Skip to content

Remove redundant pip and Nuitka dependencies#573

Merged
dimitris-m merged 3 commits intomainfrom
dm/remove-redundant-deps
Feb 7, 2026
Merged

Remove redundant pip and Nuitka dependencies#573
dimitris-m merged 3 commits intomainfrom
dm/remove-redundant-deps

Conversation

@dimitris-m
Copy link
Collaborator

@dimitris-m dimitris-m commented Feb 7, 2026
edited
Loading

Summary

  • Remove protobuf, jaraco.text, defusedxml, exceptiongroup, and tomli from install_requires in cli/setup.py -- none are imported at runtime
  • Remove --include-package=google.protobuf, --include-package=jaraco, and --include-module=chardet from Nuitka build flags in scripts/build-nuitka.sh
  • Bumped setuptools just to clear a medium warning from Aikido scanning, it did not affect binaries.

Test plan

  • opengrep --version via pip-installed wheel
  • opengrep scan (423 rules, 2236 files, 48 findings) via pip-installed wheel
  • Nuitka build with Python 3.13 succeeds
  • cli/opengrep --version on Nuitka binary (cache cleared before test)
  • cli/opengrep scan (423 rules, 2236 files, 48 findings) on Nuitka binary

@dimitris-m
remove redundant dependencies: protobuf, jaraco, chardet
a0b26ed 
Neither protobuf nor jaraco.text is imported at runtime (ATD uses JSON,
not protobuf). chardet is vestigial -- requests uses charset_normalizer.

- Remove protobuf and jaraco.text from install_requires in cli/setup.py
- Remove --include-package=google.protobuf, --include-package=jaraco,
  and --include-module=chardet from Nuitka build flags
- Drop the speculative "NOTE: maybe add here" comment
@dimitris-m
remove unused dependencies: defusedxml, exceptiongroup, tomli
e9f5473 
None of these are imported anywhere in cli/src/:
- defusedxml: no XML parsing via defusedxml in the codebase
- exceptiongroup: backport of Python 3.11 ExceptionGroup, never used
- tomli: backport of tomllib, no TOML parsing at runtime
@dimitris-m
bump setuptools to fix CVE-2024-6345
00e791f 
Pin setuptools >= 70.0 in scripts/release/Pipfile and regenerate the
lockfile. The previous pin (65.6.3) was vulnerable to remote code
execution via package_index download functions.
@dimitris-m dimitris-m merged commit 5eeac29 into main Feb 7, 2026
43 checks passed
@dimitris-m dimitris-m deleted the dm/remove-redundant-deps branch February 7, 2026 18:20
@maciejpirog maciejpirog mentioned this pull request Feb 17, 2026
Merged
@dimitris-m dimitris-m mentioned this pull request Feb 17, 2026
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 19, 2026
build(deps): update opengrep/opengrep to v1.16.1
d9bd3c2 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [opengrep/opengrep](https://github.com/opengrep/opengrep) | patch | `v1.16.0` → `v1.16.1` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>opengrep/opengrep (opengrep/opengrep)</summary>

### [`v1.16.1`](https://github.com/opengrep/opengrep/releases/tag/v1.16.1): Opengrep 1.16.1

[Compare Source](opengrep/opengrep@v1.16.0...v1.16.1)

#### Improvements

- Pin Nuitka to 2.8.9 across all build workflows by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;594](opengrep/opengrep#594)
- Remove redundant pip and Nuitka dependencies by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;573](opengrep/opengrep#573)
- Support split rule/target directories in test subcommand by [@&#8203;qkaiser](https://github.com/qkaiser) in [#&#8203;576](opengrep/opengrep#576)

#### Benchmarking

- New benchmarking using hyperfine by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;557](opengrep/opengrep#557) and [#&#8203;579](opengrep/opengrep#579)

#### Bug fixes

- Allow multiple logical operators in metavariable comparison by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;590](opengrep/opengrep#590)
- In `--experimental`, don't report git untracked files as skipped with `--use-git-ignore` by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;577](opengrep/opengrep#577)
- C#: Add primary constructor arguments to base class by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;589](opengrep/opengrep#589)
- Dockerfile: Add missing buildkit constructs by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;581](opengrep/opengrep#581)
- Dockerfile: Fix CRLF and comment-in-continuation parsing by [@&#8203;abezdina](https://github.com/abezdina) in [#&#8203;586](opengrep/opengrep#586)
- Rust: Fix taint propagation through variable shadowing by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;572](opengrep/opengrep#572)
- TS/TSX: Add support for the `satisfies` construct by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;592](opengrep/opengrep#592)

#### Installation

- Add Windows install script (pwsh) by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;569](opengrep/opengrep#569)
- Ensure that install.ps1 works on ARM by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;571](opengrep/opengrep#571)
- Fix: handle unparseable cosign version in install.sh by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;580](opengrep/opengrep#580)

#### Documentation

- Improve the README by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;570](opengrep/opengrep#570)

#### New Contributors

- [@&#8203;qkaiser](https://github.com/qkaiser) made their first contribution in [#&#8203;576](opengrep/opengrep#576)
- [@&#8203;abezdina](https://github.com/abezdina) made their first contribution in [#&#8203;586](opengrep/opengrep#586)

**Full Changelog**: <opengrep/opengrep@v1.16.0...v1.16.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNC4yIiwidXBkYXRlZEluVmVyIjoiNDMuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@willem-delbare willem-delbare Awaiting requested review from willem-delbare willem-delbare is a code owner

@maciejpirog maciejpirog Awaiting requested review from maciejpirog maciejpirog is a code owner

@corneliuhoffman corneliuhoffman Awaiting requested review from corneliuhoffman corneliuhoffman is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dimitris-m