Skip to content

Relax multilspy's exact requests pin via uv override#627

Open
Copilot wants to merge 2 commits intostagingfrom
copilot/fix-dependabot-job-failure
Open

Relax multilspy's exact requests pin via uv override#627
Copilot wants to merge 2 commits intostagingfrom
copilot/fix-dependabot-job-failure

Conversation

Copy link
Contributor

Copilot AI commented Mar 22, 2026
edited
Loading

multilspy==0.0.11 (installed from the AviAvni git fork) pins requests==2.32.3 exactly, causing uv to fail resolution whenever Dependabot attempts to bump requests to a newer version.

Change

Added a [tool.uv] override in pyproject.toml to relax the constraint:

[tool.uv]
override-dependencies = [
    "requests>=2.32.3",
]

This instructs uv to ignore the transitive exact pin from multilspy and accept any requests>=2.32.3, unblocking Dependabot version bumps without modifying the upstream fork.

Original prompt

The Dependabot update job is failing because multilspy==0.0.11 (installed from git+https://github.com/AviAvni/multilspy.git@python-init-params) pins requests==2.32.3 exactly. When Dependabot tries to bump requests to 2.32.4, uv cannot resolve the dependency tree.

The fix is to add a [tool.uv] section with an override-dependencies entry in pyproject.toml to relax the requests constraint:

[tool.uv]
override-dependencies = [
    "requests>=2.32.3",
]

This should be added at the end of the existing pyproject.toml file (after the [tool.setuptools.packages.find] section). This tells uv to allow newer versions of requests even though multilspy pins 2.32.3, unblocking Dependabot version bumps.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Please find a solution for this failing job. Use the logs, job definition, and any referenced files where the failure occurred. Keep your response focused on the solution and include code suggestions when appropriate.

Assistant:

I'll investigate the failing job by retrieving the job details and logs.

Assistant: Let me look at the pyproject.toml to understand the dependency setup.

Assistant: Now let me check what version of requests the multilspy fork pins:

Assistant: Here's the root cause and solution for this failing Dependabot job.

Root Cause

The Dependabot update is failing with a dependency_file_not_resolvable error for both pypdf and requests. The key error message is:

No solution found when resolving dependencies:
Because multilspy==0.0.11 depends on requests==2.32.3 and Dependabot is trying to bump requests to 2.32.4, there is no valid resolution.

The problem is a pinned transitive dependency conflict. In pyproject.toml (line 22):

"multilspy @ git+https://github.com/AviAvni/multilspy.git@python-init-params",

The multilspy fork at AviAvni/multilspy (branch python-init-params) pins requests==2.32.3 (exact version). Dependabot tries to bump requests to 2.32.4, but uv cannot resolve the dependency tree because multilspy strictly requires 2.32.3.

Solution

You have two options:

Option 1: Fix the upstream fork (Recommended)

Update the multilspy fork's pyproject.toml to relax the requests pin. In AviAvni/multilspy on branch python-init-params, change line 30 from:

"requests==2.32.3"

to a more flexible constraint:

"requests>=2.32.3,<3.0.0"

This allows Dependabot (and any consumer) to resolve newer patch versions of requests without conflict.

Option 2: Ignore requests in Dependabot config

If you can't change the upstream fork, configure Dependabot to skip requests updates. In .github/dependabot.yml, add an ignore rule:

updates:
  - package-ecosystem: "pip"  # or "uv"
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "requests"
        # Blocked by multilspy pinning requests==2.32.3
      - dependency-name: "pypdf"
        # If also blocked by the same resolution issue

Option 3: Override in your own pyproject.toml

If using uv, you can add a dependency override to your pyproject.toml to force the resolution:

[tool.uv]
override-dependencies = [
    "requests>=2.32.3",
]

This tells uv to allow a newer requests even though multilspy pins 2.32.3. However, this could cause runtime issues if multilspy truly requires that exact version.

The cleanest fix is Option 1 — updating the multilspy fork to use requests>=2.32.3,<3.0.0 instead of the exact pin. Since AviAvni/multilspy is a fork you control (or can contribute to), this removes the constraint at the source and prevents this class of Dependabot failures going forward.

User: can you open a PR for option 3?

Assistant: I've kicked off the creation of a pull request in FalkorDB/code-graph to add the [tool.uv] override for requests in pyproject.toml. The Copilot coding agent is working on it now — you should see the new PR appear shortly in the repository's pull requests. I'll let you know if anything needs attention!

This pull request was created from Copilot chat.

⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.

@gkorland gkorland marked this pull request as ready for review March 22, 2026 21:22
Copilot AI changed the title [WIP] Fix Dependabot update job failure due to requests dependency Relax multilspy's exact requests pin via uv override Mar 22, 2026
Copilot AI requested a review from gkorland March 22, 2026 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gkorland gkorland Awaiting requested review from gkorland

At least 1 approving review is required to merge this pull request.

Assignees

@gkorland gkorland

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gkorland