chore(deps): bump the all-dependencies group with 3 updates

[dependabot]

Updates the requirements on bleach, ruff and sentry-sdk[fastapi] to permit the latest version.
Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

• Dropped support for pypy 3.10. (#764)

Security fixes

• Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

  Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

  For example::

  import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

  outputs::

  'Click'

  See the advisory for details.

• Fix GHSA-gj48-438w-jh9v.

  Fix issue where URI sanitization wasn't happening in formaction attributes.

  See the advisory for details.

Bug fixes

• Add support for pypy 3.11. (#764)

• Drop version max in tinycss2 pin. (#772)

  This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits

• f0355a7 fix: fix last release date in CHANGES
• ae4e8a2 chore: bleach 6.4.0 and final release
• 970df58 fix: uri-sanitization in formaction attributes
• 7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
• 913ab75 fix: reduce redundancy in workflow jobs
• 218c15a fix: rework pip caching
• 4f0b097 fix: fix tox platform restrictions
• e95a79d chore: update pytest
• 91539d4 Bump actions/cache from 5.0.3 to 5.0.4
• cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
• Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates sentry-sdk[fastapi] to 2.62.0

Release notes

Sourced from sentry-sdk[fastapi]'s releases.

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)
  with sentry_sdk.start_transaction(name="testing_sentry"):
  httpx2.get("https://sentry.io/")

Bug Fixes 🐛

• (arq) Never capture control flow exceptions by @​alexander-alderman-webb in #6507
• (client) Guard against dotless qualified_name in _setup_instrumentation by @​devteamaegis in #6452
• (pydantic-ai) Only use hooks when ModelRequestContext.model exists by @​alexander-alderman-webb in #6480
• (rq) Restore functools.wraps() for patched functions by @​alexander-alderman-webb in #6532
• (tracing_utils) Handle baggage values containing '=' in from_incoming_header by @​devteamaegis in #6450
• (utils) Handle image_url string shorthand in _is_image_type_with_blob_content by @​devteamaegis in #6478

Internal Changes 🔧

• (arq) Only pin fakeredis<2.36.0 in tests by @​alexander-alderman-webb in #6444
• (flaky) Change env for flaky test detector by @​sl0thentr0py in #6492
• (pydantic-ai) Create event loop before invoking sync methods by @​alexander-alderman-webb in #6475
• Use package-ecosystem: uv in dependabot by @​sentrivana in #6522
• 🤖 Update test matrix with new releases (06/08) by @​github-actions in #6519
• Raise minimum supported aiomysql version and update text matrix by @​alexander-alderman-webb in #6496
• Deprecate OpenTelemetryIntegration in favor of OTLPIntegration and no-op for span first by @​sl0thentr0py in #6494

... (truncated)

Changelog

Sourced from sentry-sdk[fastapi]'s changelog.

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)
  with sentry_sdk.start_transaction(name="testing_sentry"):
  httpx2.get("https://sentry.io/")

Bug Fixes 🐛

• (arq) Never capture control flow exceptions by @​alexander-alderman-webb in #6507
• (client) Guard against dotless qualified_name in _setup_instrumentation by @​devteamaegis in #6452
• (pydantic-ai) Only use hooks when ModelRequestContext.model exists by @​alexander-alderman-webb in #6480
• (rq) Restore functools.wraps() for patched functions by @​alexander-alderman-webb in #6532
• (tracing_utils) Handle baggage values containing '=' in from_incoming_header by @​devteamaegis in #6450
• (utils) Handle image_url string shorthand in _is_image_type_with_blob_content by @​devteamaegis in #6478

Internal Changes 🔧

• (arq) Only pin fakeredis<2.36.0 in tests by @​alexander-alderman-webb in #6444
• (flaky) Change env for flaky test detector by @​sl0thentr0py in #6492
• (pydantic-ai) Create event loop before invoking sync methods by @​alexander-alderman-webb in #6475
• Use package-ecosystem: uv in dependabot by @​sentrivana in #6522
• 🤖 Update test matrix with new releases (06/08) by @​github-actions in #6519
• Raise minimum supported aiomysql version and update text matrix by @​alexander-alderman-webb in #6496

... (truncated)

Commits

• 0bac65a Update CHANGELOG.md
• 4a53c10 release: 2.62.0
• afff0e2 fix(rq): Restore functools.wraps() for patched functions (#6532)
• 33ca589 build(deps-dev): bump openfeature-sdk from 0.9.0 to 0.10.0 (#6528)
• 4fdd8e0 build(deps): bump pip from 26.1.1 to 26.1.2 (#6530)
• b466c27 build(deps-dev): bump httpx2 from 2.2.0 to 2.3.0 (#6523)
• 0be028f build(deps-dev): bump typer from 0.26.2 to 0.26.7 (#6526)
• 344c013 build(deps-dev): bump ruff from 0.15.14 to 0.15.16 (#6529)
• 7d38a49 ci: Use package-ecosystem: uv in dependabot (#6522)
• 8c50017 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions