chore(deps): bump python-multipart from 0.0.29 to 0.0.31#102
Open
dependabot[bot] wants to merge 1224 commits into
Open
chore(deps): bump python-multipart from 0.0.29 to 0.0.31#102dependabot[bot] wants to merge 1224 commits into
dependabot[bot] wants to merge 1224 commits into
Conversation
…39) 21 tests covering the complete seller and buyer qualification flows, calendar booking integration, tag routing, and webhook smoke tests. Validates: HOT seller/buyer tag actions, scheduling_step workflow gate, calendar slot offer/selection, Needs Qualifying → seller routing, Buyer-Lead → buyer routing, AI-Off deactivation, and webhook 4xx on missing body. Co-authored-by: Cayman <chunktort@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
calendar_scheduler called create_appointment without end_time (required) and with assigned_user_id (unknown kwarg) — would TypeError on any real booking attempt. enhanced_ghl_client now accepts optional assigned_user_id and includes it in GHL payload when set. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- GHL_WEBHOOK_SECRET confirmed (ff52b18f), .env.jorge updated locally - Seller bot smoke test passed end-to-end (Q1-Q5, HOT, calendar slots) - Correct test phone: +13109820492 - Session output files: proposals, reports, resume, roadmap docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…OOKS=true Previously only bypassed when signature was absent; GHL workflow actions can send a signature header with an incorrect value, which still failed. Now returns True immediately when the flag is set. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dds lead bot + location_id param
- test_ghl_client_extended: update remove_tags tests to mock DELETE (not GET+PUT); add webhook_timeout_seconds=30.0 to mock settings - test_jorge_config_validation: add CC workflow IDs to env_valid dicts so validate_ghl_integration() emits no unexpected warnings - test_memory_service_extended: explicitly pass location_id=TEST_LOCATION_ID to get_context/save_context — real GHL_LOCATION_ID leaks from shell env - test_smoke_multiturn: patch CUSTOM_FIELD_AI_VALUATION_PRICE="" to prevent non-deterministic failure when earlier test leaves env set Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tag-webhook handler was using INITIAL_OUTREACH_MESSAGES (seller templates)
for all activation tags. Now branches on _buyer_tag to send
BUYER_INITIAL_OUTREACH_MESSAGES ("What's your budget...") instead of
the seller opener ("I help homeowners sell...").
Added BUYER_INITIAL_OUTREACH_MESSAGES to JorgeRanchoConfig with 3
buyer-appropriate templates matching the seller bot's tone.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ge bot
- Add _detect_rejected_offer() + CC_REJECTED_OFFER_WORKFLOW_ID trigger in _build_cc_workflow_actions
- Add CC_AI_TAG_WORKFLOW_ID trigger in handle_ghl_tag_webhook (dedup via Redis, 7-day TTL)
- Add GhostFollowUpEngine.mark_as_ghosted(): writes ghost_state:{id}=ghosted to Redis + triggers CC_GHOSTING_WORKFLOW_ID at day-30 final nudge
- 10 new tests in test_cc_workflow_enrollment.py (ghosting Redis key, dedup, unstale re-engagement, rejected offer keywords, AI tag dedup)
- All 27 CC enrollment tests pass
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ppointments /calendars/events returned 404; GHL v2 API requires /calendars/events/appointments. This was causing A-BOOK failures with 'I had trouble booking that time' message. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CalendarScheduler passes end_time when booking but the base GHLClient signature lacked the parameter, causing a TypeError silently caught as a booking failure. This is the root cause of A-BOOK failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…flow AppointmentBooking validator rejected lead_score=4 with threshold=5. Jorge has exactly 4 seller qualification questions; all 4 answered = HOT. This was the root cause of every A-BOOK failure. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a contact has both Buyer-Lead and Needs Qualifying tags (e.g. a re-tagged lead), seller was winning via priority ordering and running seller qualification questions to buyer leads. Fix: buyer_tag_present suppresses seller_active in _compute_mode_flags so that an explicit Buyer-Lead tag always routes to the buyer bot. Updated two tests that asserted the old (wrong) seller-wins behavior. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HOT buyers now receive numbered slot options (1/2/3) the same way HOT sellers do. Previously buyers received 'Jorge's team will reach out' with no way to book. Uses BUYER_CONSULTATION appointment type and stores pending_appointment in Redis context for slot selection. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ppointment Seller flow stored questions_answered in context["seller_preferences"], but buyer pending_appointment had no equivalent. The shared booking code fell back to 0 < AppointmentBooking threshold (4), causing "I had trouble booking" on every buyer slot selection. Fix: - Store questions_answered=4 in buyer pending_appointment dict when offering calendar slots (buyer always has 4 qualification questions answered by HOT) - Booking code now checks pending_appointment.questions_answered as fallback when seller_preferences is absent Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The /api/jorge-buyer/{contact_id}/state endpoint cleared memory-context
and conversation sessions, but left buyer_conversation_memory:{contact_id}
intact. This Redis key stores current_qualification_step across sessions.
