Conversation
hugovk
requested review from
JarLob,
Kwstubbs,
anticomputer,
kevinbackhouse,
m-y-mo,
p- and
sylwia-budzynska
as code owners
There was a problem hiding this comment.
Pull request overview
Adds Python 3.14 support across packaging metadata and CI, along with dependency and GitHub Actions updates needed to keep the project compatible.
Changes:
- Advertise Python 3.14 support via Trove classifier updates.
- Update CI matrix to run tests on Python 3.14 (alongside 3.11).
- Bump Pydantic-related dependencies and update several GitHub Actions major versions.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Adds Python 3.14 classifier; updates pinned dependency versions (notably Pydantic stack). |
.github/workflows/ci.yml |
Tests on Python 3.14; updates checkout action major version. |
.github/workflows/smoketest.yaml |
Updates actions/setup-python major version. |
.github/workflows/release.yml |
Updates checkout/setup-python/attestation action major versions. |
.github/workflows/codeql.yml |
Updates checkout action major version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "pydantic_core==2.33.2", | ||
| "pydantic==2.13.3", | ||
| "pydantic-settings==2.14.0", | ||
| "pydantic_core==2.46.3", |
There was a problem hiding this comment.
pydantic, pydantic-settings, and especially pydantic_core are tightly coupled; pinning pydantic_core independently can make the dependency set unsatisfiable if it doesn’t match the exact pydantic requirement. Consider removing the explicit pydantic_core pin (let pydantic pull the compatible version) or update it to the version required by pydantic==2.13.3 to avoid pip resolver failures.
| "pydantic_core==2.46.3", |
| matrix: | ||
| os: [ubuntu-latest, windows-latest, macos-latest] | ||
| python-version: ['3.11', '3.13'] # the one we have in the Codespace + the latest supported one by PyO3. | ||
| python-version: ['3.11', '3.14'] # the one we have in the Codespace + the latest supported one by PyO3. |
There was a problem hiding this comment.
The inline comment mentions “latest supported one by PyO3”, but this repository doesn’t appear to use PyO3; this makes the rationale for the matrix versions unclear/misleading. Update the comment to reflect the actual reason for testing 3.11 and 3.14 (or remove it).
| python-version: ['3.11', '3.14'] # the one we have in the Codespace + the latest supported one by PyO3. | |
| python-version: ['3.11', '3.14'] |
After this is released, https://github.com/GitHubSecurityLab/seclab-taskflows can be updated for 3.14 as well.