Skip to content

Bump the uv group across 1 directory with 6 updates#721

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/uv/uv-183414654e
Open

Bump the uv group across 1 directory with 6 updates#721
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/uv/uv-183414654e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 16, 2026

Bumps the uv group with 6 updates in the / directory:

Package From To
pytest 9.0.2 9.0.3
anthropic 0.86.0 0.87.0
cryptography 46.0.6 46.0.7
langchain-core 1.2.23 1.2.28
langsmith 0.7.22 0.7.31
python-multipart 0.0.22 0.0.26

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

Commits

Updates anthropic from 0.86.0 to 0.87.0

Release notes

Sourced from anthropic's releases.

v0.87.0

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

  • client: add error type field to APIStatusError (#1587) (dd563c0)
  • internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

  • honor api_exclude in async transform path (#1612) (8172232), closes #1610
  • memory: return resolved path from async _validate_path (7b0add3)
  • memory: use restrictive file mode for memory files (47ba5b8)
  • sanitize endpoint path params (98f60e4)
  • transform schema: support enums (#1275) (5c088ab)

Chores

  • ci: run builds on CI even if only spec metadata changed (194c050)
  • ci: skip lint on metadata-only changes (03e2ab9)
  • internal: update gitignore (94ede14)
  • tests: bump steady to v0.19.4 (2d6d58f)
  • tests: bump steady to v0.19.5 (8fb439a)
  • tests: bump steady to v0.19.6 (76da5fd)
  • tests: bump steady to v0.19.7 (bfa40e5)
  • tests: bump steady to v0.20.1 (4fd9446)
Changelog

Sourced from anthropic's changelog.

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

  • client: add error type field to APIStatusError (#1587) (dd563c0)
  • internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

  • honor api_exclude in async transform path (#1612) (8172232), closes #1610
  • memory: return resolved path from async _validate_path (7b0add3)
  • memory: use restrictive file mode for memory files (47ba5b8)
  • sanitize endpoint path params (98f60e4)
  • transform schema: support enums (#1275) (5c088ab)

Chores

  • ci: run builds on CI even if only spec metadata changed (194c050)
  • ci: skip lint on metadata-only changes (03e2ab9)
  • internal: update gitignore (94ede14)
  • tests: bump steady to v0.19.4 (2d6d58f)
  • tests: bump steady to v0.19.5 (8fb439a)
  • tests: bump steady to v0.19.6 (76da5fd)
  • tests: bump steady to v0.19.7 (bfa40e5)
  • tests: bump steady to v0.20.1 (4fd9446)
Commits
  • ab0c446 release: 0.87.0
  • 6599043 fix(memory): return resolved path from async _validate_path
  • 715030c fix(memory): use restrictive file mode for memory files
  • 6cdbc5f chore(tests): bump steady to v0.20.1
  • 4beda3c Add output-300k-2026-03-24 beta header
  • 3b77b82 chore(ci): run builds on CI even if only spec metadata changed
  • 764ddba feat(internal): implement indices array format for query and form serialization
  • 8a06a90 codegen metadata
  • 7f8cf3c chore(tests): bump steady to v0.19.7
  • 0eba0dd chore(ci): skip lint on metadata-only changes
  • Additional commits viewable in compare view

Updates cryptography from 46.0.6 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

Updates langchain-core from 1.2.23 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

Commits

Updates langsmith from 0.7.22 to 0.7.31

Release notes

Sourced from langsmith's releases.

v0.7.31

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.30...v0.7.31

v0.7.30

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.29...v0.7.30

v0.7.29

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.28...v0.7.29

v0.7.28

What's Changed

... (truncated)

Commits
  • c434999 release(py): 0.7.31 (#2716)
  • 47d7c4a feat: Filter kwargs from new token events (#2714)
  • 3c57445 chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (#2708)
  • 2be6cd0 chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /...
  • b8b6ca3 chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 ...
  • 9897cb3 chore(deps): bump actions/github-script from 8 to 9 (#2706)
  • 572c018 chore(deps-dev): bump @​anthropic-ai/sdk from 0.85.0 to 0.86.0 in /js (#2702)
  • 5744752 chore(deps): bump the py-minor-and-patch group across 1 directory with 10 upd...
  • 960cae7 chore(deps): bump pnpm/action-setup from 5 to 6 (#2705)
  • 9370e76 chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /...
  • Additional commits viewable in compare view

Updates python-multipart from 0.0.22 to 0.0.26

Release notes

Sourced from python-multipart's releases.

Version 0.0.26

What's Changed

Full Changelog: Kludex/python-multipart@0.0.25...0.0.26

Version 0.0.25

What's Changed

Full Changelog: Kludex/python-multipart@0.0.24...0.0.25

Version 0.0.24

What's Changed

Full Changelog: Kludex/python-multipart@0.0.23...0.0.24

Version 0.0.23

What's Changed

New Contributors

Full Changelog: Kludex/python-multipart@0.0.22...0.0.23

Changelog

Sourced from python-multipart's changelog.

0.0.26 (2026-04-10)

  • Skip preamble before the first multipart boundary more efficiently #262.
  • Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

  • Add MIME content type info to File #143.
  • Handle CTE values case-insensitively #258.
  • Remove custom FormParser classes #257.
  • Add UPLOAD_DELETE_TMP to FormParser config #254.
  • Emit field_end for trailing bare field names on finalize #230.
  • Handle multipart headers case-insensitively #252.
  • Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

  • Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

  • Remove unused trust_x_headers parameter and X-File-Name fallback #196.
  • Return processed length from QuerystringParser._internal_write #229.
  • Cleanup metadata dunders from __init__.py #227.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the uv group across 1 directory with 6 updates
372ea66 
Bumps the uv group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `46.0.7` |
| [langchain-core](https://github.com/langchain-ai/langchain) | `1.2.23` | `1.2.28` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.22` | `0.7.31` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |



Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

Updates `anthropic` from 0.86.0 to 0.87.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.86.0...v0.87.0)

Updates `cryptography` from 46.0.6 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

Updates `langchain-core` from 1.2.23 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.23...langchain-core==1.2.28)

Updates `langsmith` from 0.7.22 to 0.7.31
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.7.22...v0.7.31)

Updates `python-multipart` from 0.0.22 to 0.0.26
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.22...0.0.26)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: anthropic
  dependency-version: 0.87.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.7.31
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-multipart
  dependency-version: 0.0.26
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 16, 2026
@dependabot dependabot bot mentioned this pull request Apr 16, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants