ccurme
f10d5c3247
chore: sunset package ( #88 )
2026-05-22 16:36:10 -04:00
dependabot[bot]
ddd4ea4245
build(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/experimental in the uv group across 1 directory ( #85 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[urllib3](https://github.com/urllib3/urllib3 ).
Updates `urllib3` from 2.6.3 to 2.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases ">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support ">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3 ">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane "><code>@Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/ ">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024 "><code>@kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit "><code>@christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763 ">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720 ">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979 ">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777 ">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636 ">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967 ">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793 ">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798 ">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352 ">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764 ">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst ">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
<https://pypi.org/project/brotli/> ;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
<https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j> ;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
<https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc> ;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763 ](https://github.com/urllib3/urllib3/issues/3763 )
<https://github.com/urllib3/urllib3/issues/3763> ;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720 ](https://github.com/urllib3/urllib3/issues/3720 )
<https://github.com/urllib3/urllib3/issues/3720> ;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979 ](https://github.com/urllib3/urllib3/issues/4979 )
<https://github.com/urllib3/urllib3/issues/4979> ;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777 ](https://github.com/urllib3/urllib3/issues/3777 )
<https://github.com/urllib3/urllib3/issues/3777> ;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636 ](https://github.com/urllib3/urllib3/issues/3636 )
<https://github.com/urllib3/urllib3/issues/3636> ;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2 "><code>9a950b9</code></a>
Release 2.7.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc "><code>5ec0de4</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a "><code>2bdcc44</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c "><code>f45b0df</code></a>
Fix a misleading example for <code>ProxyManager</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4970 ">#4970</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b "><code>577193c</code></a>
Switch to nightly PyPy3.11 in CI for now (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4984 ">#4984</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc "><code>e90af45</code></a>
Avoid infinite loop in <code>HTTPResponse.read_chunked</code> when
<code>amt=0</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4974 ">#4974</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210 "><code>67ed74f</code></a>
Bump dev dependencies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4972 ">#4972</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d "><code>3abd481</code></a>
Upgrade mypy to version 1.20.2 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4978 ">#4978</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890 "><code>2b8725d</code></a>
Drop support for EOL PyPy3.10 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979 ">#4979</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33 "><code>2944b2a</code></a>
Upgrade <code>setup-chrome</code> and <code>setup-firefox</code> to fix
warnings (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4973 ">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 14:26:23 -07:00
dependabot[bot]
dd5731be29
build(deps): bump mistune from 3.1.1 to 3.2.1 in /libs/experimental in the uv group across 1 directory ( #84 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[mistune](https://github.com/lepture/mistune ).
Updates `mistune` from 3.1.1 to 3.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/mistune/releases ">mistune's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.1</h2>
<h3> 🐞 Bug Fixes</h3>
<ul>
<li>Resolve Windows compatibility issues in file inclusion and tests -
by <a href="https://github.com/Yuki9814 "><code>@Yuki9814</code></a> <a
href="https://github.com/lepture/mistune/commit/2547102 "><!-- raw HTML
omitted -->(25471)<!-- raw HTML omitted --></a></li>
<li>Escape html text - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/a3cb6e5 "><!-- raw HTML
omitted -->(a3cb6)<!-- raw HTML omitted --></a></li>
<li>Update link reference - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/85eb54f "><!-- raw HTML
omitted -->(85eb5)<!-- raw HTML omitted --></a></li>
<li>Handle escaped dollar signs in inline math - by <a
href="https://github.com/saschabuehrle "><code>@saschabuehrle</code></a>
in <a
href="https://redirect.github.com/lepture/mistune/issues/370 ">lepture/mistune#370</a>
<a href="https://github.com/lepture/mistune/commit/7bd5709 "><!-- raw
HTML omitted -->(7bd57)<!-- raw HTML omitted --></a></li>
<li>Escape id of toc - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/04880a0 "><!-- raw HTML
omitted -->(04880)<!-- raw HTML omitted --></a></li>
<li>Escape id of headings - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/2855622 "><!-- raw HTML
omitted -->(28556)<!-- raw HTML omitted --></a></li>
<li>Remove double-encoding of image alt text - by <a
href="https://github.com/lawrence3699 "><code>@lawrence3699</code></a>
<a href="https://github.com/lepture/mistune/commit/0d6f3d8 "><!-- raw
HTML omitted -->(0d6f3)<!-- raw HTML omitted --></a></li>
<li>Escape xml for math plugin - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/5fa092e "><!-- raw HTML
omitted -->(5fa09)<!-- raw HTML omitted --></a></li>
<li>Use strict regex for image's height and width - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/8d0cb75 "><!-- raw HTML
omitted -->(8d0cb)<!-- raw HTML omitted --></a></li>
</ul>
<h5> <a
href="https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1 ">View
changes on GitHub</a></h5>
<h2>v3.2.0</h2>
<h3> 🚀 Features</h3>
<ul>
<li>Support footnotes that start on the next line. - by <a
href="https://github.com/kylechui "><code>@kylechui</code></a> <a
href="https://github.com/lepture/mistune/commit/2677e2d "><!-- raw HTML
omitted -->(2677e)<!-- raw HTML omitted --></a></li>
<li>Properly handle code blocks inside footnotes. - by <a
href="https://github.com/kylechui "><code>@kylechui</code></a> <a
href="https://github.com/lepture/mistune/commit/0516c9e "><!-- raw HTML
omitted -->(0516c)<!-- raw HTML omitted --></a></li>
<li>Support python 3.14 - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/7e0eb65 "><!-- raw HTML
omitted -->(7e0eb)<!-- raw HTML omitted --></a></li>
</ul>
<h3> 🐞 Bug Fixes</h3>
<ul>
<li>Render ref links and footnotes in footnotes. - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/bd90e44 "><!-- raw HTML
omitted -->(bd90e)<!-- raw HTML omitted --></a></li>
<li>Render ref links in TOC. - by <a
href="https://github.com/lemon24 "><code>@lemon24</code></a> <a
href="https://github.com/lepture/mistune/commit/a0a0148 "><!-- raw HTML
omitted -->(a0a01)<!-- raw HTML omitted --></a></li>
<li>Update typing for mypy upgrades - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/8d49cba "><!-- raw HTML
omitted -->(8d49c)<!-- raw HTML omitted --></a></li>
<li>Render correct html for footnotes - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/9b62204 "><!-- raw HTML
omitted -->(9b622)<!-- raw HTML omitted --></a></li>
</ul>
<h5> <a
href="https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0 ">View
changes on GitHub</a></h5>
<h2>v3.1.4</h2>
<h3> 🐞 Bug Fixes</h3>
<ul>
<li>Add fenced directive break rule in list parser, <a
href="https://redirect.github.com/lepture/mistune/issues/412 ">#412</a>
- by <a href="https://github.com/lepture "><code>@lepture</code></a>
in <a
href="https://redirect.github.com/lepture/mistune/issues/412 ">lepture/mistune#412</a>
<a href="https://github.com/lepture/mistune/commit/ea3ecaf "><!-- raw
HTML omitted -->(ea3ec)<!-- raw HTML omitted --></a></li>
<li>Prevent remove unicode whitespace when parsing atx heading - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/9e72063 "><!-- raw HTML
omitted -->(9e720)<!-- raw HTML omitted --></a></li>
</ul>
<h5> <a
href="https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4 ">View
changes on GitHub</a></h5>
<h2>v3.1.3</h2>
<h3> 🚀 Features</h3>
<ul>
<li>Announce supports for python 3.12 and 3.13 - by <a
href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/ff83129 "><!-- raw HTML
omitted -->(ff831)<!-- raw HTML omitted --></a></li>
</ul>
<h5> <a
href="https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3 ">View
changes on GitHub</a></h5>
<h2>v3.1.2</h2>
<h3> 🐞 Bug Fixes</h3>
<ul>
<li><strong>plugin</strong>: Fix footnote plugins when rendering ast -
by <a href="https://github.com/lepture "><code>@lepture</code></a> <a
href="https://github.com/lepture/mistune/commit/a728952 "><!-- raw HTML
omitted -->(a7289)<!-- raw HTML omitted --></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/mistune/blob/main/docs/changes.rst ">mistune's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.2.1</h2>
<p><strong>Released on May 3, 2026</strong></p>
<ul>
<li>Escape link in <code>render_toc_ul</code>.</li>
<li>Escape text in math plugin.</li>
<li>Fix regex for math plugin.</li>
<li>Escape heading's ID attribute.</li>
<li>Fix <code>LINK_TITLE_RE</code> to prevent DoS.</li>
<li>Escape class attribute for admonition directive.</li>
<li>Remove double-encoding of image alt text.</li>
<li>Escape class attribute for image directive.</li>
<li>Fix width/height attribute for image directive.</li>
</ul>
<h2>Version 3.2.0</h2>
<p><strong>Released on Dec 23, 2025</strong></p>
<ul>
<li>Announce supports for python 3.14</li>
<li>Fix footnotes plugins for code blocks, ref links, blockquote and
etc.</li>
<li>Fix ref links in TOC.</li>
</ul>
<h2>Version 3.1.4</h2>
<p><strong>Released on Aug 29, 2025</strong></p>
<ul>
<li>Add fenced directive break rule in list parser.</li>
<li>Prevent removing unicode whitespace when parsing atx heading.</li>
</ul>
<h2>Version 3.1.3</h2>
<p><strong>Released on Mar 19, 2025</strong></p>
<ul>
<li>Announce supports for python 3.12 and 3.13</li>
</ul>
<h2>Version 3.1.2</h2>
<p><strong>Released on Feb 19, 2025</strong></p>
<ul>
<li>Fix <code>footnotes</code> plugin for AST renderer</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39 "><code>067f908</code></a>
chore: release 3.2.1</li>
<li><a
href="https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6 "><code>bf55030</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/mistune/issues/438 ">#438</a>
from saschabuehrle/fix/issue-370</li>
<li><a
href="https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948 "><code>8d0cb75</code></a>
fix: use strict regex for image's height and width</li>
<li><a
href="https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab "><code>5fa092e</code></a>
fix: escape xml for math plugin</li>
<li><a
href="https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb "><code>71ec947</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/mistune/issues/440 ">#440</a>
from lawrence3699/fix/image-alt-double-encoding</li>
<li><a
href="https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722 "><code>0d6f3d8</code></a>
fix: remove double-encoding of image alt text</li>
<li><a
href="https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea "><code>2855622</code></a>
fix: escape id of headings</li>
<li><a
href="https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04 "><code>04880a0</code></a>
fix: escape id of toc</li>
<li><a
href="https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4 "><code>7bd5709</code></a>
fix: handle escaped dollar signs in inline math (fixes <a
href="https://redirect.github.com/lepture/mistune/issues/370 ">#370</a>)</li>
<li><a
href="https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278 "><code>85eb54f</code></a>
fix: update link reference</li>
<li>Additional commits viewable in <a
href="https://github.com/lepture/mistune/compare/v3.1.1...v3.2.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 08:13:41 +00:00
dependabot[bot]
bfc545a505
build(deps): bump jupyter-server from 2.15.0 to 2.18.0 in /libs/experimental in the uv group across 1 directory ( #83 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[jupyter-server](https://github.com/jupyter-server/jupyter_server ).
Updates `jupyter-server` from 2.15.0 to 2.18.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter-server/jupyter_server/releases ">jupyter-server's
releases</a>.</em></p>
<blockquote>
<h2>v2.18.0</h2>
<h2>2.18.0</h2>
<p>(<a
href="https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8 ">Full
Changelog</a>)</p>
<h3>Security patches</h3>
<ul>
<li>CVE-2026-40110 <a
href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p ">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p </a></li>
<li>CVE-2025-61669 <a
href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w ">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w </a></li>
<li>CVE-2026-40934 <a
href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f ">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f </a></li>
<li>CVE-2026-35397 <a
href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 ">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 </a></li>
</ul>
<h3>API and Breaking Changes</h3>
<ul>
<li>Add query param to sanitize HTML in GET /nbconvert/html <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618 ">#1618</a>
(<a href="https://github.com/Yann-P "><code>@Yann-P</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Enhancements made</h3>
<ul>
<li>Update handlers.py to fix ioloop blockers(sync file operations) <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617 ">#1617</a>
(<a
href="https://github.com/zolyfarkas-fb "><code>@zolyfarkas-fb</code></a>,
<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Add resolvePath API for resolving kernel-relative paths <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331 ">#1331</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Move check origin into a util function and add it to websocket <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630 ">#1630</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/Yann-P "><code>@Yann-P</code></a>)</li>
<li>Fix flaky test_restart_kernel by unsticking nudge() after
port-changing restart <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628 ">#1628</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/claude "><code>@claude</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Try to fix flaky test "test_restart_kernel" <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625 ">#1625</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Fix potential unraisable pytest error <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624 ">#1624</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>fix: use %s placeholders in HTTPError to prevent Tornado from
doubling % in gateway URLs <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620 ">#1620</a>
(<a
href="https://github.com/terminalchai "><code>@terminalchai</code></a>,
<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/ptch314 "><code>@ptch314</code></a>)</li>
<li>Fix three file descriptor leaks in kernel connection lifecycle (<a
href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506 ">#1506</a>)
<a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619 ">#1619</a>
(<a href="https://github.com/tonyx93 "><code>@tonyx93</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Use web.HTTPError for kernel restart failures <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616 ">#1616</a>
(<a href="https://github.com/YDawn "><code>@YDawn</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613 ">#1613</a>
(<a href="https://github.com/YDawn "><code>@YDawn</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Use st_birthtime for file created timestamp on macOS/BSD <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594 ">#1594</a>
(<a href="https://github.com/ktaletsk "><code>@ktaletsk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Fix double write when refusing hidden files in contents handler <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585 ">#1585</a>
(<a href="https://github.com/Krish-876 "><code>@Krish-876</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Close all sockets in _find_http_port explicitly <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584 ">#1584</a>
(<a
href="https://github.com/MaryushSoroka "><code>@MaryushSoroka</code></a>,
<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Fix writing on remote file systems with attribute cache <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574 ">#1574</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Add IdentityProvider.cookie_secret_hook <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569 ">#1569</a>
(<a href="https://github.com/emin63 "><code>@emin63</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>fix context pollution <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1561 ">#1561</a>
(<a href="https://github.com/dualc "><code>@dualc</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Fix gateway cookie handling <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1558 ">#1558</a>
(<a
href="https://github.com/kevin-bates "><code>@kevin-bates</code></a>, <a
href="https://github.com/RRosio "><code>@RRosio</code></a>, <a
href="https://github.com/lresende "><code>@lresende</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>fix connection exception cause high cpu load <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1484 ">#1484</a>
(<a href="https://github.com/dualc "><code>@dualc</code></a>, <a
href="https://github.com/lresende "><code>@lresende</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Start to test on Python 3.13 and 3.14 <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1623 ">#1623</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Bump actions/create-github-app-token from 2 to 3 in the actions
group across 1 directory <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1621 ">#1621</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1615 ">#1615</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Fix package spec for jupytext <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1614 ">#1614</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>chore: update pre-commit hooks <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1607 ">#1607</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>try to fix ci on windows <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1600 ">#1600</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>run prerelease tests on 3.14 <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1599 ">#1599</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Pin sphinx to an older version (<9) to fix docs <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1597 ">#1597</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md ">jupyter-server's
changelog</a>.</em></p>
<blockquote>
<h2>2.18.0</h2>
<p>(<a
href="https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8 ">Full
Changelog</a>)</p>
<h3>API and Breaking Changes</h3>
<ul>
<li>Add query param to sanitize HTML in GET /nbconvert/html <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618 ">#1618</a>
(<a href="https://github.com/Yann-P "><code>@Yann-P</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Enhancements made</h3>
<ul>
<li>Update handlers.py to fix ioloop blockers(sync file operations) <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617 ">#1617</a>
(<a
href="https://github.com/zolyfarkas-fb "><code>@zolyfarkas-fb</code></a>,
<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Avoid redundant call to <code>_get_os_path</code> in
<code>_dir_model</code> <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1547 ">#1547</a>
(<a href="https://github.com/joeyutong "><code>@joeyutong</code></a>, <a
href="https://github.com/vidartf "><code>@vidartf</code></a>)</li>
<li>Allow specifying extra params to scrub from logs <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1538 ">#1538</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/vidartf "><code>@vidartf</code></a>)</li>
<li>Add a logger to the ExtensionPoint API <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1523 ">#1523</a>
(<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/vidartf "><code>@vidartf</code></a>)</li>
<li>Allow user to update identity values <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1518 ">#1518</a>
(<a href="https://github.com/brichet "><code>@brichet</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>If ServerApp.ip is ipv6 use [::1] as local_url <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1495 ">#1495</a>
(<a href="https://github.com/manics "><code>@manics</code></a>, <a
href="https://github.com/afshin "><code>@afshin</code></a>)</li>
<li>Better error message when starting kernel for session. <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1478 ">#1478</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/davidbrochart "><code>@davidbrochart</code></a>,
<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Add a traitlet to disable recording HTTP request metrics <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1472 ">#1472</a>
(<a href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>prometheus: Expose 3 activity metrics <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1471 ">#1471</a>
(<a href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Add prometheus info metrics listing server extensions + versions <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1470 ">#1470</a>
(<a href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Add prometheus metric with version information <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1467 ">#1467</a>
(<a href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Don't hide .so,.dylib files by default <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1457 ">#1457</a>
(<a href="https://github.com/nokados "><code>@nokados</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/vidartf "><code>@vidartf</code></a>)</li>
<li>Better hash format error message <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1442 ">#1442</a>
(<a href="https://github.com/fcollonval "><code>@fcollonval</code></a>,
<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Removing excessive logging from reading local files <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1420 ">#1420</a>
(<a href="https://github.com/lresende "><code>@lresende</code></a>, <a
href="https://github.com/kevin-bates "><code>@kevin-bates</code></a>)</li>
<li>Add async start hook to ExtensionApp API <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1417 ">#1417</a>
(<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/Darshan808 "><code>@Darshan808</code></a>, <a
href="https://github.com/bollwyvl "><code>@bollwyvl</code></a>, <a
href="https://github.com/fcollonval "><code>@fcollonval</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Do not include token in dashboard link, when available <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1406 ">#1406</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
<li>Add an option to have authentication enabled for all endpoints by
default <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1392 ">#1392</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Wh1isper "><code>@Wh1isper</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>, <a
href="https://github.com/bollwyvl "><code>@bollwyvl</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>)</li>
<li>websockets: add configurations for ping interval and timeout <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1391 ">#1391</a>
(<a
href="https://github.com/oliver-sanders "><code>@oliver-sanders</code></a>,
<a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
<li>log extension import time at debug level unless it's actually slow
<a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1375 ">#1375</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/yuvipanda "><code>@yuvipanda</code></a>)</li>
<li>Add support for async Authorizers (part 2) <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1374 ">#1374</a>
(<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
<li>Support async Authorizers <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1373 ">#1373</a>
(<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
<li>Support get file(notebook) md5 <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1363 ">#1363</a>
(<a href="https://github.com/Wh1isper "><code>@Wh1isper</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>, <a
href="https://github.com/bollwyvl "><code>@bollwyvl</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Update kernel env to reflect changes in session <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1354 ">#1354</a>
(<a href="https://github.com/blink1073 "><code>@blink1073</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Add resolvePath API for resolving kernel-relative paths <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331 ">#1331</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/blink1073 "><code>@blink1073</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Move check origin into a util function and add it to websocket <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630 ">#1630</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/Yann-P "><code>@Yann-P</code></a>)</li>
<li>Fix flaky test_restart_kernel by unsticking nudge() after
port-changing restart <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628 ">#1628</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>, <a
href="https://github.com/claude "><code>@claude</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Try to fix flaky test "test_restart_kernel" <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625 ">#1625</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Fix potential unraisable pytest error <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624 ">#1624</a>
(<a href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>fix: use %s placeholders in HTTPError to prevent Tornado from
doubling % in gateway URLs <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620 ">#1620</a>
(<a
href="https://github.com/terminalchai "><code>@terminalchai</code></a>,
<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/ptch314 "><code>@ptch314</code></a>)</li>
<li>Fix three file descriptor leaks in kernel connection lifecycle (<a
href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506 ">#1506</a>)
<a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619 ">#1619</a>
(<a href="https://github.com/tonyx93 "><code>@tonyx93</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Use web.HTTPError for kernel restart failures <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616 ">#1616</a>
(<a href="https://github.com/YDawn "><code>@YDawn</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
<li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613 ">#1613</a>
(<a href="https://github.com/YDawn "><code>@YDawn</code></a>, <a
href="https://github.com/Zsailer "><code>@Zsailer</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Use st_birthtime for file created timestamp on macOS/BSD <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594 ">#1594</a>
(<a href="https://github.com/ktaletsk "><code>@ktaletsk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Fix double write when refusing hidden files in contents handler <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585 ">#1585</a>
(<a href="https://github.com/Krish-876 "><code>@Krish-876</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Close all sockets in _find_http_port explicitly <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584 ">#1584</a>
(<a
href="https://github.com/MaryushSoroka "><code>@MaryushSoroka</code></a>,
<a href="https://github.com/minrk "><code>@minrk</code></a>)</li>
<li>Fix writing on remote file systems with attribute cache <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574 ">#1574</a>
(<a href="https://github.com/krassowski "><code>@krassowski</code></a>,
<a href="https://github.com/Zsailer "><code>@Zsailer</code></a>)</li>
<li>Add IdentityProvider.cookie_secret_hook <a
href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569 ">#1569</a>
(<a href="https://github.com/emin63 "><code>@emin63</code></a>, <a
href="https://github.com/minrk "><code>@minrk</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0 "><code>0ceed45</code></a>
Publish 2.18.0</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8 "><code>49b3439</code></a>
Move check origin into a util function and add it to websocket (<a
href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1630 ">#1630</a>)</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977 "><code>e2e08c8</code></a>
Add test case for bad next URL format</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf "><code>624d6c0</code></a>
Delete outdated patch code</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449 "><code>d825b93</code></a>
Apply suggestion from <a
href="https://github.com/minrk "><code>@minrk</code></a></li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2 "><code>789fed0</code></a>
patch open redirect in /login</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665 "><code>2ee51ec</code></a>
fix(CVE-2026-35397): path traversal when target dir starts with root
dir</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea "><code>057869a</code></a>
Fix allow_origin_pat to do full matching instead of prefix matching</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0 "><code>4862199</code></a>
Add resolvePath API for resolving kernel-relative paths</li>
<li><a
href="https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a "><code>e31d514</code></a>
Bump actions/create-github-app-token from 2 to 3 in the actions group
across ...</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter-server/jupyter_server/compare/v2.15.0...v2.18.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 01:06:41 -07:00
dependabot[bot]
676f118791
build(deps): bump the uv group across 1 directory with 4 updates ( #82 )
...
Bumps the uv group with 4 updates in the /libs/experimental directory:
[langsmith](https://github.com/langchain-ai/langsmith-sdk ),
[nbconvert](https://github.com/jupyter/nbconvert ),
[notebook](https://github.com/jupyter/notebook ) and
[python-dotenv](https://github.com/theskumar/python-dotenv ).
Updates `langsmith` from 0.3.45 to 0.7.31
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692 ">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684 ">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693 ">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700 ">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699 ">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701 ">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710 ">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705 ">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711 ">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702 ">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706 ">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712 ">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709 ">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708 ">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714 ">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716 ">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 </a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665 ">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690 ">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691 ">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl "><code>@hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694 ">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695 ">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696 ">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698 ">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 </a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681 ">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685 ">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686 ">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 </a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670 ">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677 ">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667 ">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658 ">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/c434999d05c00334efeba88b8bbd2de9f3afbef6 "><code>c434999</code></a>
release(py): 0.7.31 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2716 ">#2716</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/47d7c4a783333e716395d802e7632f1f1b4744d3 "><code>47d7c4a</code></a>
feat: Filter kwargs from new token events (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2714 ">#2714</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/3c57445b543c9a2f86db52024ea2c998bfc2ffab "><code>3c57445</code></a>
chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2708 ">#2708</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/2be6cd01a2b6e35e811488d3561e7b0b57b06f63 "><code>2be6cd0</code></a>
chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408
in /...</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/b8b6ca32d43c919c07a4e13c99a83bcaab8accb0 "><code>b8b6ca3</code></a>
chore(deps-dev): bump the js-minor-and-patch group across 1 directory
with 7 ...</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/9897cb33da7698291637f268edd833ca3e1adde6 "><code>9897cb3</code></a>
chore(deps): bump actions/github-script from 8 to 9 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2706 ">#2706</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/572c0184285747e027a796e03ea6c9ba171e09a6 "><code>572c018</code></a>
chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2702 ">#2702</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/57447524c88b6bba2775161aa449da32fb8e5c42 "><code>5744752</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
10 upd...</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/960cae7f490e9ccbe428e6b56c8047bdb7b942a5 "><code>960cae7</code></a>
chore(deps): bump pnpm/action-setup from 5 to 6 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2705 ">#2705</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/9370e7670abf7f8f9a36fbb72250bcfd2f91e7c6 "><code>9370e76</code></a>
chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408
in /...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.3.45...v0.7.31 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `nbconvert` from 7.17.0 to 7.17.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases ">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.1</h2>
<h2>7.17.1</h2>
<p>This is a security release, fixing two CVEs:</p>
<ul>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg ">CVE-2026-39377</a></li>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9 ">CVE-2026-39378</a></li>
</ul>
<p>(full advisories will be published seven days after release, on
2026-04-14).</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3 ">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Allow configureable WebPDF JavaScript processing timeout <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2250 ">#2250</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix <code>PermissionError</code> when checking template paths on
shared filesystems <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2252 ">#2252</a>
(<a href="https://github.com/ctcjab "><code>@ctcjab</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Tweak webpdf template logic to fix duplicate extension problem <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2249 ">#2249</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>specify python version for pre <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2276 ">#2276</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/akhmerov "><code>@akhmerov</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/bollwyvl "><code>@bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Carreau "><code>@Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/ctcjab "><code>@ctcjab</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/davidbrochart "><code>@davidbrochart</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Ken-B "><code>@Ken-B</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/krassowski "><code>@krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mgeier "><code>@mgeier</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/minrk "><code>@minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mpacer "><code>@mpacer</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/MSeal "><code>@MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/SylvainCorlay "><code>@SylvainCorlay</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/takluyver "><code>@takluyver</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/timkpaine "><code>@timkpaine</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md ">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.1</h2>
<p>This is a security release, fixing two CVEs:</p>
<ul>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg ">CVE-2026-39377</a></li>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9 ">CVE-2026-39378</a></li>
</ul>
<p>(full advisories will be published seven days after release, on
2026-04-14).</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3 ">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Allow configureable WebPDF JavaScript processing timeout <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2250 ">#2250</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix <code>PermissionError</code> when checking template paths on
shared filesystems <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2252 ">#2252</a>
(<a href="https://github.com/ctcjab "><code>@ctcjab</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Tweak webpdf template logic to fix duplicate extension problem <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2249 ">#2249</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>specify python version for pre <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2276 ">#2276</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/akhmerov "><code>@akhmerov</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/bollwyvl "><code>@bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Carreau "><code>@Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/ctcjab "><code>@ctcjab</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/davidbrochart "><code>@davidbrochart</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Ken-B "><code>@Ken-B</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/krassowski "><code>@krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mgeier "><code>@mgeier</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/minrk "><code>@minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mpacer "><code>@mpacer</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/MSeal "><code>@MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/SylvainCorlay "><code>@SylvainCorlay</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/takluyver "><code>@takluyver</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/timkpaine "><code>@timkpaine</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jupyter/nbconvert/commit/78ed30837a607deab7cf0a12dca072bf3f63417a "><code>78ed308</code></a>
Publish 7.17.1</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/f090a64606fde4c7f87cbf478f51b4aa46a425ec "><code>f090a64</code></a>
ruff format</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3 "><code>b3b6ec0</code></a>
chore: update pre-commit hooks (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2277 ">#2277</a>)</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/be4841f7da51c499b1937e41e6e71926dbe0daa3 "><code>be4841f</code></a>
ignore silly security lint in tests</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/26d57b295870f5572d9bd0535acee4a120339c10 "><code>26d57b2</code></a>
fix type annotation on Lexer</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/0e6b8ccabf2aca6c18fac8c574f22b7155f441fb "><code>0e6b8cc</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/ba5e5cdd737704388251fa55fa9e58f5752fa39d "><code>ba5e5cd</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/1db0c88d865146ce02b6405a8d96753d3d0cd0c2 "><code>1db0c88</code></a>
Specify python version for pre (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2276 ">#2276</a>)</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/7473fc3037a6317bff54380e3a7162d73bf089b3 "><code>7473fc3</code></a>
chore: update pre-commit hooks (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2242 ">#2242</a>)</li>
<li><a
href="https://github.com/jupyter/nbconvert/commit/4322f7f290694929f414cefadc942111afad3762 "><code>4322f7f</code></a>
Bump the actions group across 1 directory with 2 updates (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2273 ">#2273</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...v7.17.1 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `notebook` from 7.4.6 to 7.5.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/notebook/releases ">notebook's
releases</a>.</em></p>
<blockquote>
<h2>v7.5.6</h2>
<h2>7.5.6</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e ">Full
Changelog</a>)</p>
<h3>Security patches</h3>
<ul>
<li>CVE-2026-42557 <a
href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg ">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg </a></li>
<li>CVE-2026-40171 <a
href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9 ">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9 </a></li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.7 <a
href="https://redirect.github.com/jupyter/notebook/pull/7902 ">#7902</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>docs: Fix broken links in troubleshooting and migration docs <a
href="https://redirect.github.com/jupyter/notebook/pull/7824 ">#7824</a>
(<a
href="https://github.com/RamiNoodle733 "><code>@RamiNoodle733</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio "><code>@jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues ">activity</a>)
| <a
href="https://github.com/RamiNoodle733 "><code>@RamiNoodle733</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues ">activity</a>)</p>
<h2>v7.5.5</h2>
<h2>7.5.5</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828 ">Full
Changelog</a>)</p>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.6 <a
href="https://redirect.github.com/jupyter/notebook/pull/7861 ">#7861</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
<li>[7.5.x] Drop Python 3.9 on CI <a
href="https://redirect.github.com/jupyter/notebook/pull/7860 ">#7860</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
<li>Fix check links <a
href="https://redirect.github.com/jupyter/notebook/pull/7857 ">#7857</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio "><code>@jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues ">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md ">notebook's
changelog</a>.</em></p>
<blockquote>
<h2>7.5.6</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e ">Full
Changelog</a>)</p>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.7 <a
href="https://redirect.github.com/jupyter/notebook/pull/7902 ">#7902</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>docs: Fix broken links in troubleshooting and migration docs <a
href="https://redirect.github.com/jupyter/notebook/pull/7824 ">#7824</a>
(<a
href="https://github.com/RamiNoodle733 "><code>@RamiNoodle733</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio "><code>@jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues ">activity</a>)
| <a
href="https://github.com/RamiNoodle733 "><code>@RamiNoodle733</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues ">activity</a>)</p>
<!-- raw HTML omitted -->
<h2>7.5.5</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828 ">Full
Changelog</a>)</p>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.6 <a
href="https://redirect.github.com/jupyter/notebook/pull/7861 ">#7861</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
<li>[7.5.x] Drop Python 3.9 on CI <a
href="https://redirect.github.com/jupyter/notebook/pull/7860 ">#7860</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
<li>Fix check links <a
href="https://redirect.github.com/jupyter/notebook/pull/7857 ">#7857</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio "><code>@jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues ">activity</a>)</p>
<h2>7.5.4</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.3...e5d8418b706fcefd4208bb61c22399dd3123555b ">Full
Changelog</a>)</p>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.5 <a
href="https://redirect.github.com/jupyter/notebook/pull/7842 ">#7842</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
<li>Fix PyO3 CI failure with Python 3.15 <a
href="https://redirect.github.com/jupyter/notebook/pull/7836 ">#7836</a>
(<a href="https://github.com/jtpio "><code>@jtpio</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jupyter/notebook/commit/1ab2d2b99261996e94069ca53dd3d74b8b2ee1ba "><code>1ab2d2b</code></a>
Publish 7.5.6</li>
<li><a
href="https://github.com/jupyter/notebook/commit/50e5222c9670121c3369900c7dce01aae53823fc "><code>50e5222</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/jupyter/notebook/commit/2e642f0cb10be314ba5d97d709cffe41bf992d9e "><code>2e642f0</code></a>
Update to JupyterLab v4.5.7 (<a
href="https://redirect.github.com/jupyter/notebook/issues/7902 ">#7902</a>)</li>
<li><a
href="https://github.com/jupyter/notebook/commit/4b93f98b5a6e57027a2e1d58694b56e2ebd793a3 "><code>4b93f98</code></a>
Backport PR <a
href="https://redirect.github.com/jupyter/notebook/issues/7824 ">#7824</a>:
docs: Fix broken links in troubleshooting and migration do...</li>
<li><a
href="https://github.com/jupyter/notebook/commit/9a2c88fe646bac05b39dbe53e3e0ce95cafee016 "><code>9a2c88f</code></a>
Publish 7.5.5</li>
<li><a
href="https://github.com/jupyter/notebook/commit/4f8438b0c67dc4f010bf8cd052da4f16e2ed3828 "><code>4f8438b</code></a>
Update to JupyterLab v4.5.6 (<a
href="https://redirect.github.com/jupyter/notebook/issues/7861 ">#7861</a>)</li>
<li><a
href="https://github.com/jupyter/notebook/commit/f78fcfada85f9e4b46003bc1b831c83e6f4c30b3 "><code>f78fcfa</code></a>
Backport PR <a
href="https://redirect.github.com/jupyter/notebook/issues/7857 ">#7857</a>:
Fix check links (<a
href="https://redirect.github.com/jupyter/notebook/issues/7858 ">#7858</a>)</li>
<li><a
href="https://github.com/jupyter/notebook/commit/9e4cf2a44594e650e1ae3da49f81ae420135f32f "><code>9e4cf2a</code></a>
[7.5.x] Drop Python 3.9 on CI (<a
href="https://redirect.github.com/jupyter/notebook/issues/7860 ">#7860</a>)</li>
<li><a
href="https://github.com/jupyter/notebook/commit/ecc3aaf1bbf8f9cbec9c5d85df79db0f62b6d1e6 "><code>ecc3aaf</code></a>
Publish 7.5.4</li>
<li><a
href="https://github.com/jupyter/notebook/commit/e5d8418b706fcefd4208bb61c22399dd3123555b "><code>e5d8418</code></a>
Update to JupyterLab v4.5.5 (<a
href="https://redirect.github.com/jupyter/notebook/issues/7842 ">#7842</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/tree@7.4.6...@jupyter-notebook/tree@7.5.6 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `python-dotenv` from 1.0.1 to 1.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/releases ">python-dotenv's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.2</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(#)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/607 ">theskumar/python-dotenv#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311 ">#790c5</a></li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by <a
href="https://github.com/JYOuyang "><code>@JYOuyang</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590 ">theskumar/python-dotenv#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h3>Misc</h3>
<ul>
<li>skip 000 permission tests for root user by <a
href="https://github.com/burnout-projects "><code>@burnout-projects</code></a>
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561 ">theskumar/python-dotenv#561</a></li>
<li>Bump actions/checkout from 5 to 6 in the github-actions group by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/593 ">theskumar/python-dotenv#593</a></li>
<li>Add Windows testing to CI by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/604 ">theskumar/python-dotenv#604</a></li>
<li>Improve workflow efficiency with best practices by <a
href="https://github.com/theskumar "><code>@theskumar</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/609 ">theskumar/python-dotenv#609</a></li>
<li>Remove the use of <code>sh</code> in tests by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/612 ">theskumar/python-dotenv#612</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/JYOuyang "><code>@JYOuyang</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590 ">theskumar/python-dotenv#590</a></li>
<li><a
href="https://github.com/burnout-projects "><code>@burnout-projects</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561 ">theskumar/python-dotenv#561</a></li>
<li><a
href="https://github.com/cpackham-atlnz "><code>@cpackham-atlnz</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/597 ">theskumar/python-dotenv#597</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 ">https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 </a></p>
<h2>v1.2.1</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md ">python-dotenv's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.2] - 2026-03-01</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588 ">#588</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by [<a
href="https://github.com/bbc2 "><code>@bbc2</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/607 ">#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Dropped Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by [<a
href="https://github.com/bbc2 "><code>@bbc2</code></a>] in
[790c5c0]</li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by [<a
href="https://github.com/JYOuyang "><code>@JYOuyang</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/590 ">#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h2>[1.2.1] - 2025-10-26</h2>
<ul>
<li>Move more config to <code>pyproject.toml</code>, removed
<code>setup.cfg</code></li>
<li>Add support for reading <code>.env</code> from FIFOs (Unix) by [<a
href="https://github.com/sidharth-sudhir "><code>@sidharth-sudhir</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/586 ">#586</a></li>
</ul>
<h2>[1.2.0] - 2025-10-26</h2>
<ul>
<li>Upgrade build system to use PEP 517 & PEP 518 to use
<code>build</code> and <code>pyproject.toml</code> by [<a
href="https://github.com/EpicWink "><code>@EpicWink</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/583 ">#583</a></li>
<li>Add support for Python 3.14 by [<a
href="https://github.com/23f3001135 "><code>@23f3001135</code></a>] in
<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/579 ">#579</a></li>
<li>Add support for disabling of <code>load_dotenv()</code> using
<code>PYTHON_DOTENV_DISABLED</code> env var. by [<a
href="https://github.com/matthewfranglen "><code>@matthewfranglen</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/569 ">#569</a></li>
</ul>
<h2>[1.1.1] - 2025-06-24</h2>
<h3>Fixed</h3>
<ul>
<li>CLI: Ensure <code>find_dotenv</code> work reliably on python 3.13 by
[<a href="https://github.com/theskumar "><code>@theskumar</code></a>] in
<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/563 ">#563</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d "><code>36004e0</code></a>
Bump version: 1.2.1 → 1.2.2</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8 "><code>eb20252</code></a>
docs: update changelog for v1.2.2</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311 "><code>790c5c0</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1 "><code>43340da</code></a>
Remove the use of <code>sh</code> in tests (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/612 ">#612</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c "><code>09d7cee</code></a>
docs: clarify override behavior and document FIFO support (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/610 ">#610</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c "><code>c8de288</code></a>
ci: improve workflow efficiency with best practices (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/609 ">#609</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4 "><code>7bd9e3d</code></a>
Add Windows testing to CI (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/604 ">#604</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81 "><code>1baaf04</code></a>
Drop Python 3.9 support and update to PyPy 3.11 (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/608 ">#608</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc "><code>4a22cf8</code></a>
ci: enable testing on Python 3.14t (free-threaded) (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588 ">#588</a>)</li>
<li><a
href="https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4 "><code>e2e8e77</code></a>
Fix license specifier (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/597 ">#597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 22:10:51 -07:00
dependabot[bot]
157b05ebd9
build(deps-dev): bump pytest from 7.4.4 to 9.0.3 in /libs/experimental in the uv group across 1 directory ( #81 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[pytest](https://github.com/pytest-dev/pytest ).
Updates `pytest` from 7.4.4 to 9.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases ">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444 ">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634 ">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734 ">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195 ">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388 ">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731 ">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
<accessing-captured-output></code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088 ">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255 ">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689 ">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests ">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
<h2>9.0.2</h2>
<h1>pytest 9.0.2 (2025-12-06)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13896 ">#13896</a>:
The terminal progress feature added in pytest 9.0.0 has been disabled by
default, except on Windows, due to compatibility issues with some
terminal emulators.</p>
<p>You may enable it again by passing <code>-p terminalprogress</code>.
We may enable it by default again once compatibility improves in the
future.</p>
<p>Additionally, when the environment variable <code>TERM</code> is
<code>dumb</code>, the escape codes are no longer emitted, even if the
plugin is enabled.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13904 ">#13904</a>:
Fixed the TOML type of the <code>tmp_path_retention_count</code>
settings in the API reference from number to string.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13946 ">#13946</a>:
The private <code>config.inicfg</code> attribute was changed in a
breaking manner in pytest 9.0.0.
Due to its usage in the ecosystem, it is now restored to working order
using a compatibility shim.
It will be deprecated in pytest 9.1 and removed in pytest 10.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e "><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22 "><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366 ">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac "><code>8127eaf</code></a>
Revert "Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050 ">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193 ">#14193</a>)"</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241 "><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363 ">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95 "><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619 "><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298 ">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301 ">#14301</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869 "><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267 ">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439 "><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378 ">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8 "><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259 ">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268 ">#14268</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed "><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257 ">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266 ">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-28 08:29:32 +00:00
dependabot[bot]
7a0deecaa2
build(deps): bump aiohttp from 3.13.3 to 3.13.4 in /libs/experimental in the uv group across 1 directory ( #80 )
...
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-04 01:03:46 +00:00
dependabot[bot]
db30b0ffeb
build(deps): bump requests from 2.32.5 to 2.33.0 in /libs/experimental in the uv group across 1 directory ( #79 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[requests](https://github.com/psf/requests ).
Updates `requests` from 2.32.5 to 2.33.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases ">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271 ">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣 </li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012 ">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205 ">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196 ">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1 "><code>@M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865 ">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil "><code>@aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220 ">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price "><code>@E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960 ">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88 "><code>@mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244 ">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen "><code>@magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553 ">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit "><code>@Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227 ">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25 ">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md ">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271 ">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣 </li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012 ">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205 ">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196 ">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761 "><code>bc04dfd</code></a>
v2.33.0</li>
<li><a
href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 "><code>66d21cb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028 "><code>8b9bc8f</code></a>
Move badges to top of README (<a
href="https://redirect.github.com/psf/requests/issues/7293 ">#7293</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286 "><code>e331a28</code></a>
Remove unused extraction call (<a
href="https://redirect.github.com/psf/requests/issues/7292 ">#7292</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29 "><code>753fd08</code></a>
docs: fix FAQ grammar in httplib2 example</li>
<li><a
href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71 "><code>774a0b8</code></a>
docs(socks): same block as other sections</li>
<li><a
href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303 "><code>9c72a41</code></a>
Bump github/codeql-action from 4.33.0 to 4.34.1</li>
<li><a
href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be "><code>ebf7190</code></a>
Bump github/codeql-action from 4.32.0 to 4.33.0</li>
<li><a
href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798 "><code>0e4ae38</code></a>
docs: exclude Response.is_permanent_redirect from API docs (<a
href="https://redirect.github.com/psf/requests/issues/7244 ">#7244</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a "><code>d568f47</code></a>
docs: clarify Quickstart POST example (<a
href="https://redirect.github.com/psf/requests/issues/6960 ">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-03 17:57:58 -07:00
dependabot[bot]
ee2ae5c063
build(deps): bump orjson from 3.11.5 to 3.11.6 in /libs/experimental in the uv group across 1 directory ( #78 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[orjson](https://github.com/ijl/orjson ).
Updates `orjson` from 3.11.5 to 3.11.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/releases ">orjson's
releases</a>.</em></p>
<blockquote>
<h2>3.11.6</h2>
<h3>Changed</h3>
<ul>
<li>orjson now includes code licensed under the Mozilla Public License
2.0 (MPL-2.0).</li>
<li>Drop support for Python 3.9.</li>
<li>ABI compatibility with CPython 3.15 alpha 5.</li>
<li>Build now depends on Rust 1.89 or later instead of 1.85.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix sporadic crash serializing deeply nested <code>list</code> of
<code>dict</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md ">orjson's
changelog</a>.</em></p>
<blockquote>
<h2>3.11.6 - 2026-01-29</h2>
<h3>Changed</h3>
<ul>
<li>orjson now includes code licensed under the Mozilla Public License
2.0 (MPL-2.0).</li>
<li>Drop support for Python 3.9.</li>
<li>ABI compatibility with CPython 3.15 alpha 5.</li>
<li>Build now depends on Rust 1.89 or later instead of 1.85.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix sporadic crash serializing deeply nested <code>list</code> of
<code>dict</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad "><code>ec02024</code></a>
3.11.6</li>
<li><a
href="https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6 "><code>d581687</code></a>
build, clippy misc</li>
<li><a
href="https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2 "><code>4105b29</code></a>
writer::num</li>
<li><a
href="https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370 "><code>62bb185</code></a>
Fix sporadic crash on serializing object close</li>
<li><a
href="https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad "><code>d860078</code></a>
PyRef idiom refactors</li>
<li><a
href="https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8 "><code>343ae2f</code></a>
Deserializer, Utf8Buffer</li>
<li><a
href="https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2 "><code>7835f58</code></a>
PyBytesRef and other input refactor</li>
<li><a
href="https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd "><code>71e0516</code></a>
PyStrRef</li>
<li><a
href="https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94 "><code>1096df4</code></a>
MSRV 1.89</li>
<li><a
href="https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771 "><code>b718e75</code></a>
Drop support for python3.9</li>
<li>Additional commits viewable in <a
href="https://github.com/ijl/orjson/compare/3.11.5...3.11.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-18 21:41:51 -07:00
dependabot[bot]
d4833f0c22
build(deps): bump tornado from 6.5 to 6.5.5 in /libs/experimental in the uv group across 1 directory ( #76 )
...
Bumps the uv group with 1 update in the /libs/experimental directory:
[tornado](https://github.com/tornadoweb/tornado ).
Updates `tornado` from 6.5 to 6.5.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst ">tornado's
changelog</a>.</em></p>
<blockquote>
<h1>Release notes</h1>
<p>.. toctree::
:maxdepth: 2</p>
<p>releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tornadoweb/tornado/commit/7d6465056ceb7a054b3f64cf1c18271753b10482 "><code>7d64650</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3586 ">#3586</a>
from bdarnell/update-cibw</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/d05d59b8080a0d5d6a260994c7aad7049209d345 "><code>d05d59b</code></a>
build: Bump cibuildwheel to 3.4.0</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/c2f46732b0ad14bf0db4219c96a945f4b60205f5 "><code>c2f4673</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3585 ">#3585</a>
from bdarnell/release-655</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/e5f1aa4b6fa2c16b29024830227838fcb0c79b6f "><code>e5f1aa4</code></a>
Release notes and version bump for v6.5.5</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/78a046f99f89977dfc8ff5a1fe16d298afbeeaca "><code>78a046f</code></a>
httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104 "><code>24a2d96</code></a>
web: Validate characters in all cookie attributes.</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839 "><code>119a195</code></a>
httputil: Add limits on multipart form data parsing</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/63d4df4eefa6750bb14efa1ebffe67b8c54fbad4 "><code>63d4df4</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3564 ">#3564</a>
from bdarnell/release-654</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/eadbf9adbe9db19e2686a32f48ddf9a25518c4f6 "><code>eadbf9a</code></a>
Release notes and version bump for 6.5.4</li>
<li><a
href="https://github.com/tornadoweb/tornado/commit/bbc2b1429c6db80765a8a95c09ddddc7bb40e4e8 "><code>bbc2b14</code></a>
Make sure that the in-operator on HTTPHeaders is case insensitive</li>
<li>Additional commits viewable in <a
href="https://github.com/tornadoweb/tornado/compare/v6.5.0...v6.5.5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-18 21:37:30 -07:00
dependabot[bot]
a6c66481ee
build(deps): bump the uv group across 1 directory with 8 updates ( #75 )
...
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-experimental/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-28 15:39:08 -08:00
John Kennedy
06e510c76f
security: add explicit workflow permissions to all GitHub Actions workflows ( #74 )
...
## Summary
- Adds explicit `permissions: contents: read` to all workflow files that
were missing a top-level permissions block
(`_compile_integration_test.yml`, `_lint.yml`, `_test.yml`,
`_test_release.yml`, `_release.yml`, `check_diffs.yml`)
- Replaces overly broad `permissions: write-all` on the
`test-pypi-publish` job in `_release.yml` with scoped `contents: read` +
`id-token: write`
- Resolves all 11 open CodeQL `actions/missing-workflow-permissions`
[code scanning
alerts](https://github.com/langchain-ai/langchain-experimental/security/code-scanning )
## Motivation
Without explicit permissions, the `GITHUB_TOKEN` gets the default
permissions configured for the repository, which may be broader than
necessary. Adding explicit least-privilege permissions follows the
principle of least privilege and reduces the blast radius if a workflow
step is compromised.
## Test plan
- [ ] Verify CI passes on this PR (lint, test,
compile-integration-tests)
- [ ] Confirm CodeQL alerts are resolved after merge
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-28 15:31:29 -08:00