From f61e27aefc32b427b5b8b189f7d777dca2ef5b4c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jun 2025 18:00:20 +0000
Subject: [PATCH 1/3] Bump urllib3 from 2.2.2 to 2.5.0

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.5.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.5.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 poetry.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 93f36f5..7a4a0b9 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1386,14 +1386,14 @@ test = ["aioresponses (>=0.6.2)", "coverage (>=4.2)", "parametrize (>=0.1.1)", "
 
 [[package]]
 name = "urllib3"
-version = "2.2.2"
+version = "2.5.0"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
 groups = ["main", "dev"]
 files = [
-    {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
-    {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
+    {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"},
+    {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"},
 ]
 
 [package.extras]

From 80f82ec3ff7cce609afdad0cc7e634dcb89078d0 Mon Sep 17 00:00:00 2001
From: Kevin van Zonneveld <kevin@vanzonneveld.net>
Date: Thu, 19 Jun 2025 14:29:40 +0200
Subject: [PATCH 2/3] Fix CI issues for Dependabot PRs - prevent duplicate runs
 and handle Codecov token issues

---
 .github/workflows/ci.yml | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a597287..1487ed4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,9 +1,15 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
 
 jobs:
   python:
+    # Prevent duplicate runs on PRs from the same repository
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -57,14 +63,25 @@ jobs:
         run: poetry run pytest tests
 
       - name: Upload coverage reports
-        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        # Only upload coverage if we have a token (skip for Dependabot PRs)
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' && (github.event_name != 'pull_request' || github.actor != 'dependabot[bot]')
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage.xml
           flags: unittests
           name: python-sdk
-          fail_ci_if_error: true
+          fail_ci_if_error: false
+
+      - name: Upload coverage reports (tokenless)
+        # Use tokenless upload for Dependabot PRs
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' && github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.xml
+          flags: unittests
+          name: python-sdk
+          fail_ci_if_error: false
 
       - name: Upload coverage artifacts
         if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'

From fa2b763afb2b6837f68956b1f65ac1ca4c77abbb Mon Sep 17 00:00:00 2001
From: Kevin van Zonneveld <kevin@vanzonneveld.net>
Date: Thu, 19 Jun 2025 14:33:08 +0200
Subject: [PATCH 3/3] Fix CI workflow - remove overly restrictive conditions
 that prevented Dependabot PRs from running

---
 .github/workflows/ci.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1487ed4..366fec0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,12 +4,10 @@ on:
   push:
     branches: [main, master]
   pull_request:
-    branches: [main, master]
+    # Run on all pull requests regardless of source branch
 
 jobs:
   python:
-    # Prevent duplicate runs on PRs from the same repository
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     runs-on: ${{ matrix.os }}
     strategy:
       matrix: