chore: Clean up dependencies and update GitHub Actions (#57)

kishore7snehil · web-flow · commit e84e8d2f2994 · 2025-10-22T15:56:59.000+05:30
* chore: update GitHub Actions and dependencies to latest versions, remove semgrep workflow

* chore: bump uvicorn version from 0.34 to 0.38
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -36,18 +36,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           fetch-tags: true
@@ -68,7 +68,7 @@ jobs:
           prerelease: ${{ steps.get_prerelease.outputs.prerelease }}
 
       - name: Configure Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.12"
 
diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml
@@ -31,13 +31,13 @@ jobs:
       scan-status: ${{ steps.rl-scan-conclusion.outcome }}
       
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
           fetch-tags: true
 
       - name: Configure Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ inputs.python-version }}
 
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -31,10 +31,10 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
-      - uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0
+      - uses: snyk/actions/python@9adf32b1121593767fc3c057af55b55db032dc04 # pin@1.0.0
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v3
     
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v6
       with:
         python-version: ${{ matrix.python-version }}
     
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -12,19 +12,18 @@ packages = [
 
 [tool.poetry.dependencies]
 python = ">=3.9"
-auth0-server-python = ">=1.0.0b3"  
+auth0-server-python = ">=1.0.0b5"  
 fastapi = ">=0.115.11,<0.117.0"
-itsdangerous = "^2.2.0"
+pydantic = "^2.12.3"
 
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^7.2"
 pytest-cov = "^4.0"
 pytest-asyncio = "^0.20.3"
 pytest-mock = "^3.14.0"
-uvicorn = "^0.34.0"
-twine = "^6.1.0"
-ruff = "^0.12.7"
+uvicorn = "^0.38.0"
+ruff = ">=0.12.7,<0.15.0"
 
 [tool.pytest.ini_options]
 addopts = "--cov=auth0_fastapi --cov-report=term-missing --cov-report=html"
diff --git a/requirements.txt b/requirements.txt
@@ -1,16 +1,8 @@
-# Direct dependencies
-auth0-server-python==1.0.0b4
-Authlib==1.6.5
-fastapi==0.116.1
-itsdangerous==2.2.0
-pydantic==2.11.7
-pydantic_core==2.33.2
-starlette==0.47.2
-typing_extensions==4.14.1
-uvicorn==0.34.3
-pytest==7.4.4
-pytest-asyncio==0.20.3
-pytest-cov==4.1.0
-pytest-mock==3.14.1
-ruff==0.12.7
-coverage==7.10.2
+auth0-server-python>=1.0.0b5
+fastapi>=0.116.1
+pydantic>=2.12.3
+uvicorn>=0.38.0
+pytest>=7.4.4
+pytest-asyncio>=0.20.3
+pytest-cov>=4.1.0
+pytest-mock>=3.14.1