If a prior test left step="appointment", the buyer bot would skip all 4
qualification questions and jump straight to scheduling on the first message.
Fix: also delete the BuyerConversationMemory cache key for bot="buyer".
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…duling With threshold=30, any buyer with a stated budget scored 75 (urgency_base=25 + budget_bonus=50), bypassing generate_buyer_response and jumping directly to schedule_next_action. That node injected a calendar slot response before asking pre-approval/bedrooms/timeline. Raising to 90 forces all buyers through generate_buyer_response, which uses the deterministic _todo-based question sequencer. The webhook HOT slot offer fires only after all 4 qualification questions are answered (via _todo=[] path → Claude generates scheduling response → webhook detects scheduling signal → buyer_temp=warm/hot → slot offer). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… cap +1/turn Two bugs caused bedrooms question to be skipped: 1. _STEP_ORDER_INTENT missing "bedrooms". When the intent decoder returned "timeline" (idx=2 in old list), response_generator mapped that to idx=3 in its _STEP_ORDER. The step guard at saved_idx>=3 then marked bedrooms as "on file" even though it was never asked. 2. No cap on step advancement. The decoder could jump from "pre-approval" to "timeline" in one turn (because urgency score is low), skipping bedrooms. Fix: - Add "bedrooms" between "pre-approval" and "timeline" in _STEP_ORDER_INTENT so step indices align between analyze_buyer_intent and response_generator - Cap _capped_profile_idx = min(profile_idx, current_idx + 1) to advance at most one step per turn, preventing multi-step jumps Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Expand _scheduling_response phrase list to catch Claude-generated
variants like "get you scheduled", "see a couple", "home tour"
- Search full conversation history (not just current message) for
pre-approval and timeline signals
- Replace narrow _has_deadline with broader _has_timeline (matches
"days", "weeks", "within", "moving", etc.)
- Raise slot offer trigger: warm+scheduling+conv_len>=5 (not hot-only)
- Relax HOT upgrade: warm+pre_approved+has_timeline+scheduling_response
Fixes B-Q4 → slot offer path: Claude's post-qualification response
("Let's get you scheduled to see a couple this week") now triggers
calendar slot injection correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…matching Remove _scheduling_response requirement from warm buyer slot offer condition. Claude generates too many scheduling phrasings to enumerate reliably (e.g. "ready to see a few this week" never matched the phrase list). The conv_len>=5 guard (all 4 qualification questions answered) is sufficient to trigger slots. Also update comment to explain the rationale. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the GHL Bot Activation workflow fires on Buyer-Lead and then adds Needs Qualifying as a side-effect, a second /tag-webhook fires with tag='Needs Qualifying'. The contact already holds Buyer-Lead, so buyer mode must win — not seller. Fix: after computing _seller_tag, check event.contact.tags for Buyer-Lead and override to buyer mode if found. Covers the GHL workflow race condition without requiring workflow changes. Tests: adds regression test asserting buyer-style outreach is sent when contact has Buyer-Lead + Needs Qualifying tags and incoming tag is the seller-routing one. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ISSUE-2: Add _SELLER_PASSTHROUGH_TAGS so seller bot stays active on post-qualification turns (hot/warm/cold-seller, seller-qualified tags). Without this, slot-selection messages after the calendar offer went unhandled because should_activate() only matched needs-qualifying. ISSUE-4: Append AI-Off tag to booking confirmation actions so the bot deactivates itself after a successful appointment is booked. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- calendar_scheduler: handle None last_name in _generate_appointment_title (was producing "Lead None" for contacts without last name) - webhook: set appointment_confirmed context flag after booking; remove activation tags (Needs Qualifying, Buyer-Lead, direct to seller bot) after AI-Off to prevent re-activation; gate buyer slot offer on !appointment_confirmed to prevent duplicate calendar offers - jorge_seller_engine: regex motivation override now fires when LLM returned "other" fallback, not only when motivation is absent — fixes relocation being written as "other" to GHL custom field - tests: 18 regression tests for motivation classification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…b RAG page - rag_chatbot_demo/: deploy-ready with README, secrets.toml.example, dark theme config - rag_pipeline.py: HybridRAGPipeline (BM25 + dense + RRF k=60), lazy chromadb import - app.py: Basic/Hybrid sidebar toggle, score breakdown per source chunk - 20_RAG_Document_Intelligence.py: new EnterpriseHub page (Streamlit) - rag_demo_dashboard.py: 3-tab component (Q&A, Retrieval Explorer, System Metrics) - hub_navigator.py: RAG Document Intelligence added to AI & Automation - agents/query_planner.py: confidence scoring fix (0.6/match), ^how does PROCEDURAL - agents/tool_registry.py: model_validator for error default, filters in metadata - 23 RAG dashboard tests + 12 pipeline tests all passing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ghl_real_estate_ai/docs/JORGE_HANDOFF.md: 1-page client brief covering live URL, bot status, A2P 10DLC + Anthropic credits action items, curl smoke tests, GHL webhook verification, tag reference - pxk1 ($Xk price extraction): already fixed via _extract_price_from_text; 9/9 regression tests passing in test_test_bots_hardening.py - c10r (concurrency race): already fixed via JorgeSellerEngine._contact_locks ClassVar + async with _lock in process_seller_response; 2/2 tests passing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add ADR 0013 documenting where Jorge handoff gating state lives (per-worker in-memory dicts in JorgeHandoffService) and the latency-vs-consistency tradeoff versus the available-but-unwired RedisHandoffRepository. Records that the hot-path gate (circular prevention, rate limits, contact lock) is process-local and only correct at --workers 1, with a graduation path to the Redis gate. Spec slot named 0012; that number was taken, so this uses 0013. Fulfills REQ-W3-2. Closes audit A P1-4. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Concise 2-paragraph adversarial-input note grounded in real modules: webhook HMAC-SHA256 verification (ghl_integration/validators.py), input_validator injection rules, Redis + per-contact rate limiting, structlog/audit_logger observability, and FHA/RESPA/TCPA edge cases (TCPA opt-out gate wired, FHA pattern-matcher capability, RESPA guard). Replaces planned full STRIDE per Phase 2 DISPUTED resolution. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Jorge is no longer a client and the Render service is being decommissioned. Remove the push trigger from deploy-jorge.yml and the schedule from monitor-jorge.yml so merges to main no longer ship to a dead prod target and the 30-min monitor stops failing and auto-opening alert issues. Both workflows are kept as workflow_dispatch-only portfolio references. Follow-up (manual, cannot be done from CI): delete/suspend the Render services and revoke RENDER_API_KEY + DOCKERHUB_* secrets. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…5-3) (#89) When the orchestrator's 5-turn tool loop exhausts its max-turn budget (final turn still requesting tool calls, no early break), increment a Prometheus counter and fire a structlog warning with task_type, tenant_id, and the pending tool names. - Add tool_loop_max_turns_reached_total Counter + inc helper to JorgePrometheusExporter (global default registry, _enabled-guarded). - Detect exhaustion via for/else on the tool loop; the else clause runs only when no early break fires (i.e. tools were still pending at turn 5). - Add 2 unit tests: exhaustion increments the counter once and warns; early tool-free finish does not increment. Closes audit A P1-1 / REQ-W5-3. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(auth): reject >72-byte passwords with 422 (REQ-W4-3) The bcrypt 72-byte guard in JWTAuth.hash_password already raised HTTP 422 (added in 547649e), but had no test and a stale docstring still claiming truncation. A sibling test (test_security_hardening.py) also still asserted the old truncate-then-verify behavior and failed against current code. - Add tests/security/test_jwt_password_length.py: 72-byte accept, >72-byte 422, and UTF-8 byte-count (not char-count) coverage for hash_password. - Update TestJWTSecurity::test_password_hashing to expect 422 on a 100-char password instead of a truncated hash. - Correct the hash_password docstring (no longer truncates). verify_password retains truncation to match enhanced_auth.py per the REQ's "matching the pattern in enhanced_auth.py" constraint; its hash counterpart rejects >72 bytes, so no stored hash derives from a >72-byte password. Closes audit D P1-6 / REQ-W4-3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test(auth): mark jwt 72-byte test integration so CI collects it (REQ-W4-3) The new tests/security/test_jwt_password_length.py had no marker, so neither the path-based jobs (tests/unit/, tests/agents/, tests/adversarial/) nor the `-m integration` job in ci.yml would collect it. Add pytestmark = pytest.mark.integration so the integration job runs the regression, matching the sibling test_security_hardening.py. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
r52u (P1): decommission Render service + revoke deploy secrets (manual). arnv (P3): de-frame Jorge as active client in docs (portfolio-only). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Postgres (jorge-realty-db) and Redis (jorge-realty-redis) bill separately and outlive the web service; r52u now lists all three to actually stop cost, plus the enterprisehub-* services to keep and find-by-name guidance. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Close jo3h (neutralized deploy-jorge + monitor auto-triggers, done in #92). Open follow-ups: r52u (manual Render shutdown + secret revocation), arnv (de-frame Jorge as active client in docs). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ked artifacts - README: dead Streamlit badge/link replaced with local-demo path; printed demo/admin credentials removed (seed-script instruction retained) - README: per-section 'Training foundation' cert lines cut - CASE_STUDY: dead live-demo link repointed to make demo - .playwright-mcp/ tracked screenshots removed (already gitignored) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ive demo engine - demoEngine.ts: ChatEventSource abstraction with ReplaySource (canned traces, deterministic timing) and SseSource (real backend streaming) - Console rebuilt: working composer with labeled sample scenarios, streaming messages with cursor, bot handoff cards (confidence bar vs 0.7 threshold), per-message cache/token/cost telemetry chips, live lead-context panel - 2 traces scripted from golden-dataset seller/buyer flows - /mesh page: 7-agent roster from mesh_agent_registry, 3-tier cache panel (measured vs modeled labeled), cost governance - /quality page: eval baseline rubrics, golden dataset sample, A/B methodology - useBackendStatus: replay -> warming -> live state machine for Render free tier - README: console demo GIF embedded at top - .gitignore: re-include frontend/src/lib (was swallowed by Python lib/ rule) Checks: ruff clean, make reviewer-smoke exit 0, next build green (4 routes) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ml restructure - demo_chat.py: /demo/warm (no-DB wake ping), /demo/chat/stream (SSE; canned replay default, DEMO_LIVE_AI=true streams rate-limited Haiku via orchestrator with fail-open to replay), /demo/mesh/status (seeded snapshot, labeled) - main.py: claude_chat router now behind admin_guard (was publicly exposed with no auth); /demo namespace is the only public AI surface - voice_claude_service: speech_recognition import made optional (was a hard import of a package absent from requirements.txt - crashed boot on deploy) - render.yaml: drop Streamlit service + free Postgres (expires ~30d), move Redis to services/keyvalue per blueprint spec (databases: is Postgres-only), plain uvicorn startCommand, healthCheckPath /demo/warm, FRONTEND_URL for CORS Verified: app boots with no DATABASE_URL and no optional deps; /demo/warm 200; SSE stream terminates with done; 11 new route tests pass Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…dge, receipts and writeup Curation (verified unreferenced by CI/Makefile/README before removal): - 64 files removed: 19 streamlit_demo progress docs, docs/project_status/ (41), stale Jorge deploy configs (render.yaml, fly.toml, railway.json x2) - 62 unused Streamlit modules archived to _archive/ via git mv (keep-list from test imports + app/pages/navigation transitive closure incl. the 30 lazy imports in hub_dispatch.py); streamlit_cloud/ and duplicate deploy dirs archived - Test collection: 7000 (was 7033; delta is exactly the archived chatbot_widget suite), zero new collection errors Depth: - GET /api/portfolio/telemetry: aggregates orchestrator cache metrics, token tracker, mesh status, eval baseline; every section degrades to available:false (13 tests) - nightly-eval.yml publishes evals/latest_results.json + shields endpoint badge + README results block, if:always() before the compare gate, [skip ci] - docs/RECEIPTS.md: reproducible numbers with measured/modeled/case-study labels - docs/WRITEUP.md: narrative architecture story linking the 13 ADRs - README: live eval badge, corrected test count (7,000) and ADR count (13) Checks: 24 route tests pass, reviewer-smoke exit 0, CI-path collection clean Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Replaced all client name/company/city tokens across 1,356 text files (jorge→alex, salas→rivera, acuity→coastline, rancho→coastal, cucamonga→metro, full name compounds, email, domain, GitHub handle) - Renamed 263 token-bearing file paths via git mv - Removed 3 binary .dump artifacts via git rm; added gitignore exclusions - Pre-commit grep gate: 0 hits on jorge|salas|acuity|rancho in staged text Working-tree content and filenames are now clean. Commit history blobs and messages require filter-repo (Wave 4). Images require human pixel review (Task 8 gate — not yet cleared). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pixel review found 3 binaries grep cannot clean: - assets/screenshots/alex_dashboard_01.png: Finder thumbnail shows JORGE_* filenames - docs/screenshots/alex_dashboard_01.png: identical image - assets/lyrio-console-demo.gif: UI text reads "interactions for Jorge" + "Rancho Cucamonga" 20 other images reviewed and confirmed clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
De-id renames (jorge->alex, acuity->coastline, etc.) changed module names causing 66 isort violations. Auto-fixed with `ruff check --select I001 --fix`. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…titution String replacements altered line lengths in 10 files, breaking ruff format. Auto-fixed with `ruff format`. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wave 2-3 complete. 1,384 files scrubbed, 263 paths renamed, 6 binaries/images removed. Grep gate 0. Code Quality/Unit Tests/Security all pass.
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.29 to 0.0.31. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.29...0.0.31) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.31 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps python-multipart from 0.0.29 to 0.0.31.
Release notes
Sourced from python-multipart's releases.
Changelog
Sourced from python-multipart's changelog.
Commits
4cffc68Version 0.0.31 (#298)c814948Reject negativeContent-Lengthinparse_form(#297)6b837d4Bound header field name size before validating (#296)e0c4f9dBump the github-actions group with 3 updates (#294)b8a01bbBump the python-packages group with 3 updates (#293)6732164Speed up multipart header parsing and callback dispatch (#295)9d3ead5Version 0.0.30 (#292)3506c15Ignore RFC 2231 extended parameters inparse_options_header(#291)d69df35Treat only&as the urlencoded field separator (#290)1e6ff97Bump idna from 3.11 to 3.15 (#289)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.