `src/lib/constants.ts` - Shared constants
## 🔒 Security Compliance
- **Authorization**: Admin role required for impersonation access
- **Authentication**: Uses existing JWT validation with additional role
checks
- **Audit Logging**: Comprehensive logging of all impersonation
activities
- **Error Handling**: Secure error responses without information leakage
- **Session Management**: Temporary sessionStorage without persistent
data
- **Header Validation**: Proper sanitization and validation of
impersonation headers
This implementation provides a secure, auditable, and user-friendly
admin impersonation system that integrates seamlessly with the existing
AutoGPT Platform architecture.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Admin user impersonation to view the app as another user.
* New "User Impersonation" admin page for entering target user IDs and
managing sessions.
* Sidebar link for quick access to the impersonation page.
* Persistent impersonation state that updates app data (e.g., credits)
and survives page reloads.
* Top warning banner when impersonation is active with a Stop
Impersonation control.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Resolves#11226
### Changes 🏗️
- Drop use of `CloudLoggingHandler` which docs state isn't for use in
GKE
- For cloud logging, output only structured log entries to `stdout`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Test deploy to dev and check logs
### Problem
When running multiple backend pods in production, requests can be routed
to different pods causing inconsistent cache states. Additionally, the
current cache implementation in `autogpt_libs` doesn't support shared
caching across processes, leading to data inconsistency and redundant
cache misses.
### Changes 🏗️
- **Moved cache implementation from autogpt_libs to backend**
(`/backend/backend/util/cache.py`)
- Removed `/autogpt_libs/autogpt_libs/utils/cache.py`
- Centralized cache utilities within the backend module
- Updated all import statements across the codebase
- **Implemented Redis-based shared caching**
- Added `shared_cache` parameter to `@cached` decorator for
cross-process caching
- Implemented Redis connection pooling for efficient cache operations
- Added support for cache key pattern matching and bulk deletion
- Added TTL refresh on cache access with `refresh_ttl_on_get` option
- **Enhanced cache functionality**
- Added thundering herd protection with double-checked locking
- Implemented thread-local caching with `@thread_cached` decorator
- Added cache management methods: `cache_clear()`, `cache_info()`,
`cache_delete()`
- Added support for both sync and async functions
- **Updated store caching** (`/backend/server/v2/store/cache.py`)
- Enabled shared caching for all store-related cache functions
- Set appropriate TTL values (5-15 minutes) for different cache types
- Added `clear_all_caches()` function for cache invalidation
- **Added Redis configuration**
- Added Redis connection settings to backend settings
- Configured dedicated connection pool for cache operations
- Set up binary mode for pickle serialization
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Verify Redis connection and cache operations work correctly
- [x] Test shared cache across multiple backend instances
- [x] Verify cache invalidation with `clear_all_caches()`
- [x] Run cache tests: `poetry run pytest
backend/backend/util/cache_test.py`
- [x] Test thundering herd protection under concurrent load
- [x] Verify TTL refresh functionality with `refresh_ttl_on_get=True`
- [x] Test thread-local caching for request-scoped data
- [x] Ensure no performance regression vs in-memory cache
#### For configuration changes:
- [x] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes (Redis already configured)
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
- Redis cache configuration uses existing Redis service settings
(REDIS_HOST, REDIS_PORT, REDIS_PASSWORD)
- No new environment variables required
CI is currently broken because Bitnami has pulled all `bitnami/redis`
images.
The current official Redis image on Docker Hub is `redis`.
### Changes 🏗️
- Replace `bitnami/redis:6.2` by `redis:latest` in Backend CI workflow
file
- Make `REDIS_PASSWORD` optional in the backend settings
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] CI no longer broken
Our API key generation, storage, and verification system has a couple of
issues that need to be ironed out before full-scale deployment.
### Changes 🏗️
- Move from unsalted SHA256 to salted Scrypt hashing for API keys
- Avoid false-negative API key validation due to prefix collision
- Refactor API key management code for clarity
- [refactor(backend): Clean up API key DB & API code
(#10797)](https://github.com/Significant-Gravitas/AutoGPT/pull/10797)
- Rename models and properties in `backend.data.api_key` for clarity
- Eliminate redundant/custom/boilerplate error handling/wrapping in API
key endpoint call stack
- Remove redundant/inaccurate `response_model` declarations from API key
endpoints
Dependencies for `autogpt_libs`:
- Add `cryptography` as a dependency
- Add `pyright` as a dev dependency
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Performing these actions through the UI (still) works:
- [x] Creating an API key
- [x] Listing owned API keys
- [x] Deleting an owned API key
- [x] Newly created API key can be used in Swagger UI
- [x] Existing API key can be used in Swagger UI
- [x] Existing API key is re-encrypted with salt on use
Bumps the development-dependencies group in
/autogpt_platform/autogpt_libs with 1 update:
[ruff](https://github.com/astral-sh/ruff).
Updates `ruff` from 0.12.9 to 0.12.11
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.12.11</h2>
<h2>Release Notes</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>airflow</code>] Extend <code>AIR311</code> and
<code>AIR312</code> rules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20082">#20082</a>)</li>
<li>[<code>airflow</code>] Replace wrong path
<code>airflow.io.storage</code> with <code>airflow.io.store</code>
(<code>AIR311</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20081">#20081</a>)</li>
<li>[<code>flake8-async</code>] Implement
<code>blocking-http-call-httpx-in-async-function</code>
(<code>ASYNC212</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20091">#20091</a>)</li>
<li>[<code>flake8-logging-format</code>] Add auto-fix for f-string
logging calls (<code>G004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19303">#19303</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Add autofix for
<code>PTH211</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20009">#20009</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Make <code>PTH100</code> fix
unsafe because it can change behavior (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20100">#20100</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>, <code>pylint</code>] Fix false positives
caused by <code>__class__</code> cell handling (<code>F841</code>,
<code>PLE0117</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20048">#20048</a>)</li>
<li>[<code>pyflakes</code>] Fix <code>allowed-unused-imports</code>
matching for top-level modules (<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20115">#20115</a>)</li>
<li>[<code>ruff</code>] Fix false positive for t-strings in
<code>default-factory-kwarg</code> (<code>RUF026</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20032">#20032</a>)</li>
<li>[<code>ruff</code>] Preserve relative whitespace in multi-line
expressions (<code>RUF033</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19647">#19647</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>ruff</code>] Handle empty t-strings in
<code>unnecessary-empty-iterable-within-deque-call</code>
(<code>RUF037</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20045">#20045</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Fix incorrect <code>D413</code> links in docstrings convention FAQ
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/20089">#20089</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Update links to the table showing
the correspondence between <code>os</code> and <code>pathlib</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20103">#20103</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
<li><a href="https://github.com/Avasam"><code>@Avasam</code></a></li>
<li><a
href="https://github.com/BurntSushi"><code>@BurntSushi</code></a></li>
<li><a href="https://github.com/Gankra"><code>@Gankra</code></a></li>
<li><a
href="https://github.com/Glyphack"><code>@Glyphack</code></a></li>
<li><a
href="https://github.com/JelleZijlstra"><code>@JelleZijlstra</code></a></li>
<li><a href="https://github.com/Lee-W"><code>@Lee-W</code></a></li>
<li><a
href="https://github.com/MatthewMckee4"><code>@MatthewMckee4</code></a></li>
<li><a
href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li>
<li><a
href="https://github.com/PrettyWood"><code>@PrettyWood</code></a></li>
<li><a href="https://github.com/Renkai"><code>@Renkai</code></a></li>
<li><a href="https://github.com/TaKO8Ki"><code>@TaKO8Ki</code></a></li>
<li><a
href="https://github.com/amyreese"><code>@amyreese</code></a></li>
<li><a href="https://github.com/carljm"><code>@carljm</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/danparizher"><code>@danparizher</code></a></li>
<li><a
href="https://github.com/dhruvmanila"><code>@dhruvmanila</code></a></li>
<li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li>
<li><a
href="https://github.com/github-actions"><code>@github-actions</code></a></li>
<li><a
href="https://github.com/hamirmahal"><code>@hamirmahal</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.12.11</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>airflow</code>] Extend <code>AIR311</code> and
<code>AIR312</code> rules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20082">#20082</a>)</li>
<li>[<code>airflow</code>] Replace wrong path
<code>airflow.io.storage</code> with <code>airflow.io.store</code>
(<code>AIR311</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20081">#20081</a>)</li>
<li>[<code>flake8-async</code>] Implement
<code>blocking-http-call-httpx-in-async-function</code>
(<code>ASYNC212</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20091">#20091</a>)</li>
<li>[<code>flake8-logging-format</code>] Add auto-fix for f-string
logging calls (<code>G004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19303">#19303</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Add autofix for
<code>PTH211</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20009">#20009</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Make <code>PTH100</code> fix
unsafe because it can change behavior (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20100">#20100</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>, <code>pylint</code>] Fix false positives
caused by <code>__class__</code> cell handling (<code>F841</code>,
<code>PLE0117</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20048">#20048</a>)</li>
<li>[<code>pyflakes</code>] Fix <code>allowed-unused-imports</code>
matching for top-level modules (<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20115">#20115</a>)</li>
<li>[<code>ruff</code>] Fix false positive for t-strings in
<code>default-factory-kwarg</code> (<code>RUF026</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20032">#20032</a>)</li>
<li>[<code>ruff</code>] Preserve relative whitespace in multi-line
expressions (<code>RUF033</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19647">#19647</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>ruff</code>] Handle empty t-strings in
<code>unnecessary-empty-iterable-within-deque-call</code>
(<code>RUF037</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20045">#20045</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Fix incorrect <code>D413</code> links in docstrings convention FAQ
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/20089">#20089</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Update links to the table showing
the correspondence between <code>os</code> and <code>pathlib</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20103">#20103</a>)</li>
</ul>
<h2>0.12.10</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>flake8-simplify</code>] Implement fix for
<code>maxsplit</code> without separator (<code>SIM905</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19851">#19851</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Add fixes for <code>PTH102</code>
and <code>PTH103</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19514">#19514</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>isort</code>] Handle multiple continuation lines after module
docstring (<code>I002</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19818">#19818</a>)</li>
<li>[<code>pyupgrade</code>] Avoid reporting <code>__future__</code>
features as unnecessary when they are used (<code>UP010</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19769">#19769</a>)</li>
<li>[<code>pyupgrade</code>] Handle nested <code>Optional</code>s
(<code>UP045</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19770">#19770</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pycodestyle</code>] Make <code>E731</code> fix unsafe instead
of display-only for class assignments (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19700">#19700</a>)</li>
<li>[<code>pyflakes</code>] Add secondary annotation showing previous
definition (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19900">#19900</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Fix description of global config file discovery strategy (<a
href="https://redirect.github.com/astral-sh/ruff/pull/19188">#19188</a>)</li>
<li>Update outdated links to <a
href="https://typing.python.org/en/latest/source/stubs.html">https://typing.python.org/en/latest/source/stubs.html</a>
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/19992">#19992</a>)</li>
<li>[<code>flake8-annotations</code>] Remove unused import in example
(<code>ANN401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/20000">#20000</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c2bc15bc15"><code>c2bc15b</code></a>
Bump 0.12.11 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/20136">#20136</a>)</li>
<li><a
href="e586f6dcc4"><code>e586f6d</code></a>
[ty] Benchmarks for problematic implicit instance attributes cases (<a
href="https://redirect.github.com/astral-sh/ruff/issues/20133">#20133</a>)</li>
<li><a
href="76a6b7e3e2"><code>76a6b7e</code></a>
[<code>pyflakes</code>] Fix <code>allowed-unused-imports</code> matching
for top-level modules (`F4...</li>
<li><a
href="1ce65714c0"><code>1ce6571</code></a>
Move GitLab output rendering to <code>ruff_db</code> (<a
href="https://redirect.github.com/astral-sh/ruff/issues/20117">#20117</a>)</li>
<li><a
href="d9aaacd01f"><code>d9aaacd</code></a>
[ty] Evaluate reachability of non-definitely-bound to Ambiguous (<a
href="https://redirect.github.com/astral-sh/ruff/issues/19579">#19579</a>)</li>
<li><a
href="18eaa659c1"><code>18eaa65</code></a>
[ty] Introduce a representation for the top/bottom materialization of an
inva...</li>
<li><a
href="af259faed5"><code>af259fa</code></a>
[<code>flake8-async</code>] Implement
<code>blocking-http-call-httpx</code> (<code>ASYNC212</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/20091">#20091</a>)</li>
<li><a
href="d75ef3823c"><code>d75ef38</code></a>
[ty] print diagnostics with fully qualified name to disambiguate some
cases (...</li>
<li><a
href="89ca493fd9"><code>89ca493</code></a>
[<code>ruff</code>] Preserve relative whitespace in multi-line
expressions (<code>RUF033</code>) (#...</li>
<li><a
href="4b80f5fa4f"><code>4b80f5f</code></a>
[ty] Optimize TDD atom ordering (<a
href="https://redirect.github.com/astral-sh/ruff/issues/20098">#20098</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.12.9...0.12.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Our current auth setup (`autogpt_libs.auth` + its usage) is quite
inconsistent and doesn't do all of its jobs properly. The 401 responses
you get when unauthenticated are not included in the OpenAPI spec,
causing these to be unaccounted for in the generated frontend API
client. Usage of the FastAPI dependencies supplied by
`autogpt_libs.auth.depends` aren't consistently used the same way,
making maintenance on these hard to oversee. API tests use many
different ways to get around the auth requirement, making this also hard
to maintain and oversee.
This pull request aims to fix all of this and give us a consistent,
clean, and self-documenting API auth implementation.
- Resolves#10715
### Changes 🏗️
- Homogenize use of `autogpt_libs.auth` security dependencies throughout
the backend
- Fix OpenAPI schema generation for 401 responses
- Handle possible 401 responses in frontend
- Tighten validation and add warnings for weak settings in
`autogpt_libs.auth.config`
- Increase test coverage for `autogpt_libs.auth` to 100%
- Standardize auth setup for API tests
- Rename `APIKeyValidator` to `APIKeyAuthenticator` and move to its own
module in `backend.server`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] All tests for `autogpt_libs.auth` pass
- [x] All tests for `backend.server` pass
- [x] @ntindle does a security audit for these changes
- [x] OpenAPI spec for authenticated routes is generated with the
appropriate `401` response
---------
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
- Resolves#10713
### Changes 🏗️
- Remove early exit in API proxy that suppresses auth errors
- Remove unused `proxy-action.ts`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Publish Agent dialog works when logged out
- [x] Publish Agent dialog works when logged in
---------
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Swifty <craigswift13@gmail.com>
## Problem
After applying the CloudLoggingHandler fix to use
BackgroundThreadTransport (#10634), scheduler pods entered a new
deadlock during startup when uvicorn reconfigures logging.
## Root Cause
When uvicorn starts with a log_config parameter, it calls
`logging.config.dictConfig()` which:
1. Calls `_clearExistingHandlers()`
2. Which calls `logging.shutdown()`
3. Which tries to `flush()` all handlers including CloudLoggingHandler
4. CloudLoggingHandler with BackgroundThreadTransport tries to flush its
queue
5. The background worker thread tries to acquire the logging module lock
to check log levels
6. **Deadlock**: shutdown holds lock waiting for flush to complete,
worker thread needs lock to continue
## Thread Dump Evidence
From py-spy analysis of the stuck pod:
- **Thread 21 (FastAPI)**: Stuck in `flush()` waiting for background
thread to drain queue
- **Thread 13 (google.cloud.logging.Worker)**: Waiting for logging lock
in `isEnabledFor()`
- **Thread 1 (MainThread)**: Waiting for logging lock in `getLogger()`
during SQLAlchemy import
- **Threads 30, 31 (Sentry)**: Also waiting for logging lock
## Solution
Set `log_config=None` for all uvicorn servers. This prevents uvicorn
from calling `dictConfig()` and avoids the deadlock entirely.
**Trade-off**: Uvicorn will use its default logging configuration which
may produce duplicate log entries (one from uvicorn, one from the app),
but the application will start successfully without deadlocks.
## Changes
- Set `log_config=None` in all uvicorn.Config() calls
- Remove unused `generate_uvicorn_config` imports
## Testing
- [x] Verified scheduler pods can start and become healthy
- [x] Health checks respond properly
- [x] No deadlocks during startup
- [x] Application logs still appear (though may be duplicated)
## Related Issues
- Fixes the startup deadlock introduced after #10634
This PR consolidates LaunchDarkly feature flag management by moving it
from autogpt_libs to backend and fixing several issues with boolean
handling and configuration management.
### Changes 🏗️
**Code Structure:**
- Move LaunchDarkly client from `autogpt_libs/feature_flag` to
`backend/util/feature_flag.py`
- Delete redundant `config.py` file and merge LaunchDarkly settings into
`backend/util/settings.py`
- Update all imports throughout the codebase to use
`backend.util.feature_flag`
- Move test file to `backend/util/feature_flag_test.py`
**Bug Fixes:**
- Fix `is_feature_enabled` function to properly return boolean values
instead of arbitrary objects that were always evaluating to `True`
- Add proper async/await handling for all `is_feature_enabled` calls
- Add better error handling when LaunchDarkly client is not initialized
**Performance & Architecture:**
- Load Settings at module level instead of creating new instances inside
functions
- Remove unnecessary `sdk_key` parameter from
`initialize_launchdarkly()` function
- Simplify initialization by using centralized settings management
**Configuration:**
- Add `launch_darkly_sdk_key` field to `Secrets` class in settings.py
with proper validation alias
- Remove environment variable fallback in favor of centralized settings
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] All existing feature flag tests pass (6/6 tests passing)
- [x] LaunchDarkly initialization works correctly with settings
- [x] Boolean feature flags return correct values instead of objects
- [x] Non-boolean flag values are properly handled with warnings
- [x] Async/await calls work correctly in AutoMod and activity status
generator
- [x] Code formatting and imports are correct
#### For configuration changes:
- [x] `.env.example` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
**Configuration Changes:**
- LaunchDarkly SDK key is now managed through the centralized Settings
system instead of a separate config file
- Uses existing `LAUNCH_DARKLY_SDK_KEY` environment variable (no changes
needed to env files)
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
## Summary
- Create dedicated notification service entry point
(backend.notification:main)
- Remove NotificationManager from scheduler service for better
separation of concerns
- Update docker-compose to run notification service on dedicated port
8007
- Configure all services to communicate with separate notification
service
This refactoring separates the notification service from the scheduler
service, allowing them to run as independent microservices instead of
two processes in the same pod.
## Changes Made
- **New notification service entry point**: Created
`backend/backend/notification.py` with dedicated main function
- **Updated pyproject.toml**: Added notification service entry point
registration
- **Modified scheduler service**: Removed NotificationManager from
`backend/backend/scheduler.py`
- **Docker Compose updates**: Added notification_server service on port
8007, updated NOTIFICATIONMANAGER_HOST references
## Test plan
- [x] Verify notification service starts correctly with new entry point
- [x] Confirm scheduler service runs without notification manager
- [x] Test docker-compose configuration with separate services
- [x] Validate service discovery between microservices
- [x] Run linting and type checking
🤖 Generated with [Claude Code](https://claude.ai/code)
## Summary
- Adds AI-generated activity status summaries for agent execution
results
- Provides users with conversational, non-technical summaries of what
their agents accomplished
- Includes comprehensive execution data analysis with honest failure
reporting
## Changes Made
- **Backend**: Added `ActivityStatusGenerator` module with async LLM
integration
- **Database**: Extended `GraphExecutionStats` and `Stats` models with
`activity_status` field
- **Frontend**: Added "Smart Agent Execution Summary" display with
disclaimer tooltip
- **Settings**: Added `execution_enable_ai_activity_status` toggle
(disabled by default)
- **Testing**: Comprehensive test suite with 12 test cases covering all
scenarios
## Key Features
- Collects execution data including graph structure, node relations,
errors, and I/O samples
- Generates user-friendly summaries from first-person perspective
- Honest reporting of failures and invalid inputs (no sugar-coating)
- Payload optimization for LLM context limits
- Full async implementation with proper error handling
## Test Plan
- [x] All existing tests pass
- [x] New comprehensive test suite covers success/failure scenarios
- [x] Feature toggle testing (enabled/disabled states)
- [x] Frontend integration displays correctly
- [x] Error handling and edge cases covered
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
HTTP requests can fail when the DNS is messed up. Sometimes this kind of
issue requires a client reset.
### Changes 🏗️
Introduce HTTP client refresh on repeated error
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Manual run, added tests
Bumps [redis](https://github.com/redis/redis-py) from 5.2.1 to 6.2.0,
for both `autogpt_libs` and `backend`.
Also, additional fixes in `autogpt_libs/pyproject.toml`:
- Move `redis` from dev dependencies to prod dependencies
- Fix author info
- Sort dependencies
> [!NOTE]
> Of course dependabot wouldn't do this on its own; this PR has been
taken over and augmented by @Pwuts
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/releases">redis's
releases</a>.</em></p>
<blockquote>
<h2>6.2.0</h2>
<h1>Changes</h1>
<h2>🚀 New Features</h2>
<ul>
<li>Add <code>dynamic_startup_nodes</code> parameter to async
RedisCluster (<a
href="https://redirect.github.com/redis/redis-py/issues/3646">#3646</a>)</li>
<li>Support RESP3 with <code>hiredis-py</code> parser (<a
href="https://redirect.github.com/redis/redis-py/issues/3648">#3648</a>)</li>
<li>[Async] Support for transactions in async <code>RedisCluster</code>
client (<a
href="https://redirect.github.com/redis/redis-py/issues/3649">#3649</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Revert wrongly changed default value for <code>check_hostname</code>
when instantiating <code>RedisSSLContext</code> (<a
href="https://redirect.github.com/redis/redis-py/issues/3655">#3655</a>)</li>
<li>Fixed potential deadlock from unexpected <code>__del__</code> call
(<a
href="https://redirect.github.com/redis/redis-py/issues/3654">#3654</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Update <code>search_json_examples.ipynb</code>: Fix the old import
<code>indexDefinition</code> -> <code>index_definition</code> (<a
href="https://redirect.github.com/redis/redis-py/issues/3652">#3652</a>)</li>
<li>Remove mandatory update of the CHANGES file for new PRs. Changes
file will be kept for history for versions < 4.0.0 (<a
href="https://redirect.github.com/redis/redis-py/issues/3645">#3645</a>)</li>
<li>Dropping <code>Python 3.8</code> support as it has reached end of
life (<a
href="https://redirect.github.com/redis/redis-py/issues/3657">#3657</a>)</li>
<li>fix(doc): update Python print output in json doctests (<a
href="https://redirect.github.com/redis/redis-py/issues/3658">#3658</a>)</li>
<li>Update redis-entraid dependency (<a
href="https://redirect.github.com/redis/redis-py/issues/3661">#3661</a>)</li>
</ul>
<h2></h2>
<p>We'd like to thank all the contributors who worked on this release!
<a href="https://github.com/JCornat"><code>@JCornat</code></a> <a
href="https://github.com/ShubhamKaudewar"><code>@ShubhamKaudewar</code></a>
<a href="https://github.com/uglide"><code>@uglide</code></a> <a
href="https://github.com/petyaslavova"><code>@petyaslavova</code></a>
<a
href="https://github.com/vladvildanov"><code>@vladvildanov</code></a></p>
<h2>v6.1.1</h2>
<h1>Changes</h1>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Revert wrongly changed default value for <code>check_hostname</code>
when instantiating <code>RedisSSLContext</code> (<a
href="https://redirect.github.com/redis/redis-py/issues/3655">#3655</a>)</li>
<li>Fixed potential deadlock from unexpected <code>__del__</code> call
(<a
href="https://redirect.github.com/redis/redis-py/issues/3654">#3654</a>)</li>
</ul>
<h2></h2>
<p>We'd like to thank all the contributors who worked on this release!
<a
href="https://github.com/vladvildanov"><code>@vladvildanov</code></a>
<a
href="https://github.com/petyaslavova"><code>@petyaslavova</code></a></p>
<h2>6.1.0</h2>
<h1>Changes</h1>
<h2>🚀 New Features</h2>
<ul>
<li>Support for transactions in <code>RedisCluster</code> client (<a
href="https://redirect.github.com/redis/redis-py/issues/3611">#3611</a>)</li>
<li>Add equality and hashability to <code>Retry</code> and backoff
classes (<a
href="https://redirect.github.com/redis/redis-py/issues/3628">#3628</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Fix RedisCluster <code>ssl_check_hostname</code> not set to
connections. For SSL verification with
<code>ssl_cert_reqs="none"</code>, check_hostname is set to
<code>False</code> (<a
href="https://redirect.github.com/redis/redis-py/issues/3637">#3637</a>)
<strong>Important</strong>: The default value for the
<code>check_hostname</code> field of <code>RedisSSLContext</code> has
been changed as part of this PR - this is a breaking change and should
not be introduced in minor versions - unfortunately, it is part of the
current release.
The breaking change is reverted in the next release to fix the behavior
--> 6.2.0</li>
<li>Prevent RuntimeError while reinitializing clusters - sync and async
(<a
href="https://redirect.github.com/redis/redis-py/issues/3633">#3633</a>)</li>
<li>Add equality and hashability to <code>Retry</code> and backoff
classes (<a
href="https://redirect.github.com/redis/redis-py/issues/3628">#3628</a>)
- fixes integration with Django RQ</li>
<li>Fix <code>AttributeError</code> on <code>ClusterPipeline</code> (<a
href="https://redirect.github.com/redis/redis-py/issues/3634">#3634</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1a59471870"><code>1a59471</code></a>
Adding small change in code to trigger pipeline for the branch.</li>
<li><a
href="83cf781be6"><code>83cf781</code></a>
Adding small change in README to trigger pipeline for the branch.</li>
<li><a
href="f5cd264c40"><code>f5cd264</code></a>
maintenance: Preparation for release 6.2.0 - updating lib version. (<a
href="https://redirect.github.com/redis/redis-py/issues/3662">#3662</a>)</li>
<li><a
href="793cdc63ac"><code>793cdc6</code></a>
maintenance: Update redis-entraid dependency (<a
href="https://redirect.github.com/redis/redis-py/issues/3661">#3661</a>)</li>
<li><a
href="34c40ff82d"><code>34c40ff</code></a>
fix(doc) : update Python print output in json doctests (<a
href="https://redirect.github.com/redis/redis-py/issues/3658">#3658</a>)</li>
<li><a
href="e5756daafa"><code>e5756da</code></a>
Dropping Python 3.8 support as it has reached end of life (<a
href="https://redirect.github.com/redis/redis-py/issues/3657">#3657</a>)</li>
<li><a
href="bc7de608b8"><code>bc7de60</code></a>
[Async] Support for transactions in async RedisCluster client (<a
href="https://redirect.github.com/redis/redis-py/issues/3649">#3649</a>)</li>
<li><a
href="e226ad2b4c"><code>e226ad2</code></a>
Removing connection_pool field from the CommandProtocol definition (<a
href="https://redirect.github.com/redis/redis-py/issues/3656">#3656</a>)</li>
<li><a
href="14a6fc39bd"><code>14a6fc3</code></a>
fix: Fixed potential deadlock from unexpected <strong>del</strong> call
(<a
href="https://redirect.github.com/redis/redis-py/issues/3654">#3654</a>)</li>
<li><a
href="3ebfd5b569"><code>3ebfd5b</code></a>
fix: Revert wrongly changed default value for check_hostname when
instantiati...</li>
<li>Additional commits viewable in <a
href="https://github.com/redis/redis-py/compare/v5.2.1...v6.2.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reinier van der Leer <pwuts@agpt.co>
## Summary
This PR introduces a complete cloud storage infrastructure and file
upload system that agents can use instead of passing base64 data
directly in inputs, while maintaining backward compatibility for the
builder's node inputs.
### Problem Statement
Currently, when agents need to process files, they pass base64-encoded
data directly in the input, which has several limitations:
1. **Size limitations**: Base64 encoding increases file size by ~33%,
making large files impractical
2. **Memory usage**: Large base64 strings consume significant memory
during processing
3. **Network overhead**: Base64 data is sent repeatedly in API requests
4. **Performance impact**: Encoding/decoding base64 adds processing
overhead
### Solution
This PR introduces a complete cloud storage infrastructure and new file
upload workflow:
1. **New cloud storage system**: Complete `CloudStorageHandler` with
async GCS operations
2. **New upload endpoint**: Agents upload files via `/files/upload` and
receive a `file_uri`
3. **GCS storage**: Files are stored in Google Cloud Storage with
user-scoped paths
4. **URI references**: Agents pass the `file_uri` instead of base64 data
5. **Block processing**: File blocks can retrieve actual file content
using the URI
### Changes Made
#### New Files Introduced:
- **`backend/util/cloud_storage.py`** - Complete cloud storage
infrastructure (545 lines)
- **`backend/util/cloud_storage_test.py`** - Comprehensive test suite
(471 lines)
#### Backend Changes:
- **New cloud storage infrastructure** in
`backend/util/cloud_storage.py`:
- Complete `CloudStorageHandler` class with async GCS operations
- Support for multiple cloud providers (GCS implemented, S3/Azure
prepared)
- User-scoped and execution-scoped file storage with proper
authorization
- Automatic file expiration with metadata-based cleanup
- Path traversal protection and comprehensive security validation
- Async file operations with proper error handling and logging
- **New `UploadFileResponse` model** in `backend/server/model.py`:
- Returns `file_uri` (GCS path like
`gcs://bucket/users/{user_id}/file.txt`)
- Includes `file_name`, `size`, `content_type`, `expires_in_hours`
- Proper Pydantic schema instead of dictionary response
- **New `upload_file` endpoint** in `backend/server/routers/v1.py`:
- Complete new endpoint for file upload with cloud storage integration
- Returns GCS path URI directly as `file_uri`
- Supports user-scoped file storage for proper isolation
- Maintains fallback to base64 data URI when GCS not configured
- File size validation, virus scanning, and comprehensive error handling
#### Frontend Changes:
- **Updated API client** in
`frontend/src/lib/autogpt-server-api/client.ts`:
- Modified return type to expect `file_uri` instead of `signed_url`
- Supports the new upload workflow
- **Enhanced file input component** in
`frontend/src/components/type-based-input.tsx`:
- **Builder nodes**: Still use base64 for immediate data retention
without expiration
- **Agent inputs**: Use the new upload endpoint and pass `file_uri`
references
- Maintains backward compatibility for existing workflows
#### Test Updates:
- **New comprehensive test suite** in
`backend/util/cloud_storage_test.py`:
- 27 test cases covering all cloud storage functionality
- Tests for file storage, retrieval, authorization, and cleanup
- Tests for path validation, security, and error handling
- Coverage for user-scoped, execution-scoped, and system storage
- **New upload endpoint tests** in `backend/server/routers/v1_test.py`:
- Tests for GCS path URI format (`gcs://bucket/path`)
- Tests for base64 fallback when GCS not configured
- Validates file upload, virus scanning, and size limits
- Tests user-scoped file storage and access control
### Benefits
1. **New Infrastructure**: Complete cloud storage system with
enterprise-grade features
2. **Scalability**: Supports larger files without base64 size penalties
3. **Performance**: Reduces memory usage and network overhead with async
operations
4. **Security**: User-scoped file storage with comprehensive access
control and path validation
5. **Flexibility**: Maintains base64 support for builder nodes while
providing URI-based approach for agents
6. **Extensibility**: Designed for multiple cloud providers (GCS, S3,
Azure)
7. **Reliability**: Automatic file expiration, cleanup, and robust error
handling
8. **Backward compatibility**: Existing builder workflows continue to
work unchanged
### Usage
**For Agent Inputs:**
```typescript
// 1. Upload file
const response = await api.uploadFile(file);
// 2. Pass file_uri to agent
const agentInput = { file_input: response.file_uri };
```
**For Builder Nodes (unchanged):**
```typescript
// Still uses base64 for immediate data retention
const nodeInput = { file_input: "data:image/jpeg;base64,..." };
```
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] All new cloud storage tests pass (27/27)
- [x] All upload file tests pass (7/7)
- [x] Full v1 router test suite passes (21/21)
- [x] All server tests pass (126/126)
- [x] Backend formatting and linting pass
- [x] Frontend TypeScript compilation succeeds
- [x] Verified GCS path URI format (`gcs://bucket/path`)
- [x] Tested fallback to base64 data URI when GCS not configured
- [x] Confirmed file upload functionality works in UI
- [x] Validated response schema matches Pydantic model
- [x] Tested agent workflow with file_uri references
- [x] Verified builder nodes still work with base64 data
- [x] Tested user-scoped file access control
- [x] Verified file expiration and cleanup functionality
- [x] Tested security validation and path traversal protection
#### For configuration changes:
- [x] No new configuration changes required
- [x] `.env.example` remains compatible
- [x] `docker-compose.yml` remains compatible
- [x] Uses existing GCS configuration from media storage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude AI <claude@anthropic.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio)
from 0.26.0 to 1.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest-asyncio/releases">pytest-asyncio's
releases</a>.</em></p>
<blockquote>
<h2>pytest-asyncio 1.0.0</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.0.0">1.0.0</a>
- 2025-05-26</h1>
<h2>Removed</h2>
<ul>
<li>The deprecated <em>event_loop</em> fixture.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1106">#1106</a>)</li>
</ul>
<h2>Added</h2>
<ul>
<li>Prelimiary support for Python 3.14
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1025">#1025</a>)</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Scoped event loops (e.g. module-scoped loops) are created once
rather
than per scope (e.g. per module). This reduces the number of fixtures
and speeds up collection time, especially for large test suites.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1107">#1107</a>)</li>
<li>The <em>loop_scope</em> argument to <code>pytest.mark.asyncio</code>
no longer forces
that a pytest Collector exists at the level of the specified scope.
For example, a test function marked with
<code>pytest.mark.asyncio(loop_scope="class")</code> no longer
requires a class
surrounding the test. This is consistent with the behavior of the
<em>scope</em> argument to <code>pytest_asyncio.fixture</code>.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1112">#1112</a>)</li>
</ul>
<h2>Fixed</h2>
<ul>
<li>An error caused when using pytest's [--setup-plan]{.title-ref}
option.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/630">#630</a>)</li>
<li>Unsuppressed import errors with pytest option
<code>--doctest-ignore-import-errors</code>
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/797">#797</a>)</li>
<li>A "fixture not found" error in connection with
package-scoped loops
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1052">#1052</a>)</li>
</ul>
<h2>Notes for Downstream Packagers</h2>
<ul>
<li>Removed a test that had an ordering dependency on other tests.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1114">#1114</a>)</li>
</ul>
<h2>pytest-asyncio 1.0.0a1</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.0.0a1">1.0.0a1</a>
- 2025-05-09</h1>
<h2>Removed</h2>
<ul>
<li>The deprecated <em>event_loop</em> fixture.
(<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1106">#1106</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5ef97bd60a"><code>5ef97bd</code></a>
chore: Prepare release of v1.0.0.</li>
<li><a
href="f212e24ec5"><code>f212e24</code></a>
docs: Mention fix of <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/797">#797</a>.</li>
<li><a
href="32c1d10e87"><code>32c1d10</code></a>
test: Removed obsolete test for async_gen_fixtures.</li>
<li><a
href="627ce9265e"><code>627ce92</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="a55ff36f2c"><code>a55ff36</code></a>
Build(deps): Bump pluggy from 1.5.0 to 1.6.0 in
/dependencies/default</li>
<li><a
href="633389f302"><code>633389f</code></a>
Build(deps): Bump hypothesis in /dependencies/default</li>
<li><a
href="0c99466a6c"><code>0c99466</code></a>
docs: Fixed an error that reported a missing event_loop fixture when
using pa...</li>
<li><a
href="0688d17581"><code>0688d17</code></a>
ci: Replace Github template expansion with env variable expansion.</li>
<li><a
href="2adcf52664"><code>2adcf52</code></a>
ci: Quote Github variable expansion.</li>
<li><a
href="dd0fac96cd"><code>dd0fac9</code></a>
ci: Fixed a bug that prevented release notes from being extracted from a
Git ...</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest-asyncio/compare/v0.26.0...v1.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
This change introduced async execution for blocks and the execution
engine. Paralellism will be achieved through a single process
asynchronous execution instead of process concurrency.
### Changes 🏗️
* Support async execution for the graph executor
* Removed process creation for node execution
* Update all blocks to support async executions
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Manual graph executions, tested many of the impacted blocks.
<!-- Clearly explain the need for these changes: -->
Doing the CASA Audit and this is something to check
### Changes 🏗️
- limits APIs to use their specific endpoints
- use expected trusted sources for each block and requests call
- Use cryptographically valid string comparisons
- Don't log secrets
<!-- Concisely describe all of the changes made in this pull request:
-->
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Testing in dev branch once merged
---------
Co-authored-by: Swifty <craigswift13@gmail.com>
- Resolves#8656
Instead of "NextGen AutoGPT", make page titles like "My Test Agent -
Library - AutoGPT Platform", "Settings - AutoGPT Platform", "Builder -
AutoGPT Platform".
### Changes 🏗️
- Add specific page titles to `/library`, `/library/agents/[id]`,
`/build`, `/profile`, `/profile/api_keys`
- Fix page titles on `/marketplace`, `/profile/settings`
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Go to `/marketplace` and check the page title
- [x] Go to `/library` and check the page title
- [x] Go to `/library/agents/[id]` and check the page title
- [x] Go to `/build` and check the page title
- [x] Go to `/profile` and check the page title
- [x] Go to `/profile/settings` and check the page title
- [x] Go to `/profile/api_keys` and check the page title
- [ ] ~~Go to `/profile/dashboard` and check the page title~~
- [ ] ~~Go to `/profile/integrations` and check the page title~~
- [ ] ~~Go to `/profile/credits` and check the page title~~
Bumps the development-dependencies group in
/autogpt_platform/autogpt_libs with 1 update:
[ruff](https://github.com/astral-sh/ruff).
Updates `ruff` from 0.11.2 to 0.11.10
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This small PR resolves the deprecation warnings of the `logger` library:
```
DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead
```
There are instances of node executions that were failed and end up stuck
in the RUNNING status due to the execution failed to release the lock:
```
2025-04-24 20:53:31,573 INFO [ExecutionManager|uid:25eba2d1-e9c1-44bc-88c7-43e0f4fbad5a|gid:01f8c315-c163-4dd1-a8a0-d396477c5a9f|nid:f8bf84ae-b1f0-4434-8f04-80f43852bc30]|geid:2e1b35c6-0d2f-4e97-adea-f6fe0d9965d0|neid:590b29ea-63ee-4e24-a429-de5a3e191e72|-] Failed node execution 590b29ea-63ee-4e24-a429-de5a3e191e72: Cannot release a lock that's no longer owned
```
### Changes 🏗️
Check the ownership of the lock before releasing.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Existing CI tests.
### Changes 🏗️
Avoid other threads accessing the channel within the same process.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Manual agent runs
### Changes 🏗️
The recent change to the execution cancelation fix turns out to only
work on the first request.
This PR change fixes it by reworking how the thread_cached work on async
functions.
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Cancel agent executions multiple times
<!-- Clearly explain the need for these changes: -->
Uvicorn and our logs were ending up in different places, this pr enures
uvicorn using our logging config, not their own.
### Changes 🏗️
- Clears uvicorn's loggers for rest, ws
- always log to stdout,stderr and additionally log to gcp is appropriate
<!-- Concisely describe all of the changes made in this pull request:
-->
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Test all possible variants of the log cloud vs not and ensure that
uvicorn logs show up in the same place that rest of the system logs do
for all
---------
Co-authored-by: Zamil Majdy <zamil.majdy@agpt.co>
Remove the debug print statements in the logging module.
Every time an app process is started, it prints:
```
Console logging enabled
```
or similar, depending on the logging config.
- Prep work for #8782
- Prep work for #8779
### Changes 🏗️
- refactor(platform): Differentiate graph/node execution events
- fix(platform): Subscribe to execution updates by `graph_exec_id`
instead of `graph_id`+`graph_version`
- refactor(backend): Move all execution related models and functions
from `.data.graph` to `.data.execution`
- refactor(backend): Reorganize & refactor `.data.execution`
- fix(libs): Remove `load_dotenv` in `.auth.config` to fix test config
issues
- dx: Bump version of `black` in pre-commit config to v24.10.0 to match
poetry.lock
- Other minor refactoring in both frontend and backend
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- Run an agent in the builder
- [x] -> works normally, node I/O is updated in real time
- Run an agent in the library
- [x] -> works normally
---------
Co-authored-by: Zamil Majdy <zamil.majdy@agpt.co>
<!-- Clearly explain the need for these changes: -->
If we bounce too many emails from Postmark, they will be really upset
with us, which is not so good. We need a way to react when we bounce
emails, so we set it up so they notify us via webhooks.
We also need to build authentication into those webhooks to prevent
random people from sending us fake webhooks.
All this together means we need a new route for the inbound webhook.
To do this, we need a way to track if the email address is valid. So,
after chatting with @itsababseh, we are adding a validated email field
that defaults to `True` because all the users are already validated in
prod. In dev, we may suffer.
### Changes 🏗️
<!-- Concisely describe all of the changes made in this pull request:
-->
- Adds special API Key auth handler to the libs so that we can easily
test stuff on the /docs endpoint and re-use it if needed
- Adds New Secret for this API key from postmark
- Adds a validatedEmail boolean to the`User` table
- Adds a postmark endpoint to the routers list for handling the inbound
webhook from Postmark
- "Handle" all the various things this endpoint could send us (most of
them we do nothing about)
### Checklist 📋
#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
<!-- Put your test plan here: -->
- [x] Sign up with john@example.com email (the one postmark uses in
webhooks)
- [x] Set email validation to true
- [x] Send the bounce webhook notice
- [x] Check it gets set to false
#### For configuration changes:
- [x] `.env.example` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
Bumps the development-dependencies group with 1 update in the
/autogpt_platform/autogpt_libs directory:
[ruff](https://github.com/astral-sh/ruff).
Updates `ruff` from 0.9.3 to 0.9.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.9.6</h2>
<h2>Release Notes</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>airflow</code>] Add <code>external_task.{ExternalTaskMarker,
ExternalTaskSensor}</code> for <code>AIR302</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16014">#16014</a>)</li>
<li>[<code>flake8-builtins</code>] Make strict module name comparison
optional (<code>A005</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15951">#15951</a>)</li>
<li>[<code>flake8-pyi</code>] Extend fix to Python <= 3.9 for
<code>redundant-none-literal</code> (<code>PYI061</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16044">#16044</a>)</li>
<li>[<code>pylint</code>] Also report when the object isn't a literal
(<code>PLE1310</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15985">#15985</a>)</li>
<li>[<code>ruff</code>] Implement <code>indented-form-feed</code>
(<code>RUF054</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16049">#16049</a>)</li>
<li>[<code>ruff</code>] Skip type definitions for
<code>missing-f-string-syntax</code> (<code>RUF027</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16054">#16054</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>flake8-annotations</code>] Correct syntax for
<code>typing.Union</code> in suggested return type fixes for
<code>ANN20x</code> rules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16025">#16025</a>)</li>
<li>[<code>flake8-builtins</code>] Match upstream module name comparison
(<code>A005</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16006">#16006</a>)</li>
<li>[<code>flake8-comprehensions</code>] Detect overshadowed
<code>list</code>/<code>set</code>/<code>dict</code>, ignore variadics
and named expressions (<code>C417</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15955">#15955</a>)</li>
<li>[<code>flake8-pie</code>] Remove following comma correctly when the
unpacked dictionary is empty (<code>PIE800</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16008">#16008</a>)</li>
<li>[<code>flake8-simplify</code>] Only trigger <code>SIM401</code> on
known dictionaries (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15995">#15995</a>)</li>
<li>[<code>pylint</code>] Do not report calls when object type and
argument type mismatch, remove custom escape handling logic
(<code>PLE1310</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15984">#15984</a>)</li>
<li>[<code>pyupgrade</code>] Comments within parenthesized value ranges
should not affect applicability (<code>UP040</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16027">#16027</a>)</li>
<li>[<code>pyupgrade</code>] Don't introduce invalid syntax when
upgrading old-style type aliases with parenthesized multiline values
(<code>UP040</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16026">#16026</a>)</li>
<li>[<code>pyupgrade</code>] Ensure we do not rename two type parameters
to the same name (<code>UP049</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16038">#16038</a>)</li>
<li>[<code>pyupgrade</code>] [<code>ruff</code>] Don't apply renamings
if the new name is shadowed in a scope of one of the references to the
binding (<code>UP049</code>, <code>RUF052</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16032">#16032</a>)</li>
<li>[<code>ruff</code>] Update <code>RUF009</code> to behave similar to
<code>B008</code> and ignore attributes with immutable types (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16048">#16048</a>)</li>
</ul>
<h3>Server</h3>
<ul>
<li>Root exclusions in the server to project root (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16043">#16043</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>flake8-datetime</code>] Ignore <code>.replace()</code> calls
while looking for <code>.astimezone</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16050">#16050</a>)</li>
<li>[<code>flake8-type-checking</code>] Avoid <code>TC004</code> false
positive where the runtime definition is provided by
<code>__getattr__</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16052">#16052</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Improve <code>ruff-lsp</code> migration document (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16072">#16072</a>)</li>
<li>Undeprecate <code>ruff.nativeServer</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16039">#16039</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
<li><a
href="https://github.com/Daverball"><code>@Daverball</code></a></li>
<li><a
href="https://github.com/InSyncWithFoo"><code>@InSyncWithFoo</code></a></li>
<li><a href="https://github.com/Lee-W"><code>@Lee-W</code></a></li>
<li><a
href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li>
<li><a
href="https://github.com/carlosgmartin"><code>@carlosgmartin</code></a></li>
<li><a
href="https://github.com/dhruvmanila"><code>@dhruvmanila</code></a></li>
<li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li>
<li><a
href="https://github.com/junhsonjb"><code>@junhsonjb</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.9.6</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>airflow</code>] Add <code>external_task.{ExternalTaskMarker,
ExternalTaskSensor}</code> for <code>AIR302</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16014">#16014</a>)</li>
<li>[<code>flake8-builtins</code>] Make strict module name comparison
optional (<code>A005</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15951">#15951</a>)</li>
<li>[<code>flake8-pyi</code>] Extend fix to Python <= 3.9 for
<code>redundant-none-literal</code> (<code>PYI061</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16044">#16044</a>)</li>
<li>[<code>pylint</code>] Also report when the object isn't a literal
(<code>PLE1310</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15985">#15985</a>)</li>
<li>[<code>ruff</code>] Implement <code>indented-form-feed</code>
(<code>RUF054</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16049">#16049</a>)</li>
<li>[<code>ruff</code>] Skip type definitions for
<code>missing-f-string-syntax</code> (<code>RUF027</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16054">#16054</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>flake8-annotations</code>] Correct syntax for
<code>typing.Union</code> in suggested return type fixes for
<code>ANN20x</code> rules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16025">#16025</a>)</li>
<li>[<code>flake8-builtins</code>] Match upstream module name comparison
(<code>A005</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16006">#16006</a>)</li>
<li>[<code>flake8-comprehensions</code>] Detect overshadowed
<code>list</code>/<code>set</code>/<code>dict</code>, ignore variadics
and named expressions (<code>C417</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15955">#15955</a>)</li>
<li>[<code>flake8-pie</code>] Remove following comma correctly when the
unpacked dictionary is empty (<code>PIE800</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16008">#16008</a>)</li>
<li>[<code>flake8-simplify</code>] Only trigger <code>SIM401</code> on
known dictionaries (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15995">#15995</a>)</li>
<li>[<code>pylint</code>] Do not report calls when object type and
argument type mismatch, remove custom escape handling logic
(<code>PLE1310</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15984">#15984</a>)</li>
<li>[<code>pyupgrade</code>] Comments within parenthesized value ranges
should not affect applicability (<code>UP040</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16027">#16027</a>)</li>
<li>[<code>pyupgrade</code>] Don't introduce invalid syntax when
upgrading old-style type aliases with parenthesized multiline values
(<code>UP040</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16026">#16026</a>)</li>
<li>[<code>pyupgrade</code>] Ensure we do not rename two type parameters
to the same name (<code>UP049</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16038">#16038</a>)</li>
<li>[<code>pyupgrade</code>] [<code>ruff</code>] Don't apply renamings
if the new name is shadowed in a scope of one of the references to the
binding (<code>UP049</code>, <code>RUF052</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16032">#16032</a>)</li>
<li>[<code>ruff</code>] Update <code>RUF009</code> to behave similar to
<code>B008</code> and ignore attributes with immutable types (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16048">#16048</a>)</li>
</ul>
<h3>Server</h3>
<ul>
<li>Root exclusions in the server to project root (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16043">#16043</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>flake8-datetime</code>] Ignore <code>.replace()</code> calls
while looking for <code>.astimezone</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16050">#16050</a>)</li>
<li>[<code>flake8-type-checking</code>] Avoid <code>TC004</code> false
positive where the runtime definition is provided by
<code>__getattr__</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16052">#16052</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Improve <code>ruff-lsp</code> migration document (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16072">#16072</a>)</li>
<li>Undeprecate <code>ruff.nativeServer</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/16039">#16039</a>)</li>
</ul>
<h2>0.9.5</h2>
<h3>Preview features</h3>
<ul>
<li>Recognize all symbols named <code>TYPE_CHECKING</code> for
<code>in_type_checking_block</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15719">#15719</a>)</li>
<li>[<code>flake8-comprehensions</code>] Handle builtins at top of file
correctly for <code>unnecessary-dict-comprehension-for-iterable</code>
(<code>C420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15837">#15837</a>)</li>
<li>[<code>flake8-logging</code>] <code>.exception()</code> and
<code>exc_info=</code> outside exception handlers (<code>LOG004</code>,
<code>LOG014</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15799">#15799</a>)</li>
<li>[<code>flake8-pyi</code>] Fix incorrect behaviour of
<code>custom-typevar-return-type</code> preview-mode autofix if
<code>typing</code> was already imported (<code>PYI019</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15853">#15853</a>)</li>
<li>[<code>flake8-pyi</code>] Fix more complex cases
(<code>PYI019</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15821">#15821</a>)</li>
<li>[<code>flake8-pyi</code>] Make <code>PYI019</code> autofixable for
<code>.py</code> files in preview mode as well as stubs (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15889">#15889</a>)</li>
<li>[<code>flake8-pyi</code>] Remove type parameter correctly when it is
the last (<code>PYI019</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/15854">#15854</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="524cf6e515"><code>524cf6e</code></a>
Bump version to 0.9.6 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16074">#16074</a>)</li>
<li><a
href="857cf0deb0"><code>857cf0d</code></a>
Revert tailwindcss v4 update (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16075">#16075</a>)</li>
<li><a
href="0f1eb1e2fc"><code>0f1eb1e</code></a>
Improve migration document (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16072">#16072</a>)</li>
<li><a
href="b69eb9099a"><code>b69eb90</code></a>
Fix reference definition labels for backtick-quoted shortcut links (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16035">#16035</a>)</li>
<li><a
href="d2f661f795"><code>d2f661f</code></a>
RUF009 should behave similar to B008 and ignore attributes with
immutable typ...</li>
<li><a
href="07cf8852a3"><code>07cf885</code></a>
[<code>pylint</code>] Also report when the object isn't a literal
(<code>PLE1310</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/15985">#15985</a>)</li>
<li><a
href="c08989692b"><code>c089896</code></a>
Update Rust crate rustc-hash to v2.1.1 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16060">#16060</a>)</li>
<li><a
href="869a9543e4"><code>869a954</code></a>
Root exclusions in the server to project root (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16043">#16043</a>)</li>
<li><a
href="cc0a5dd14a"><code>cc0a5dd</code></a>
Directly include <code>Settings</code> struct for the server (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16042">#16042</a>)</li>
<li><a
href="b54e390cb4"><code>b54e390</code></a>
Update Rust crate clap to v4.5.28 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/16059">#16059</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.9.3...0.9.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bently <tomnoon9@gmail.com>
dependabot[bot]