Chore(deps): Bump pueblo[cli] from 0.0.15 to 0.0.17 by dependabot[bot] · Pull Request #80 · tech-writing/linksmith

dependabot · 2026-03-23T17:35:48Z

Bumps pueblo[cli] from 0.0.15 to 0.0.17.

Release notes

v0.0.17

What's Changed

mcp: Added McpConversation helper for exercising an MCP server

Details

CI: Naming things. README: Adjust badges. Project: Alpha -> Beta. by @amotl in pyveci/pueblo#247

mcp: Added McpConversation helper for exercising an MCP server by @amotl in pyveci/pueblo#249

Full Changelog: pyveci/pueblo@v0.0.16...v0.0.17

v0.0.16

What's Changed

Replaced NLTK with spaCy to remediate CVE-2025-14009, following the decision of the unstructured package. NLTK's downloader uses zipfile.extractall() without path validation, enabling RCE via malicious packages (CVSS 10.0, no patch available). spaCy models install as pip packages, eliminating the vulnerable downloader entirely.

ngr: Added runner for shell scripts like test.sh

Details

chore(deps): update dependency coverlet.collector to v8 by @renovate[bot] in pyveci/pueblo#236

chore(deps): update dependency microsoft.net.test.sdk to 18.3.0 by @renovate[bot] in pyveci/pueblo#237

fix(deps): update dependency yarl to <1.24 - autoclosed by @renovate[bot] in pyveci/pueblo#238

chore(deps): update dependency coverlet.collector to 8.0.1 - autoclosed by @renovate[bot] in pyveci/pueblo#240

chore(deps): update dependency ruby to v4.0.2 by @renovate[bot] in pyveci/pueblo#239

Dependencies: Replace NLTK with spaCy by @amotl in pyveci/pueblo#241

CI: Modernize GHA configuration by @amotl in pyveci/pueblo#242

Maintenance: Switch type checker from mypy to ty by @amotl in pyveci/pueblo#243

Chore: Format pyproject.toml with most recent pyproject-fmt by @amotl in pyveci/pueblo#245

Tests: Activate tests for Meltano on Python 3.13 and higher by @amotl in pyveci/pueblo#244

Update dependency unstructured to <0.21.6 by @renovate[bot] in pyveci/pueblo#235

ngr: Add runner for test.sh programs by @amotl in pyveci/pueblo#246

Full Changelog: pyveci/pueblo@v0.0.15...v0.0.16

Changelog

Sourced from pueblo[cli]'s changelog.

2026-03-22 v0.0.17

mcp: Added McpConversation helper for exercising an MCP server

2026-03-22 v0.0.16

Replaced NLTK with spaCy to remediate CVE-2025-14009, following the decision of the unstructured package. NLTK's downloader uses zipfile.extractall() without path validation, enabling RCE via malicious packages (CVSS 10.0, no patch available). spaCy models install as pip packages, eliminating the vulnerable downloader entirely.

ngr: Added runner for shell scripts like test.sh

Commits

04eaa2c Release v0.0.17
3871e36 mcp: Implement suggestions by CodeRabbit
1cb054f mcp: Added McpConversation helper for exercising an MCP server
81a1f58 Project: Alpha -> Beta
6bf343b README: Adjust badges
e29e5a9 CI: Naming things
75fa079 Release v0.0.16
21b0a1e ngr: Add runner for shell scripts like test.sh
1a7fdab fix(deps): update dependency unstructured to <0.21.6
218de37 Tests: Activate tests for Meltano on Python 3.13 and higher
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pueblo[cli]](https://github.com/pyveci/pueblo) from 0.0.15 to 0.0.17. - [Release notes](https://github.com/pyveci/pueblo/releases) - [Changelog](https://github.com/pyveci/pueblo/blob/main/CHANGES.md) - [Commits](pyveci/pueblo@v0.0.15...v0.0.17) --- updated-dependencies: - dependency-name: pueblo[cli] dependency-version: 0.0.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chore(deps): Bump pueblo[cli] from 0.0.15 to 0.0.17#80

Chore(deps): Bump pueblo[cli] from 0.0.15 to 0.0.17#80
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pueblo-cli--0.0.17

dependabot Bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants