Chore(deps): Bump pueblo from 0.0.15 to 0.0.18 by dependabot[bot] · Pull Request #84 · tech-writing/linksmith

dependabot · 2026-04-13T18:18:54Z

Bumps pueblo from 0.0.15 to 0.0.18.

Release notes

v0.0.17

What's Changed

mcp: Added McpConversation helper for exercising an MCP server

Details

CI: Naming things. README: Adjust badges. Project: Alpha -> Beta. by @amotl in pyveci/pueblo#247

mcp: Added McpConversation helper for exercising an MCP server by @amotl in pyveci/pueblo#249

Full Changelog: pyveci/pueblo@v0.0.16...v0.0.17

v0.0.16

What's Changed

Replaced NLTK with spaCy to remediate CVE-2025-14009, following the decision of the unstructured package. NLTK's downloader uses zipfile.extractall() without path validation, enabling RCE via malicious packages (CVSS 10.0, no patch available). spaCy models install as pip packages, eliminating the vulnerable downloader entirely.

ngr: Added runner for shell scripts like test.sh

Details

chore(deps): update dependency coverlet.collector to v8 by @renovate[bot] in pyveci/pueblo#236

chore(deps): update dependency microsoft.net.test.sdk to 18.3.0 by @renovate[bot] in pyveci/pueblo#237

fix(deps): update dependency yarl to <1.24 - autoclosed by @renovate[bot] in pyveci/pueblo#238

chore(deps): update dependency coverlet.collector to 8.0.1 - autoclosed by @renovate[bot] in pyveci/pueblo#240

chore(deps): update dependency ruby to v4.0.2 by @renovate[bot] in pyveci/pueblo#239

Dependencies: Replace NLTK with spaCy by @amotl in pyveci/pueblo#241

CI: Modernize GHA configuration by @amotl in pyveci/pueblo#242

Maintenance: Switch type checker from mypy to ty by @amotl in pyveci/pueblo#243

Chore: Format pyproject.toml with most recent pyproject-fmt by @amotl in pyveci/pueblo#245

Tests: Activate tests for Meltano on Python 3.13 and higher by @amotl in pyveci/pueblo#244

Update dependency unstructured to <0.21.6 by @renovate[bot] in pyveci/pueblo#235

ngr: Add runner for test.sh programs by @amotl in pyveci/pueblo#246

Full Changelog: pyveci/pueblo@v0.0.15...v0.0.16

Changelog

Sourced from pueblo's changelog.

2026-04-07 v0.0.18

general: Downgrade to poethepoet 0.42 to fix task runner API

nlp: Relax package dependencies by removing upper bounds. The idea of a "validated ecosystem" is counter-productive in this case, because the strict constraints limit test case evolution.

2026-03-22 v0.0.17

mcp: Added McpConversation helper for exercising an MCP server

2026-03-22 v0.0.16

Replaced NLTK with spaCy to remediate CVE-2025-14009, following the decision of the unstructured package. NLTK's downloader uses zipfile.extractall() without path validation, enabling RCE via malicious packages (CVSS 10.0, no patch available). spaCy models install as pip packages, eliminating the vulnerable downloader entirely.

ngr: Added runner for shell scripts like test.sh

Commits

6cc3581 Release v0.0.18
0975896 Update dependency ty to <0.0.30
70b31f6 Update dependency Microsoft.NET.Test.Sdk to 18.4.0
78e6abf nlp: Relax package dependencies by removing upper bounds
84d2ce2 general: Downgrade to poethepoet 0.42 to fix task runner API
03abc76 ty 0.0.26: Adjust ignore tags type -> ty
8b3dcb8 ty 0.0.26: Update package
994cabb Update dependency fsspec to <2026.4
9d15ad8 Update dependency unstructured to <0.22.7
b0f497e Update codecov/codecov-action action to v6
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pueblo](https://github.com/pyveci/pueblo) from 0.0.15 to 0.0.18. - [Release notes](https://github.com/pyveci/pueblo/releases) - [Changelog](https://github.com/pyveci/pueblo/blob/main/CHANGES.md) - [Commits](pyveci/pueblo@v0.0.15...v0.0.18) --- updated-dependencies: - dependency-name: pueblo dependency-version: 0.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 13, 2026

dependabot Bot mentioned this pull request Apr 13, 2026

Chore(deps): Bump pueblo from 0.0.15 to 0.0.17 #81

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chore(deps): Bump pueblo from 0.0.15 to 0.0.18#84

Chore(deps): Bump pueblo from 0.0.15 to 0.0.18#84
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pueblo-0.0.18

dependabot Bot commented on behalf of github Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants