Skip to content

Bump isort from 6.1.0 to 7.0.0 #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump isort from 6.1.0 to 7.0.0 #114

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 6, 2026
edited
Loading

Bumps isort from 6.1.0 to 7.0.0.

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

🚀 Features

🪲 Fixes

👷 Continuous Integration

📦 Dependencies

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Unreleased

  • Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev
Commits
  • 0a09c78 Merge pull request #2433 from DanielNoord/python-314
  • 0fee794 Add 3.14 to stdlibds
  • 332a1ad Bump zstandard for 3.14 compat
  • f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
  • 52f5134 Format with ruff instead of black
  • 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
  • 89773db Target 3.10 with ruff
  • 933e382 Merge pull request #2430 from DanielNoord/drop-39
  • 8b6e00c Remove support for Python 3.9
  • b5f9f29 Bump profile plugin to 3.10+ and re-lock
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump isort from 6.1.0 to 7.0.0
0315527 
Bumps [isort](https://github.com/PyCQA/isort) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@6.1.0...7.0.0)

---
updated-dependencies:
- dependency-name: isort
  dependency-version: 7.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 6, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 6, 2026 17:15
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 6, 2026
@github-actions
Copy link

github-actions bot commented Jan 6, 2026

🤖 Claude Code Review

Good - the "AQAAAD" strings are only references in documentation/config files, not actual license files. Now let me provide the comprehensive review:

Code Review Analysis

Pull Request Summary

This PR updates the isort dependency from version 6.1.0 to 7.0.0 in the lint dependency group.

Review Results

Code Quality

Code follows style guide - pyproject.toml:51

  • The change is a simple dependency version bump in the correct format
  • Follows project conventions for dependency declarations
  • Note: Unable to access the style guide URL from this environment, but the change appears consistent with existing patterns

No commented-out code - pyproject.toml:51

  • The change contains no commented-out code

Meaningful variable names - N/A

  • No new variables introduced; this is a dependency version update

DRY principle followed - N/A

  • Not applicable to dependency version updates

Defects - pyproject.toml:51

  • No bugs, logic errors, edge cases, potential crashes, race conditions, memory leaks, or security vulnerabilities identified
  • This is a straightforward dependency version bump for a linting tool
  • isort is used at development/lint time only, not in production runtime

Project memory configuration - N/A

  • No .claude/CLAUDE.md file exists in the repository root (checked for it)

Testing

Unit tests for new functions - N/A

  • No new functions added; this is a dependency update

Integration tests for new endpoints - N/A

  • No new endpoints added

Edge cases covered - N/A

  • Not applicable to dependency updates

⚠️ Test coverage > 80% - N/A

  • Cannot verify if tests exist to ensure isort v7.0.0 is compatible with existing code
  • Recommendation: The maintainer should run the linting suite (isort check) before merging to ensure no breaking changes in v7.0.0

Documentation

Readme updated if needed - README.md

  • No README update required for a dev dependency version bump

⚠️ API docs updated - N/A

  • No API changes; however, note that this is a MAJOR version update (6.x → 7.x)
  • Recommendation: Review the isort v7.0.0 changelog for any breaking changes that might affect the project's import sorting

Inline comments for complex logic - N/A

  • No complex logic added

CHANGELOG.md updated - CHANGELOG.md

  • The CHANGELOG.md has NOT been updated for this dependency change
  • Latest entry is version 0.0.10 dated 2025-08-11
  • The project version in pyproject.toml is 1.2.8
  • Critical Issue: There's a significant discrepancy - the project is at v1.2.8 but CHANGELOG only documents up to v0.0.10
  • Recommendation: Update CHANGELOG.md to document this dependency update, and address the version numbering discrepancy

Markdown files follow CommonMark - README.md

  • README.md appears properly formatted
  • CHANGELOG.md has minor formatting issues (trailing space on line 30), but not related to this PR

Security

No hardcoded credentials - pyproject.toml:51

  • No credentials present

Input validation implemented - N/A

  • Not applicable to dependency updates

Proper error handling - N/A

  • Not applicable to dependency updates

No sensitive data in logs - N/A

  • Not applicable to dependency updates

License files (.lic) and AQAAAD strings

  • No .lic files found in the repository
  • Instances of "AQAAAD" are only in documentation/configuration files explaining what to look for, not actual license data

Critical Issues

  1. CHANGELOG.md not updated (CHANGELOG.md) - This dependency update should be documented

Warnings

  1. ⚠️ Major version bump - isort is jumping from v6.1.0 to v7.0.0, which typically indicates breaking changes. Ensure all linting checks pass with the new version before merging.

  2. ⚠️ Version numbering discrepancy - Project version is 1.2.8 but CHANGELOG only documents up to 0.0.10

Recommendations

  1. Update CHANGELOG.md to document this dependency update under the appropriate version section
  2. Run linting suite to verify isort==7.0.0 doesn't introduce any breaking changes to import sorting
  3. Review isort v7.0.0 release notes to understand what changed in the major version bump
  4. Address CHANGELOG versioning - reconcile the gap between project version 1.2.8 and documented changelog entries

Summary

This is a low-risk dependency update for a development-time linting tool. The only critical issue is the missing CHANGELOG entry. The major version bump warrants verification that the new version works correctly with the project's existing code, but poses no runtime security or functionality risks since isort is only used during development.

Automated code review analyzing defects and coding standards

@docktermj docktermj self-assigned this Jan 7, 2026
@docktermj docktermj enabled auto-merge (squash) January 7, 2026 14:17
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2026

Looks like isort is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Jan 12, 2026
auto-merge was automatically disabled January 12, 2026 21:59

Pull request was closed

@dependabot dependabot bot deleted the dependabot/pip/isort-7.0.0 branch January 12, 2026 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj