Skip to content

Python: Update chromadb requirement from >=0.5,<1.4 to >=0.5,<1.6 and fix azure-search-documents compatibility#13951

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/python/chromadb-gte-0.5-and-lt-1.6
Open

Python: Update chromadb requirement from >=0.5,<1.4 to >=0.5,<1.6 and fix azure-search-documents compatibility#13951
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/python/chromadb-gte-0.5-and-lt-1.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 5, 2026

Copy link
Copy Markdown
Contributor

Motivation and Context

Updates the requirements on chromadb to permit the latest version (up to 1.6). Also fixes CI failures caused by azure-search-documents 11.7.0b2 removing internal _endpoint and _credential attributes from SearchIndexClient.

Description

Chromadb update:

  • Updated chromadb requirement from >=0.5,<1.4 to >=0.5,<1.6 in pyproject.toml
  • Updated uv.lock to resolve chromadb to version 1.5.9

Azure AI Search compatibility fix:

  • Refactored _get_search_client in azure_ai_search.py to accept explicit endpoint and credential parameters instead of accessing removed private attributes (_endpoint, _credential) on SearchIndexClient
  • Added _resolve_credential helper function to centralize credential resolution logic
  • Added search_endpoint and search_credential fields to AzureAISearchCollection and AzureAISearchStore so endpoint/credential are stored and passed explicitly when creating SearchClient instances
  • Updated unit tests to remove references to the removed private attributes, updated assertions, and added new tests for credential resolution and the pre-built client scenario

Contribution Checklist

Updates the requirements on [chromadb](https://github.com/chroma-core/chroma) to permit the latest version.
- [Release notes](https://github.com/chroma-core/chroma/releases)
- [Changelog](https://github.com/chroma-core/chroma/blob/main/RELEASE_PROCESS.md)
- [Commits](chroma-core/chroma@0.5.0...1.5.8)

---
updated-dependencies:
- dependency-name: chromadb
  dependency-version: 1.5.8
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file. Used by Dependabot. python Pull requests for the Python Semantic Kernel labels May 5, 2026
Copilot AI review requested due to automatic review settings May 5, 2026 01:38
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file. Used by Dependabot. label May 5, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 5, 2026 01:38
@dependabot dependabot Bot added the python Pull requests for the Python Semantic Kernel label May 5, 2026
@dependabot dependabot Bot removed the request for review from Copilot May 5, 2026 01:38
@github-actions github-actions Bot changed the title Update chromadb requirement from <1.4,>=0.5 to >=0.5,<1.6 in /python Python: Update chromadb requirement from <1.4,>=0.5 to >=0.5,<1.6 in /python May 5, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 4 | Confidence: 93%

✓ Correctness

This is a simple upper-bound version bump for the chromadb dependency from < 1.4 to < 1.6. The change allows users to install newer chromadb versions. The existing code imports standard chromadb public APIs (Client, Collection, GetResult, QueryResult, ClientAPI, Settings, EmbeddingFunction, Space, and collection configuration classes) which are stable across minor versions. No correctness issues found.

✓ Security Reliability

This is a minimal, low-risk change that widens the upper version bound for the chromadb optional dependency from < 1.4 to < 1.6. There are no security or reliability concerns — it simply allows users to install newer chromadb versions (1.4.x and 1.5.x) which may contain their own bug fixes and security patches. No injection risks, secrets, resource leaks, or unsafe patterns are introduced.

✓ Test Coverage

This is a minor dependency upper-bound bump for chromadb from < 1.4 to < 1.6 in pyproject.toml. The existing unit tests in tests/unit/connectors/memory/test_chroma.py use MagicMock for the chromadb client, so they verify connector logic but don't exercise real chromadb API compatibility. No new behavior is introduced by relaxing a version constraint, so no new tests are strictly required. The existing test suite remains valid.

✗ Design Approach

I found one design-level issue: this PR widens the supported chromadb range to include 1.4/1.5 without any corresponding compatibility work or PR-time validation for the actual Chroma integration. That is risky here because the connector imports and calls Chroma-specific APIs directly, while the only pull-request coverage for Chroma is mocked unit tests; the real memory integration suite runs later in non-PR merge-gate/scheduled workflows.

Flagged Issues

  • python/pyproject.toml:80 widens supported Chroma versions to <1.6, but the Chroma connector is tightly coupled to specific Chroma APIs (python/semantic_kernel/connectors/chroma.py:9-13, 123-180) and the PR path does not exercise a real Chroma client. Unit tests mock ClientAPI (python/tests/unit/connectors/memory/test_chroma.py:12-116), while the real memory integration suite only runs in non-PR jobs (.github/workflows/python-integration-tests.yml:299-355, 357-462). The better approach is to keep the existing cap until compatibility with 1.4/1.5 is explicitly verified, or add/update coverage that validates the connector against the newly admitted versions before widening the dependency range.

Automated review by dependabot[bot]'s agents

Comment thread python/pyproject.toml
]
chroma = [
"chromadb >= 0.5,< 1.4"
"chromadb >= 0.5,< 1.6"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This advertises support for Chroma 1.4/1.5, but the connector depends on Chroma-specific APIs (python/semantic_kernel/connectors/chroma.py:9-13, 123-180) and PR-time coverage does not exercise a real Chroma client: the unit tests mock ClientAPI (python/tests/unit/connectors/memory/test_chroma.py:12-116), while the real memory integration tests only run in non-PR jobs (.github/workflows/python-integration-tests.yml:299-355, 357-462). Please either keep the old cap until compatibility is verified, or add coverage that validates the connector against the newly admitted versions before widening the range.

@moonbox3

Copy link
Copy Markdown
Collaborator

@copilot: fix the CI/CD failures

Copilot AI review requested due to automatic review settings June 17, 2026 05:32
@dependabot dependabot Bot removed the request for review from Copilot June 17, 2026 05:32

Copilot AI commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

@copilot: fix the CI/CD failures

Fixed in commit Fix CI failures: update azure-search-documents compatibility and chromadb lock.

The CI failures were caused by azure-search-documents 11.7.0b2 removing the internal _endpoint and _credential attributes from SearchIndexClient. The fix:

  1. Refactored _get_search_client to accept explicit endpoint and credential parameters instead of accessing private attributes on SearchIndexClient
  2. Added a _resolve_credential helper function
  3. Added search_endpoint and search_credential fields to AzureAISearchCollection and AzureAISearchStore
  4. Updated tests to remove references to the removed private attributes and added new tests for the credential resolution logic
  5. Updated uv.lock to reflect the chromadb >=0.5,<1.6 constraint (resolved to chromadb 1.5.9)

Copilot AI changed the title Python: Update chromadb requirement from <1.4,>=0.5 to >=0.5,<1.6 in /python Python: Update chromadb requirement from >=0.5,<1.4 to >=0.5,<1.6 and fix azure-search-documents compatibility Jun 17, 2026
Copilot AI requested a review from moonbox3 June 17, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file. Used by Dependabot. python Pull requests for the Python Semantic Kernel

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants