Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 30 updates#167

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-0f63882250
Closed

chore(deps): bump the python-dependencies group across 1 directory with 30 updates#167
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-0f63882250

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on mcp, cryptography, filelock, click, python-multipart, fastapi, uvicorn, langchain-core, crewai, pytest, ruff, pip-audit, cyclonedx-bom, anyio, bitarray, certifi, chardet, coverage, cyclonedx-python-lib, eth-keyfile, idna, msgpack, packaging, parsimonious, pydantic-core, pydantic-settings, pywin32, sse-starlette, typer and websockets to permit the latest version.
Updates mcp from 1.27.1 to 1.28.0

Release notes

Sourced from mcp's releases.

v1.28.0

Deprecations

Two API surfaces now emit DeprecationWarning ahead of their removal in v2. Nothing is removed in 1.x, and the warnings fire only when the deprecated API is called - importing the modules stays silent.

  • WebSocket transport - mcp.client.websocket.websocket_client and mcp.server.websocket.websocket_servermodelcontextprotocol/typescript-sdk#1783
  • Experimental tasks API - ClientSession.experimental, Server.experimental, ServerSession.experimental, and the experimental_task_handlers= kwarg on ClientSession. Tasks (SEP-1686) were removed from the MCP specification and are expected to return as a separate MCP extension.

If your test suite runs with filterwarnings = ["error"] and exercises these paths, add a scoped ignore such as ignore:The experimental tasks API is deprecated:DeprecationWarning or ignore:The WebSocket .* transport is deprecated:DeprecationWarning.

See #2828 for full details.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.27.2...v1.28.0

v1.27.2

What's Changed

Full Changelog: modelcontextprotocol/python-sdk@v1.27.1...v1.27.2

Commits
  • 32d3290 [v1.x] Pass a list to parametrize in test_docs_examples (pytest 9.1.0 compat)...
  • 0dca751 [v1.x] Deflake the child process cleanup tests (#2839)
  • 52258a9 [v1.x] Add a v2 status banner to the README (#2835)
  • b8f4917 [v1.x] Deprecate the WebSocket transport and the experimental tasks entry poi...
  • 2309e5e fix: omit null optional fields from task result payloads (#2809)
  • 494eb11 [v1.x] Support Python 3.14 (#2769)
  • 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
  • ce267b6 [v1.x] Bind transport sessions to the authenticated principal (#2719)
  • 1abcca2 [v1.x] Add subject and claims to AccessToken (#2690)
  • 9773a3f [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact (...
  • See full diff in compare view

Updates cryptography from 48.0.1 to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates filelock from 3.29.0 to 3.29.4

Release notes

Sourced from filelock's releases.

3.29.4

What's Changed

Full Changelog: tox-dev/filelock@3.29.3...3.29.4

3.29.3

What's Changed

Full Changelog: tox-dev/filelock@3.29.2...3.29.3

3.29.2

What's Changed

Full Changelog: tox-dev/filelock@3.29.1...3.29.2

3.29.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########


3.29.4 (2026-06-13)


  • keep the read/write heartbeat alive on a transient touch error :pr:562 - by :user:dxbjavid
  • verify inode in break_lock_file before unlinking a stale lock :pr:561 - by :user:dxbjavid

3.29.3 (2026-06-10)


  • 🐛 fix(ci): restore release environment on tag job :pr:559
  • validate pid range in _parse_lock_holder :pr:556 - by :user:dxbjavid
  • 🔧 ci(release): publish to PyPI on tag push :pr:557
  • build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:558 - by :user:dependabot[bot]

3.29.2 (2026-06-10)


  • build(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:555 - by :user:dependabot[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:554 - by :user:pre-commit-ci[bot]
  • check hostname in is_lock_held_by_us :pr:553 - by :user:dxbjavid
  • 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:551
  • open marker reads non-blocking to refuse attacker-placed fifo :pr:549 - by :user:dxbjavid

3.29.1 (2026-06-03)


  • 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
  • [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
  • chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
  • chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
  • chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
  • docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
  • [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
  • docs: fix API docs of release() :pr:540 - by :user:MrAnno
  • [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
  • build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

... (truncated)

Commits
  • f3c11c0 Release 3.29.4
  • 5d663ee keep the read/write heartbeat alive on a transient touch error (#562)
  • 406d0a2 verify inode in break_lock_file before unlinking a stale lock (#561)
  • 85e73d7 🐛 fix(ci): publish from release.yaml on tag push (#560)
  • f86dcb1 Release 3.29.3
  • 643bdbe 🐛 fix(ci): restore release environment on tag job (#559)
  • 7a8f74a validate pid range in _parse_lock_holder (#556)
  • d1d49a0 🔧 ci(release): publish to PyPI on tag push (#557)
  • b37e162 build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#558)
  • d9216de Release 3.29.2
  • Additional commits viewable in compare view

Updates click from 8.4.1 to 8.4.2

Changelog

Sourced from click's changelog.

Version 8.4.2

Unreleased

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates python-multipart from 0.0.31 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

  • Speed up partial-boundary scanning for CR/LF-dense part data #300.
Commits

Updates fastapi from 0.136.3 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

0.137.2

Features

  • ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

Internal

... (truncated)

Commits

Updates uvicorn from 0.48.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)
Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates langchain-core to 1.4.8

Release notes

Sourced from langchain-core's releases.

langchain-core==1.4.8

Changes since langchain-core==1.4.7

chore: bump jupyter-server from 2.18.0 to 2.20.0 in /libs/core (#38252) chore: bump tornado from 6.5.6 to 6.5.7 in /libs/core (#38184) chore: bump bleach from 6.3.0 to 6.4.0 in /libs/core (#38198) release(core): 1.4.8 (#38254) refactor(langchain-classic): remove code for Python < 3.10 (#38194) perf(core): memoize BaseTool.tool_call_schema subset model and cache model_json_schema (#38073) style(core): fix style in langchain_core/_security (#38189) fix(core): preserve usage token details in v3 streaming events (#38021) fix(core): disallow_any_generics (#38156) chore(core): add mypy warn_unreachable (#38109) docs: refresh README installation and resources (#38119) test(core,langchain): update tests for explicit deserialization allowlists (#38118)

Commits
  • 15b0a49 chore: bump jupyter-server from 2.18.0 to 2.20.0 in /libs/core (#38252)
  • 612139f chore: bump tornado from 6.5.6 to 6.5.7 in /libs/text-splitters (#38175)
  • 921e370 chore: bump cryptography from 46.0.7 to 48.0.1 in /libs/langchain_v1 (#38176)
  • 1aabc26 chore: bump aiohttp from 3.14.0 to 3.14.1 in /libs/langchain_v1 (#38179)
  • 8d51355 chore: bump aiohttp from 3.14.0 to 3.14.1 in /libs/langchain (#38180)
  • 0b1b7bb chore: bump cryptography from 46.0.7 to 48.0.1 in /libs/langchain (#38181)
  • dfd0627 chore: bump starlette from 1.0.1 to 1.3.1 in /libs/langchain (#38182)
  • 0269392 chore: bump tornado from 6.5.6 to 6.5.7 in /libs/langchain (#38183)
  • 24d0b37 chore: bump tornado from 6.5.6 to 6.5.7 in /libs/core (#38184)
  • f368854 chore: bump bleach from 6.2.0 to 6.4.0 in /libs/text-splitters (#38195)
  • Additional commits viewable in compare view

Updates crewai to 1.14.7

Release notes

Sourced from crewai's releases.

1.14.7

What's Changed

Features

  • Add pluggable default backends for memory, knowledge, rag, and flow.
  • Surface real finish_reason, sampling params, and response.id on LLM events.
  • Type DSL triggers as route-aware decorators.
  • Add chat API for conversational flows.
  • Make locking backend overridable.
  • Build FlowDefinition from Flow DSL metadata.
  • Add native Snowflake Cortex LLM provider.
  • Add crew trained agents file support.

Bug Fixes

  • Fix checkpoint to rebuild custom BaseLLM as concrete LLM on restore.
  • Gate restore on a flag to prevent live snapshots from replaying as resume.
  • Scope runtime state per run to bound growth and isolate concurrent runs.
  • Fix telemetry setup on crewai-login.
  • Respect suppress_flow_events for method-execution events.
  • Restore [project.scripts] in crewai package for uv tool install.
  • Resolve pip-audit CVEs for aiohttp, docling, and docling-core.
  • Fix file input not working reliably.
  • Fix Snowflake Claude incomplete tool result histories.

Documentation

  • Update changelog and version for v1.14.7.
  • Update OpenTelemetry collector documentation.
  • Update NVIDIA Nemotron LLM guide.
  • Add Databricks integration guide.
  • Add Snowflake integration guide.

Performance

  • Improve crewai import speed by lazy-loading docling imports.

Refactoring

  • Simplify flow condition evaluation to be stateless per event.
  • Decouple convo logic from runtime and add a conversational_definition.
  • Split flow.py into DSL, definition, and runtime.

Contributors

@​Luzk, @​alex-clawd, @​devin-ai-integration[bot], @​greysonlalonde, @​gvieira, @​jessemiller, @​lorenzejay, @​lucasgomide, @​mattatcha, @​vinibrsl

Commits
  • 21fa8e3 docs: update changelog and version for v1.14.7
  • f18c03c feat: bump versions to 1.14.7
  • 50b9c02 fix(checkpoint): rebuild custom BaseLLM as concrete LLM on restore
  • c55334b docs: update changelog and version for v1.14.7rc2
  • 05a2ba9 feat: bump versions to 1.14.7rc2
  • fbafe1f fix(flow): gate restore on a flag so live snapshots don't replay as resume
  • 5267c05 test(flow): pass show=False in test_flow_plotting to not open a browser
  • 243c9ed docs: update changelog and version for v1.14.7rc1
  • 68910b7 feat: bump versions to 1.14.7rc1
  • 2997827 ci: ignore GHSA-rrmf-rvhw-rf47 (torch alias of PYSEC-2025-194)
  • Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.14 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (

…th 30 updates

Updates the requirements on [mcp](https://github.com/modelcontextprotocol/python-sdk), [cryptography](https://github.com/pyca/cryptography), [filelock](https://github.com/tox-dev/py-filelock), [click](https://github.com/pallets/click), [python-multipart](https://github.com/Kludex/python-multipart), [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [langchain-core](https://github.com/langchain-ai/langchain), [crewai](https://github.com/crewAIInc/crewAI), [pytest](https://github.com/pytest-dev/pytest), [ruff](https://github.com/astral-sh/ruff), [pip-audit](https://github.com/pypa/pip-audit), [cyclonedx-bom](https://github.com/CycloneDX/cyclonedx-python), [anyio](https://github.com/agronholm/anyio), [bitarray](https://github.com/ilanschnell/bitarray), [certifi](https://github.com/certifi/python-certifi), [chardet](https://github.com/chardet/chardet), [coverage](https://github.com/coveragepy/coveragepy), [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib), [eth-keyfile](https://github.com/ethereum/eth-keyfile), [idna](https://github.com/kjd/idna), [msgpack](https://github.com/msgpack/msgpack-python), [packaging](https://github.com/pypa/packaging), [parsimonious](https://github.com/erikrose/parsimonious), [pydantic-core](https://github.com/pydantic/pydantic), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [pywin32](https://github.com/mhammond/pywin32), [sse-starlette](https://github.com/sysid/sse-starlette), [typer](https://github.com/fastapi/typer) and [websockets](https://github.com/python-websockets/websockets) to permit the latest version.

Updates `mcp` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.27.1...v1.28.0)

Updates `cryptography` from 48.0.1 to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.1...49.0.0)

Updates `filelock` from 3.29.0 to 3.29.4
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.0...3.29.4)

Updates `click` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.1...8.4.2)

Updates `python-multipart` from 0.0.31 to 0.0.32
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.31...0.0.32)

Updates `fastapi` from 0.136.3 to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.3...0.138.0)

Updates `uvicorn` from 0.48.0 to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.48.0...0.49.0)

Updates `langchain-core` to 1.4.8
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==0.3.0...langchain-core==1.4.8)

Updates `crewai` to 1.14.7
- [Release notes](https://github.com/crewAIInc/crewAI/releases)
- [Commits](crewAIInc/crewAI@0.95.0...1.14.7)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `ruff` from 0.15.14 to 0.15.19
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.19)

Updates `pip-audit` from 2.10.0 to 2.10.1
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.10.0...v2.10.1)

Updates `cyclonedx-bom` from 5.5.0 to 7.3.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python@v5.5.0...v7.3.0)

Updates `anyio` from 4.13.0 to 4.14.1
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.13.0...4.14.1)

Updates `bitarray` from 3.8.1 to 3.8.2
- [Changelog](https://github.com/ilanschnell/bitarray/blob/master/doc/changelog.rst)
- [Commits](ilanschnell/bitarray@3.8.1...3.8.2)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `chardet` from 5.2.0 to 7.4.3
- [Release notes](https://github.com/chardet/chardet/releases)
- [Changelog](https://github.com/chardet/chardet/blob/main/docs/changelog.rst)
- [Commits](chardet/chardet@5.2.0...7.4.3)

Updates `coverage` from 7.14.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.1...7.14.3)

Updates `cyclonedx-python-lib` from 10.5.0 to 11.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python-lib@v10.5.0...v11.11.0)

Updates `eth-keyfile` from 0.8.1 to 0.9.1
- [Changelog](https://github.com/ApeWorX/eth-keyfile/blob/main/CHANGELOG.rst)
- [Commits](ApeWorX/eth-keyfile@v0.8.1...v0.9.1)

Updates `idna` from 3.16 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.18)

Updates `msgpack` from 1.1.2 to 1.2.1
- [Release notes](https://github.com/msgpack/msgpack-python/releases)
- [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md)
- [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1)

Updates `packaging` from 25.0 to 26.2
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](pypa/packaging@25.0...26.2)

Updates `parsimonious` from 0.10.0 to 0.11.0
- [Commits](https://github.com/erikrose/parsimonious/commits)

Updates `pydantic-core` from 2.46.4 to 2.47.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/commits)

Updates `pydantic-settings` from 2.14.1 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.1...v2.14.2)

Updates `pywin32` from 311 to 312
- [Release notes](https://github.com/mhammond/pywin32/releases)
- [Changelog](https://github.com/mhammond/pywin32/blob/main/CHANGES.md)
- [Commits](https://github.com/mhammond/pywin32/commits)

Updates `sse-starlette` from 3.4.4 to 3.4.5
- [Release notes](https://github.com/sysid/sse-starlette/releases)
- [Commits](sysid/sse-starlette@v3.4.4...v3.4.5)

Updates `typer` from 0.26.2 to 0.26.7
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.26.2...0.26.7)

Updates `websockets` from 15.0.1 to 16.0
- [Release notes](https://github.com/python-websockets/websockets/releases)
- [Commits](python-websockets/websockets@15.0.1...16.0)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: filelock
  dependency-version: 3.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: python-multipart
  dependency-version: 0.0.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: langchain-core
  dependency-version: 1.4.8
  dependency-type: direct:development
  dependency-group: python-dependencies
- dependency-name: crewai
  dependency-version: 1.14.7
  dependency-type: direct:development
  dependency-group: python-dependencies
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pip-audit
  dependency-version: 2.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: cyclonedx-bom
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: anyio
  dependency-version: 4.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: bitarray
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: chardet
  dependency-version: 7.4.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: cyclonedx-python-lib
  dependency-version: 11.11.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: eth-keyfile
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: msgpack
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: packaging
  dependency-version: '26.2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: parsimonious
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pydantic-core
  dependency-version: 2.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pywin32
  dependency-version: '312'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: sse-starlette
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: typer
  dependency-version: 0.26.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: websockets
  dependency-version: '16.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 25, 2026

Copy link
Copy Markdown

Deploying attestix with  Cloudflare Pages  Cloudflare Pages

Latest commit: 8072e63
Status: ✅  Deploy successful!
Preview URL: https://0c8f380a.attestix.pages.dev
Branch Preview URL: https://dependabot-pip-python-depend-xnwr.attestix.pages.dev

View logs

@dependabot dependabot Bot requested a review from ascender1729 as a code owner June 25, 2026 00:42
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/pip/python-dependencies-0f63882250 branch July 2, 2026 00:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants