Bump tornado from 6.4.1 to 6.5.7 in /experiments/agentcompany/openhands

[dependabot]

Bumps tornado from 6.4.1 to 6.5.7.

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits

• 48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
• 4ae1ddd Release notes and version bump for 6.5.7
• 3154caa curl_httpclient: Reset the curl object before putting it on the freelist
• 7d869c0 Merge pull request #3631 from bdarnell/cve-links
• 288241f docs: Use the correct link syntax
• 8da981c docs: Add CVE links to 6.5.6 release notes
• aba2569 Merge pull request #3626 from bdarnell/fixes-656
• a24b260 httpclient_test: Accept an additional error message variant
• a74240a Release notes and version bump for 6.5.6.
• e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Summary

This PR updates the OpenHands experiment dependency pin for Tornado. It changes:

• tornado from 6.4.1 to 6.5.7 in requirements.txt.
• The pinned environment used by experiments/agentcompany/openhands.
• No application code or configuration outside the dependency list.

Confidence Score: 5/5

This looks safe to merge.

• No blocking issues found in the changed dependency pin.
• The checked Tornado consumers in this environment allow the new version.
• No direct Tornado API usage was found in the changed OpenHands experiment code.

T-Rex Logs

What T-Rex did

• Verified that experiments/agentcompany/openhands/requirements.txt shows Tornado was bumped from 6.4.1 to 6.5.7.
• Identified seven packages with direct or transitive Tornado dependencies: jupyter_server, terminado, ipykernel, jupyterlab, notebook_shim, jupyter_server_terminals, and jupyter_client.
• Queried PyPI and GitHub metadata for each package to confirm their Tornado constraints, finding jupyter_server requires Tornado >= 6.2.0 and the others have no upper bound.
• Checked Tornado 6.5.0 release notes and found no breaking API changes affecting Jupyter ecosystem components.
• Attempted runtime import validation but the sandbox lacked the required packages, so the check could not be completed.
• All constraints are satisfied by Tornado 6.5.7 based on static analysis and metadata checks.

_{Ran code and verified through T-Rex}

Important Files Changed

Filename	Overview
experiments/agentcompany/openhands/requirements.txt	Updates the pinned Tornado version from 6.4.1 to 6.5.7.

_{Reviews (1): Last reviewed commit: "Bump tornado from 6.4.1 to 6.5.7 in /exp..." | Re-trigger Greptile}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	tornado@​6.4.1 ⏵ 6.5.7	+1	+61

View full report