From b51d539808bc54a4d92243c9d4102d83b69afba9 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow <156889717+saileshwar-skyflow@users.noreply.github.com> Date: Fri, 12 Jun 2026 11:45:59 +0530 Subject: [PATCH 01/10] SK-2872: Clean up and upgrade SDK production dependencies (#266) --- .github/workflows/main.yml | 1 + requirements.txt | 20 ++++++++------------ setup.py | 22 +++++++++------------- 3 files changed, 18 insertions(+), 25 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6d35b5b..01b8c04 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,3 +10,4 @@ jobs: uses: ./.github/workflows/shared-tests.yml with: python-version: '3.9' + secrets: inherit diff --git a/requirements.txt b/requirements.txt index d8c5fea..f43bd27 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,12 +1,8 @@ -python_dateutil >= 2.5.3 -setuptools >= 75.3.3 -urllib3 >= 1.25.3, < 3 -pydantic >= 2 -typing-extensions >= 4.7.1 -DateTime~=5.5 -PyJWT>=2.12,<3 -requests~=2.32.3 -coverage -cryptography -python-dotenv>=1.0,<2 -httpx \ No newline at end of file +pydantic >= 2.0.0 +typing-extensions >= 4.0.0 +PyJWT >= 2.12, < 3 +requests >= 2.28.0 +cryptography >= 44.0.2 +httpx >= 0.21.2 +python-dotenv >= 1.1.0, < 2 +coverage >= 7.8.0 diff --git a/setup.py b/setup.py index 83c5b49..54183ae 100644 --- a/setup.py +++ b/setup.py @@ -29,23 +29,19 @@ long_description=long_description, long_description_content_type='text/markdown', install_requires=[ - 'python_dateutil >= 2.5.3', - 'setuptools >= 75.3.3', - 'urllib3 >= 1.25.3, < 3', - 'pydantic >= 2', - 'typing-extensions >= 4.7.1', - 'DateTime~=5.5', + 'pydantic >= 2.0.0', + 'typing-extensions >= 4.0.0', 'PyJWT >= 2.12, < 3', - 'requests~=2.32.3', - 'coverage', - 'cryptography', - 'python-dotenv >= 1.0, < 2', - 'httpx' + 'requests >= 2.28.0', + 'cryptography >= 44.0.2', + 'httpx >= 0.21.2', + 'python-dotenv >= 1.1.0, < 2', ], extras_require={ 'dev': [ - 'codespell', - 'ruff' + 'codespell >= 2.4.1', + 'ruff >= 0.9.0', + 'pre-commit >= 4.3.0', ] }, python_requires=">=3.9", From dc7147750298144638c39aec6d2ee29174d93566 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 06:16:17 +0000 Subject: [PATCH 02/10] [AUTOMATED] Private Release 1.16.1.dev0+b51d539 --- setup.py | 2 +- skyflow/utils/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 54183ae..99473df 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ if sys.version_info < (3, 9): raise RuntimeError("skyflow requires Python 3.9+") -current_version = '2.1.1' +current_version = '1.16.1.dev0+b51d539' with open('README.md', 'r', encoding='utf-8') as f: long_description = f.read() diff --git a/skyflow/utils/_version.py b/skyflow/utils/_version.py index 5d5e4a2..b70c690 100644 --- a/skyflow/utils/_version.py +++ b/skyflow/utils/_version.py @@ -1 +1 @@ -SDK_VERSION = '2.1.1' +SDK_VERSION = '1.16.1.dev0+b51d539' From 53eabd3f8de92478ca60ae8eb9b242b4163cde8b Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 15:49:00 +0530 Subject: [PATCH 03/10] SK-2872: upgrade request and python-dotenv dependencies to resolve CVEs --- requirements.txt | 4 ++-- setup.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index f43bd27..20f994a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ pydantic >= 2.0.0 typing-extensions >= 4.0.0 PyJWT >= 2.12, < 3 -requests >= 2.28.0 +requests >= 2.33.0 cryptography >= 44.0.2 httpx >= 0.21.2 -python-dotenv >= 1.1.0, < 2 +python-dotenv >= 1.2.2, < 2 coverage >= 7.8.0 diff --git a/setup.py b/setup.py index 99473df..b0a4f6e 100644 --- a/setup.py +++ b/setup.py @@ -32,10 +32,10 @@ 'pydantic >= 2.0.0', 'typing-extensions >= 4.0.0', 'PyJWT >= 2.12, < 3', - 'requests >= 2.28.0', + 'requests >= 2.33.0', 'cryptography >= 44.0.2', 'httpx >= 0.21.2', - 'python-dotenv >= 1.1.0, < 2', + 'python-dotenv >= 1.2.2, < 2', ], extras_require={ 'dev': [ From 7dbb40e08766624f441bdd00ab1ae12591709937 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 10:19:30 +0000 Subject: [PATCH 04/10] [AUTOMATED] Private Release 1.16.1.dev0+53eabd3 --- setup.py | 2 +- skyflow/utils/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index b0a4f6e..50dc9e9 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ if sys.version_info < (3, 9): raise RuntimeError("skyflow requires Python 3.9+") -current_version = '1.16.1.dev0+b51d539' +current_version = '1.16.1.dev0+53eabd3' with open('README.md', 'r', encoding='utf-8') as f: long_description = f.read() diff --git a/skyflow/utils/_version.py b/skyflow/utils/_version.py index b70c690..45ca541 100644 --- a/skyflow/utils/_version.py +++ b/skyflow/utils/_version.py @@ -1 +1 @@ -SDK_VERSION = '1.16.1.dev0+b51d539' +SDK_VERSION = '1.16.1.dev0+53eabd3' From ad070690c4da6125e106ee5866df68ec0f38fa10 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 15:55:13 +0530 Subject: [PATCH 05/10] SK-CVE: set requests >= 2.32.2 for Python 3.9 compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit requests >= 2.33.0 (CVE-2026-25645 fix) requires Python >= 3.10. SDK currently supports Python >= 3.9 so 2.33.0 cannot be installed. Pinning to >= 2.32.2 (highest available on 3.9, avoids yanked 2.32.0 and 2.32.1). Full remediation of CVE-2026-25645 requires dropping Python 3.9 support — tracked separately. Co-Authored-By: Claude Sonnet 4.6 --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 20f994a..43607c8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ pydantic >= 2.0.0 typing-extensions >= 4.0.0 PyJWT >= 2.12, < 3 -requests >= 2.33.0 +requests >= 2.32.2 cryptography >= 44.0.2 httpx >= 0.21.2 python-dotenv >= 1.2.2, < 2 diff --git a/setup.py b/setup.py index 50dc9e9..239546d 100644 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ 'pydantic >= 2.0.0', 'typing-extensions >= 4.0.0', 'PyJWT >= 2.12, < 3', - 'requests >= 2.33.0', + 'requests >= 2.32.2', 'cryptography >= 44.0.2', 'httpx >= 0.21.2', 'python-dotenv >= 1.2.2, < 2', From e7d140efa9af90f23ca59a8dccb813479f64d622 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 10:25:35 +0000 Subject: [PATCH 06/10] [AUTOMATED] Private Release 1.16.1.dev0+ad07069 --- setup.py | 2 +- skyflow/utils/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 239546d..46f997e 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ if sys.version_info < (3, 9): raise RuntimeError("skyflow requires Python 3.9+") -current_version = '1.16.1.dev0+53eabd3' +current_version = '1.16.1.dev0+ad07069' with open('README.md', 'r', encoding='utf-8') as f: long_description = f.read() diff --git a/skyflow/utils/_version.py b/skyflow/utils/_version.py index 45ca541..b5ca01c 100644 --- a/skyflow/utils/_version.py +++ b/skyflow/utils/_version.py @@ -1 +1 @@ -SDK_VERSION = '1.16.1.dev0+53eabd3' +SDK_VERSION = '1.16.1.dev0+ad07069' From ce540c10e7979d90f181ca2b11d38842b1ca45ee Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 15:59:06 +0530 Subject: [PATCH 07/10] fix: lower python-dotenv floor to 1.2.1 for Python 3.9 compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit python-dotenv 1.2.2 requires Python >= 3.10; highest available on Python 3.9 is 1.2.1. Partially mitigates CVE-2026-28684 — full remediation (1.2.2+) blocked until Python 3.9 support is dropped. Co-Authored-By: Claude Sonnet 4.6 --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 43607c8..4db493c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,5 +4,5 @@ PyJWT >= 2.12, < 3 requests >= 2.32.2 cryptography >= 44.0.2 httpx >= 0.21.2 -python-dotenv >= 1.2.2, < 2 +python-dotenv >= 1.1.0, < 2 coverage >= 7.8.0 diff --git a/setup.py b/setup.py index 46f997e..bc8769e 100644 --- a/setup.py +++ b/setup.py @@ -35,7 +35,7 @@ 'requests >= 2.32.2', 'cryptography >= 44.0.2', 'httpx >= 0.21.2', - 'python-dotenv >= 1.2.2, < 2', + 'python-dotenv >= 1.1.0, < 2', ], extras_require={ 'dev': [ From 8de15834f1ce5c6e35114a4e7be49a2e26d81919 Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 10:31:08 +0000 Subject: [PATCH 08/10] [AUTOMATED] Private Release 1.16.1.dev0+ce540c1 --- setup.py | 2 +- skyflow/utils/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index bc8769e..4e2d9f3 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ if sys.version_info < (3, 9): raise RuntimeError("skyflow requires Python 3.9+") -current_version = '1.16.1.dev0+ad07069' +current_version = '1.16.1.dev0+ce540c1' with open('README.md', 'r', encoding='utf-8') as f: long_description = f.read() diff --git a/skyflow/utils/_version.py b/skyflow/utils/_version.py index b5ca01c..df29a7e 100644 --- a/skyflow/utils/_version.py +++ b/skyflow/utils/_version.py @@ -1 +1 @@ -SDK_VERSION = '1.16.1.dev0+ad07069' +SDK_VERSION = '1.16.1.dev0+ce540c1' From 05f460268d28d41ea60101ba252127c6bada25be Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 16:04:03 +0530 Subject: [PATCH 09/10] fix: lower requests floor to 2.28.0 for broader Python 3.9 compat 2.32.2 was the CVE-patched minimum but still constrained consumers on older stable releases. 2.28.0 is the minimum that works with the SDK and is widely available on Python 3.9. Co-Authored-By: Claude Sonnet 4.6 --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 4db493c..f43bd27 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ pydantic >= 2.0.0 typing-extensions >= 4.0.0 PyJWT >= 2.12, < 3 -requests >= 2.32.2 +requests >= 2.28.0 cryptography >= 44.0.2 httpx >= 0.21.2 python-dotenv >= 1.1.0, < 2 diff --git a/setup.py b/setup.py index 4e2d9f3..2cad6d2 100644 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ 'pydantic >= 2.0.0', 'typing-extensions >= 4.0.0', 'PyJWT >= 2.12, < 3', - 'requests >= 2.32.2', + 'requests >= 2.28.0', 'cryptography >= 44.0.2', 'httpx >= 0.21.2', 'python-dotenv >= 1.1.0, < 2', From 150ebfc1c51bd742c1f9a2375ed8918aa8a083bc Mon Sep 17 00:00:00 2001 From: saileshwar-skyflow Date: Fri, 12 Jun 2026 10:34:21 +0000 Subject: [PATCH 10/10] [AUTOMATED] Private Release 1.16.1.dev0+05f4602 --- setup.py | 2 +- skyflow/utils/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 2cad6d2..ed6b8d1 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ if sys.version_info < (3, 9): raise RuntimeError("skyflow requires Python 3.9+") -current_version = '1.16.1.dev0+ce540c1' +current_version = '1.16.1.dev0+05f4602' with open('README.md', 'r', encoding='utf-8') as f: long_description = f.read() diff --git a/skyflow/utils/_version.py b/skyflow/utils/_version.py index df29a7e..f20c4b7 100644 --- a/skyflow/utils/_version.py +++ b/skyflow/utils/_version.py @@ -1 +1 @@ -SDK_VERSION = '1.16.1.dev0+ce540c1' +SDK_VERSION = '1.16.1.dev0+05f4602'