mirror of
https://github.com/langchain-ai/langserve.git
synced 2026-07-01 20:14:01 -04:00
main
524 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
27e57afeda |
Add deprecation notice for LangServe project
Added deprecation notice and migration recommendation. |
||
|
|
12e5d8e23f |
Bump langsmith from 0.7.9 to 0.7.31 in the pip group across 1 directory (#902)
Bumps the pip group with 1 update in the / directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk). Updates `langsmith` from 0.7.9 to 0.7.31 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/c434999d05c00334efeba88b8bbd2de9f3afbef6"><code>c434999</code></a> release(py): 0.7.31 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2716">#2716</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/47d7c4a783333e716395d802e7632f1f1b4744d3"><code>47d7c4a</code></a> feat: Filter kwargs from new token events (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2714">#2714</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/3c57445b543c9a2f86db52024ea2c998bfc2ffab"><code>3c57445</code></a> chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2708">#2708</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/2be6cd01a2b6e35e811488d3561e7b0b57b06f63"><code>2be6cd0</code></a> chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /...</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/b8b6ca32d43c919c07a4e13c99a83bcaab8accb0"><code>b8b6ca3</code></a> chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 ...</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/9897cb33da7698291637f268edd833ca3e1adde6"><code>9897cb3</code></a> chore(deps): bump actions/github-script from 8 to 9 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2706">#2706</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/572c0184285747e027a796e03ea6c9ba171e09a6"><code>572c018</code></a> chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2702">#2702</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/57447524c88b6bba2775161aa449da32fb8e5c42"><code>5744752</code></a> chore(deps): bump the py-minor-and-patch group across 1 directory with 10 upd...</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/960cae7f490e9ccbe428e6b56c8047bdb7b942a5"><code>960cae7</code></a> chore(deps): bump pnpm/action-setup from 5 to 6 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2705">#2705</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/9370e7670abf7f8f9a36fbb72250bcfd2f91e7c6"><code>9370e76</code></a> chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /...</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.31">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
970cbc7342 |
Bump pydantic from 2.12.5 to 2.13.0 (#900)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.5 to 2.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.13.0 2026-04-13</h2> <h2>v2.13.0 (2026-04-13)</h2> <p>The highlights of the v2.13 release are available in the <a href="https://pydantic.dev/articles/pydantic-v2-13-release">blog post</a>. Several minor changes (considered non-breaking changes according to our <a href="https://pydantic.dev/docs/validation/2.13/get-started/version-policy/#pydantic-v2">versioning policy</a>) are also included in this release. Make sure to look into them before upgrading.</p> <p>This release contains the updated <code>pydantic.v1</code> namespace, matching version 1.10.26 which includes support for Python 3.14.</p> <h3>What's Changed</h3> <p>See the beta releases for all changes sinces 2.12.</p> <h4>Packaging</h4> <ul> <li>Add zizmor for GitHub Actions workflow linting by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13039">#13039</a></li> <li>Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13064">#13064</a></li> </ul> <h4>New Features</h4> <ul> <li>Allow default factories of private attributes to take validated model data by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13013">#13013</a></li> </ul> <h4>Changes</h4> <ul> <li>Warn when serializing fixed length tuples with too few items by <a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <h4>Fixes</h4> <ul> <li>Change type of <code>Any</code> when synthesizing <code>_build_sources</code> for <code>BaseSettings.__init__()</code> signature in the mypy plugin by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13049">#13049</a></li> <li>Fix model equality when using runtime <code>extra</code> configuration by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13062">#13062</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.0...v2.13.0">https://github.com/pydantic/pydantic/compare/v2.12.0...v2.13.0</a></p> <h2>v2.13.0b3 2026-03-31</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Packaging</h3> <ul> <li>Add riscv64 build target for manylinux by <a href="https://github.com/boosterl"><code>@boosterl</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12723">#12723</a></li> </ul> <h3>New Features</h3> <ul> <li>Add <code>ascii_only</code> option to <code>StringConstraints</code> by <a href="https://github.com/ai-man-codes"><code>@ai-man-codes</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12907">#12907</a></li> <li>Support <code>exclude_if</code> in computed fields by <a href="https://github.com/andresliszt"><code>@andresliszt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12748">#12748</a></li> <li>Push down constraints in unions involving <code>MISSING</code> sentinel by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12908">#12908</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.13.0 (2026-04-13)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.0">GitHub release</a></p> <p>The highlights of the v2.13 release are available in the <a href="https://pydantic.dev/articles/pydantic-v2-13-release">blog post</a>. Several minor changes (considered non-breaking changes according to our <a href="https://pydantic.dev/docs/validation/2.13/get-started/version-policy/#pydantic-v2">versioning policy</a>) are also included in this release. Make sure to look into them before upgrading.</p> <p>This release contains the updated <code>pydantic.v1</code> namespace, matching version 1.10.26 which includes support for Python 3.14.</p> <h3>What's Changed</h3> <p>See the beta releases for all changes sinces 2.12.</p> <h4>New Features</h4> <ul> <li>Allow default factories of private attributes to take validated model data by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13013">#13013</a></li> </ul> <h4>Changes</h4> <ul> <li>Warn when serializing fixed length tuples with too few items by <a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <h4>Fixes</h4> <ul> <li>Change type of <code>Any</code> when synthesizing <code>_build_sources</code> for <code>BaseSettings.__init__()</code> signature in the mypy plugin by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13049">#13049</a></li> <li>Fix model equality when using runtime <code>extra</code> configuration by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13062">#13062</a></li> </ul> <h4>Packaging</h4> <ul> <li>Add zizmor for GitHub Actions workflow linting by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13039">#13039</a></li> <li>Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13064">#13064</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <h2>v2.13.0b3 (2026-03-31)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.0b3">GitHub release</a></p> <h3>What's Changed</h3> <h4>New Features</h4> <ul> <li>Add <code>ascii_only</code> option to <code>StringConstraints</code> by <a href="https://github.com/ai-man-codes"><code>@ai-man-codes</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12907">#12907</a></li> <li>Support <code>exclude_if</code> in computed fields by <a href="https://github.com/andresliszt"><code>@andresliszt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12748">#12748</a></li> <li>Push down constraints in unions involving <code>MISSING</code> sentinel by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12908">#12908</a></li> </ul> <h4>Changes</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pydantic/pydantic/commit/46bf4fa648af3a1fbf4603a37f210e9d9c618357"><code>46bf4fa</code></a> Fix Pydantic release workflow (<a href="https://redirect.github.com/pydantic/pydantic/issues/13067">#13067</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/1b359edab09c623464d23c6fd2503ae5ff276d43"><code>1b359ed</code></a> Prepare release v2.13.0 (<a href="https://redirect.github.com/pydantic/pydantic/issues/13065">#13065</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/b1bf19445d8ac144a7a0e82674d2d87eebab6c18"><code>b1bf194</code></a> Fix model equality when using runtime <code>extra</code> configuration (<a href="https://redirect.github.com/pydantic/pydantic/issues/13062">#13062</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/17a35e371bdff348c0690651d324c91fc7c9ff9e"><code>17a35e3</code></a> Update jiter to v0.14.0 (<a href="https://redirect.github.com/pydantic/pydantic/issues/13064">#13064</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/feea402b23fa23774669908c4e08a61ba1e4238e"><code>feea402</code></a> Use <code>simulation</code> mode in Codspeed CI (<a href="https://redirect.github.com/pydantic/pydantic/issues/13063">#13063</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/671c9b0d4d3f9b2f1b95ca32ac85cb69e824e0bc"><code>671c9b0</code></a> Add basic benchmarks for model equality (<a href="https://redirect.github.com/pydantic/pydantic/issues/13061">#13061</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/d17d71e00a35f190b27321aa6f8f2a03139c00b8"><code>d17d71e</code></a> Bump cryptography from 46.0.6 to 46.0.7 (<a href="https://redirect.github.com/pydantic/pydantic/issues/13056">#13056</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/919d61ac419af5151b673a90b65c9a12631091cf"><code>919d61a</code></a> 👥 Update Pydantic People (<a href="https://redirect.github.com/pydantic/pydantic/issues/13059">#13059</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/e7cf5dcb939ea98511e669b647c0273667a1b08a"><code>e7cf5dc</code></a> Fix people workflow (<a href="https://redirect.github.com/pydantic/pydantic/issues/13047">#13047</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/2a806ad09b984fcc43568191aba5d965350995a0"><code>2a806ad</code></a> Add regression test for <code>MISSING</code> sentinel serialization with subclasses (<a href="https://redirect.github.com/pydantic/pydantic/issues/13">#13</a>...</li> <li>Additional commits viewable in <a href="https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
13cdfe0b7c |
Bump the npm_and_yarn group across 2 directories with 1 update (#901)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d442dbc712 |
Bump pytest from 9.0.2 to 9.0.3 in the pip group across 1 directory (#899)
Bumps the pip group with 1 update in the / directory: [pytest](https://github.com/pytest-dev/pytest). Updates `pytest` from 9.0.2 to 9.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e"><code>a7d58d7</code></a> Prepare release version 9.0.3</li> <li><a href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22"><code>089d981</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a> from bluetech/revert-14193-backport</li> <li><a href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac"><code>8127eaf</code></a> Revert "Fix: assertrepr_compare respects dict insertion order (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)"</li> <li><a href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241"><code>99a7e60</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a> from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95"><code>ddee02a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a> from bluetech/cve-2025-71176-simple</li> <li><a href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619"><code>74eac69</code></a> doc: Update training info (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869"><code>f92dee7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a> from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439"><code>7ee58ac</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a> from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8"><code>37da870</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a> from mitre88/patch-4 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed"><code>c34bfa3</code></a> Add explanation for string context diffs (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0a2a03cc83 |
Bump the npm_and_yarn group across 2 directories with 1 update (#898)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 5.4.21 to 6.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.4.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.4.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.4.2 (2026-04-06)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>) (<a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b">fe28e47</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a> <a href="https://redirect.github.com/vitejs/vite/issues/22163">#22163</a></li> <li>fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b">ca4da5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a></li> </ul> <h2><!-- raw HTML omitted -->6.4.1 (2025-10-20)<!-- raw HTML omitted --></h2> <ul> <li>fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>) (<a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8">1114b5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a> <a href="https://redirect.github.com/vitejs/vite/issues/20969">#20969</a></li> </ul> <h2>6.4.0 (2025-10-15)</h2> <ul> <li>feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>) (<a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a">ca6455e</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20932">#20932</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.7 (2025-10-14)<!-- raw HTML omitted --></h2> <ul> <li>fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>) (<a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff">c59a222</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20940">#20940</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.6 (2025-09-08)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href="https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f">0ab19ea</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li> <li>fix: upgrade sirv to 3.0.2 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>) (<a href="https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0">e11d240</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20735">#20735</a></li> <li>test: detect ts support via <code>process.features</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>) (<a href="https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79">7d99229</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20544">#20544</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.5 (2025-05-05)<!-- raw HTML omitted --></h2> <ul> <li>fix(ssr): handle uninitialized export access as undefined (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959">#19959</a>) (<a href="https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5">fd38d07</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19959">#19959</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.4 (2025-04-30)<!-- raw HTML omitted --></h2> <ul> <li>fix: check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>) (<a href="https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb">c22c43d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19965">#19965</a></li> <li>fix(optimizer): return plain object when using <code>require</code> to import externals in optimized dependenci (<a href="https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643">efc5eab</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19940">#19940</a></li> <li>refactor: remove duplicate plugin context type (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935">#19935</a>) (<a href="https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0">d6d01c2</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19935">#19935</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.3 (2025-04-24)<!-- raw HTML omitted --></h2> <ul> <li>fix: ignore malformed uris in tranform middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853">#19853</a>) (<a href="https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a">e4d5201</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19853">#19853</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045"><code>6b3fad0</code></a> release: v6.4.2</li> <li><a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b"><code>ca4da5d</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b"><code>fe28e47</code></a> fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3"><code>5487f4f</code></a> release: v6.4.1</li> <li><a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8"><code>1114b5d</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103"><code>f12697c</code></a> release: v6.4.0</li> <li><a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a"><code>ca6455e</code></a> feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af"><code>0e173d8</code></a> release: v6.3.7</li> <li><a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff"><code>c59a222</code></a> fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb"><code>3f337c5</code></a> release: v6.3.6</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v6.4.2/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `vite` from 5.4.21 to 6.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.4.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.4.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.4.2 (2026-04-06)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>) (<a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b">fe28e47</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a> <a href="https://redirect.github.com/vitejs/vite/issues/22163">#22163</a></li> <li>fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b">ca4da5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a></li> </ul> <h2><!-- raw HTML omitted -->6.4.1 (2025-10-20)<!-- raw HTML omitted --></h2> <ul> <li>fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>) (<a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8">1114b5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a> <a href="https://redirect.github.com/vitejs/vite/issues/20969">#20969</a></li> </ul> <h2>6.4.0 (2025-10-15)</h2> <ul> <li>feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>) (<a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a">ca6455e</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20932">#20932</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.7 (2025-10-14)<!-- raw HTML omitted --></h2> <ul> <li>fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>) (<a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff">c59a222</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20940">#20940</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.6 (2025-09-08)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href="https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f">0ab19ea</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li> <li>fix: upgrade sirv to 3.0.2 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>) (<a href="https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0">e11d240</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20735">#20735</a></li> <li>test: detect ts support via <code>process.features</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>) (<a href="https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79">7d99229</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20544">#20544</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.5 (2025-05-05)<!-- raw HTML omitted --></h2> <ul> <li>fix(ssr): handle uninitialized export access as undefined (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959">#19959</a>) (<a href="https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5">fd38d07</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19959">#19959</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.4 (2025-04-30)<!-- raw HTML omitted --></h2> <ul> <li>fix: check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>) (<a href="https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb">c22c43d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19965">#19965</a></li> <li>fix(optimizer): return plain object when using <code>require</code> to import externals in optimized dependenci (<a href="https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643">efc5eab</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19940">#19940</a></li> <li>refactor: remove duplicate plugin context type (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935">#19935</a>) (<a href="https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0">d6d01c2</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19935">#19935</a></li> </ul> <h2><!-- raw HTML omitted -->6.3.3 (2025-04-24)<!-- raw HTML omitted --></h2> <ul> <li>fix: ignore malformed uris in tranform middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853">#19853</a>) (<a href="https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a">e4d5201</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19853">#19853</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045"><code>6b3fad0</code></a> release: v6.4.2</li> <li><a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b"><code>ca4da5d</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b"><code>fe28e47</code></a> fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3"><code>5487f4f</code></a> release: v6.4.1</li> <li><a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8"><code>1114b5d</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103"><code>f12697c</code></a> release: v6.4.0</li> <li><a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a"><code>ca6455e</code></a> feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af"><code>0e173d8</code></a> release: v6.3.7</li> <li><a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff"><code>c59a222</code></a> fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb"><code>3f337c5</code></a> release: v6.3.6</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v6.4.2/packages/vite">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
619e176fa4 |
Bump ruff from 0.15.6 to 0.15.9 (#894)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.6 to 0.15.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.15.9</h2> <h2>Release Notes</h2> <p>Released on 2026-04-02.</p> <h3>Preview features</h3> <ul> <li>[<code>pyflakes</code>] Flag annotated variable redeclarations as <code>F811</code> in preview mode (<a href="https://redirect.github.com/astral-sh/ruff/pull/24244">#24244</a>)</li> <li>[<code>ruff</code>] Allow dunder-named assignments in non-strict mode for <code>RUF067</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24089">#24089</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-errmsg</code>] Avoid shadowing existing <code>msg</code> in fix for <code>EM101</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24363">#24363</a>)</li> <li>[<code>flake8-simplify</code>] Ignore pre-initialization references in <code>SIM113</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24235">#24235</a>)</li> <li>[<code>pycodestyle</code>] Fix <code>W391</code> fixes for consecutive empty notebook cells (<a href="https://redirect.github.com/astral-sh/ruff/pull/24236">#24236</a>)</li> <li>[<code>pyupgrade</code>] Fix <code>UP008</code> nested class matching (<a href="https://redirect.github.com/astral-sh/ruff/pull/24273">#24273</a>)</li> <li>[<code>pyupgrade</code>] Ignore strings with string-only escapes (<code>UP012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16058">#16058</a>)</li> <li>[<code>ruff</code>] <code>RUF072</code>: skip formfeeds on dedent (<a href="https://redirect.github.com/astral-sh/ruff/pull/24308">#24308</a>)</li> <li>[<code>ruff</code>] Avoid re-using symbol in <code>RUF024</code> fix (<a href="https://redirect.github.com/astral-sh/ruff/pull/24316">#24316</a>)</li> <li>[<code>ruff</code>] Parenthesize expression in <code>RUF050</code> fix (<a href="https://redirect.github.com/astral-sh/ruff/pull/24234">#24234</a>)</li> <li>Disallow starred expressions as values of starred expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/24280">#24280</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-simplify</code>] Suppress <code>SIM105</code> for <code>except*</code> before Python 3.12 (<a href="https://redirect.github.com/astral-sh/ruff/pull/23869">#23869</a>)</li> <li>[<code>pyflakes</code>] Extend <code>F507</code> to flag <code>%</code>-format strings with zero placeholders (<a href="https://redirect.github.com/astral-sh/ruff/pull/24215">#24215</a>)</li> <li>[<code>pyupgrade</code>] <code>UP018</code> should detect more unnecessarily wrapped literals (UP018) (<a href="https://redirect.github.com/astral-sh/ruff/pull/24093">#24093</a>)</li> <li>[<code>pyupgrade</code>] Fix <code>UP008</code> callable scope handling to support lambdas (<a href="https://redirect.github.com/astral-sh/ruff/pull/24274">#24274</a>)</li> <li>[<code>ruff</code>] <code>RUF010</code>: Mark fix as unsafe when it deletes a comment (<a href="https://redirect.github.com/astral-sh/ruff/pull/24270">#24270</a>)</li> </ul> <h3>Formatter</h3> <ul> <li>Add <code>nested-string-quote-style</code> formatting option (<a href="https://redirect.github.com/astral-sh/ruff/pull/24312">#24312</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>[<code>flake8-bugbear</code>] Clarify RUF071 fix safety for non-path string comparisons (<a href="https://redirect.github.com/astral-sh/ruff/pull/24149">#24149</a>)</li> <li>[<code>flake8-type-checking</code>] Clarify import cycle wording for <code>TC001</code>/<code>TC002</code>/<code>TC003</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24322">#24322</a>)</li> </ul> <h3>Other changes</h3> <ul> <li>Avoid rendering fix lines with trailing whitespace after <code>|</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24343">#24343</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/charliermarsh"><code>@charliermarsh</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/tranhoangtu-it"><code>@tranhoangtu-it</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/zsol"><code>@zsol</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.15.9</h2> <p>Released on 2026-04-02.</p> <h3>Preview features</h3> <ul> <li>[<code>pyflakes</code>] Flag annotated variable redeclarations as <code>F811</code> in preview mode (<a href="https://redirect.github.com/astral-sh/ruff/pull/24244">#24244</a>)</li> <li>[<code>ruff</code>] Allow dunder-named assignments in non-strict mode for <code>RUF067</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24089">#24089</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-errmsg</code>] Avoid shadowing existing <code>msg</code> in fix for <code>EM101</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24363">#24363</a>)</li> <li>[<code>flake8-simplify</code>] Ignore pre-initialization references in <code>SIM113</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24235">#24235</a>)</li> <li>[<code>pycodestyle</code>] Fix <code>W391</code> fixes for consecutive empty notebook cells (<a href="https://redirect.github.com/astral-sh/ruff/pull/24236">#24236</a>)</li> <li>[<code>pyupgrade</code>] Fix <code>UP008</code> nested class matching (<a href="https://redirect.github.com/astral-sh/ruff/pull/24273">#24273</a>)</li> <li>[<code>pyupgrade</code>] Ignore strings with string-only escapes (<code>UP012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16058">#16058</a>)</li> <li>[<code>ruff</code>] <code>RUF072</code>: skip formfeeds on dedent (<a href="https://redirect.github.com/astral-sh/ruff/pull/24308">#24308</a>)</li> <li>[<code>ruff</code>] Avoid re-using symbol in <code>RUF024</code> fix (<a href="https://redirect.github.com/astral-sh/ruff/pull/24316">#24316</a>)</li> <li>[<code>ruff</code>] Parenthesize expression in <code>RUF050</code> fix (<a href="https://redirect.github.com/astral-sh/ruff/pull/24234">#24234</a>)</li> <li>Disallow starred expressions as values of starred expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/24280">#24280</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-simplify</code>] Suppress <code>SIM105</code> for <code>except*</code> before Python 3.12 (<a href="https://redirect.github.com/astral-sh/ruff/pull/23869">#23869</a>)</li> <li>[<code>pyflakes</code>] Extend <code>F507</code> to flag <code>%</code>-format strings with zero placeholders (<a href="https://redirect.github.com/astral-sh/ruff/pull/24215">#24215</a>)</li> <li>[<code>pyupgrade</code>] <code>UP018</code> should detect more unnecessarily wrapped literals (UP018) (<a href="https://redirect.github.com/astral-sh/ruff/pull/24093">#24093</a>)</li> <li>[<code>pyupgrade</code>] Fix <code>UP008</code> callable scope handling to support lambdas (<a href="https://redirect.github.com/astral-sh/ruff/pull/24274">#24274</a>)</li> <li>[<code>ruff</code>] <code>RUF010</code>: Mark fix as unsafe when it deletes a comment (<a href="https://redirect.github.com/astral-sh/ruff/pull/24270">#24270</a>)</li> </ul> <h3>Formatter</h3> <ul> <li>Add <code>nested-string-quote-style</code> formatting option (<a href="https://redirect.github.com/astral-sh/ruff/pull/24312">#24312</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>[<code>flake8-bugbear</code>] Clarify RUF071 fix safety for non-path string comparisons (<a href="https://redirect.github.com/astral-sh/ruff/pull/24149">#24149</a>)</li> <li>[<code>flake8-type-checking</code>] Clarify import cycle wording for <code>TC001</code>/<code>TC002</code>/<code>TC003</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24322">#24322</a>)</li> </ul> <h3>Other changes</h3> <ul> <li>Avoid rendering fix lines with trailing whitespace after <code>|</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/24343">#24343</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/charliermarsh"><code>@charliermarsh</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/tranhoangtu-it"><code>@tranhoangtu-it</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/zsol"><code>@zsol</code></a></li> <li><a href="https://github.com/renovate"><code>@renovate</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/724ccc1ae8a61e872cf58435f2c073189dc248f2"><code>724ccc1</code></a> Bump 0.15.9 (<a href="https://redirect.github.com/astral-sh/ruff/issues/24369">#24369</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/96d9e0964cb87498ef15510ea7f896ba336659f9"><code>96d9e09</code></a> [ty] Move the <code>deferred</code> submodule inside <code>infer/builder</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/24368">#24368</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/130da28d610a466721bb942e8a5e0ec47bbe3469"><code>130da28</code></a> [ty] Infer the <code>extra_items</code> keyword argument to class-based TypedDicts as an...</li> <li><a href="https://github.com/astral-sh/ruff/commit/a617c54b0708a8c1eb850cc3b2a5caee21137a28"><code>a617c54</code></a> [ty] Validate type qualifiers in functional TypedDict fields and the `extra_i...</li> <li><a href="https://github.com/astral-sh/ruff/commit/d8517087c6cd0aa4f33dcede605ff642941dd74b"><code>d851708</code></a> [ty] Improve robustness of various type-qualifier-related checks (<a href="https://redirect.github.com/astral-sh/ruff/issues/24251">#24251</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/aecb5877c6d6fe035c03aba994ec3a7b935b8f02"><code>aecb587</code></a> Only run the release-gate on workflow dispatch (<a href="https://redirect.github.com/astral-sh/ruff/issues/24366">#24366</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b88957174311030927bf564da32d05dee0eb89d9"><code>b889571</code></a> [ty] Use <code>infer_type_expression</code> for parsing parameter annotations and return...</li> <li><a href="https://github.com/astral-sh/ruff/commit/3286a62be986a8d6d04d95b3bc619f06e012fa2f"><code>3286a62</code></a> Add a "release-gate" step to the release workflow (<a href="https://redirect.github.com/astral-sh/ruff/issues/24365">#24365</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/5f88756ee10e3faf0e96c883c34c95fc78200536"><code>5f88756</code></a> Disallow starred expressions as values of starred expressions (<a href="https://redirect.github.com/astral-sh/ruff/issues/24280">#24280</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/5c59f8a46965cac3470f09972196c8620faa4626"><code>5c59f8a</code></a> [<code>pyupgrade</code>] Ignore strings with string-only escapes (<code>UP012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/16058">#16058</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.15.6...0.15.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d09daaaeb2 |
Bump fastapi from 0.135.2 to 0.135.3 (#895)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.135.3</h2> <h3>Features</h3> <ul> <li>✨ Add support for <code>@app.vibe()</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15280">#15280</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>. <ul> <li>New docs: <a href="https://fastapi.tiangolo.com/advanced/vibe/">Vibe Coding</a>.</li> </ul> </li> </ul> <h3>Docs</h3> <ul> <li>✏️ Fix typo for <code>client_secret</code> in OAuth2 form docstrings. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14946">#14946</a> by <a href="https://github.com/bysiber"><code>@bysiber</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>👥 Update FastAPI People - Experts. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15279">#15279</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump orjson from 3.11.7 to 3.11.8. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15276">#15276</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>⬆ Bump ruff from 0.15.0 to 0.15.8. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15277">#15277</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👥 Update FastAPI GitHub topic repositories. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15274">#15274</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15267">#15267</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👥 Update FastAPI People - Contributors and Translators. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15270">#15270</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump requests from 2.32.5 to 2.33.0. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15228">#15228</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👷 Add ty check to <code>lint.sh</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15136">#15136</a> by <a href="https://github.com/svlandeg"><code>@svlandeg</code></a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528"><code>1f442c4</code></a> 🔖 Release version 0.135.3</li> <li><a href="https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746"><code>8f5d157</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba"><code>428452a</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5"><code>70580da</code></a> ✨ Add support for <code>@app.vibe()</code> (<a href="https://redirect.github.com/fastapi/fastapi/issues/15280">#15280</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce"><code>6ee8747</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49"><code>3e72c09</code></a> 👥 Update FastAPI People - Experts (<a href="https://redirect.github.com/fastapi/fastapi/issues/15279">#15279</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61"><code>96df35f</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20"><code>6c81125</code></a> ⬆ Bump orjson from 3.11.7 to 3.11.8 (<a href="https://redirect.github.com/fastapi/fastapi/issues/15276">#15276</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5"><code>428f82c</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514"><code>5599c59</code></a> ⬆ Bump ruff from 0.15.0 to 0.15.8 (<a href="https://redirect.github.com/fastapi/fastapi/issues/15277">#15277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ff94a9248f |
Bump uvicorn from 0.42.0 to 0.44.0 (#893)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p> <blockquote> <h2>Version 0.44.0</h2> <h2>What's Changed</h2> <ul> <li>Implement websocket keepalive pings for websockets-sansio by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2888">Kludex/uvicorn#2888</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0">https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0</a></p> <h2>Version 0.43.0</h2> <h2>Changed</h2> <ul> <li>Emit <code>http.disconnect</code> ASGI <code>receive()</code> event on server shutting down for streaming responses (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2829">#2829</a>)</li> <li>Use native <code>context</code> parameter for <code>create_task</code> on Python 3.11+ (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2859">#2859</a>)</li> <li>Drop cast in ASGI types (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2875">#2875</a>)</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0">https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p> <blockquote> <h2>0.44.0 (April 6, 2026)</h2> <h3>Added</h3> <ul> <li>Implement websocket keepalive pings for websockets-sansio (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2888">#2888</a>)</li> </ul> <h2>0.43.0 (April 3, 2026)</h2> <p>You can quit Uvicorn now. We heard you, <a href="https://github.com/pamelafox"><code>@pamelafox</code></a> - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to <a href="https://github.com/tiangolo"><code>@tiangolo</code></a> for the fix 🙏). <a href="https://x.com/pamelafox/status/2039097686155227623">See the tweet</a>.</p> <h3>Changed</h3> <ul> <li>Emit <code>http.disconnect</code> ASGI <code>receive()</code> event on server shutting down for streaming responses (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2829">#2829</a>)</li> <li>Use native <code>context</code> parameter for <code>create_task</code> on Python 3.11+ (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2859">#2859</a>)</li> <li>Drop cast in ASGI types (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2875">#2875</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/uvicorn/commit/edb54c43c0321c0b41eee1473f3f4cf145e8927f"><code>edb54c4</code></a> Version 0.44.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2890">#2890</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/029be08867fe899cde6fd31a3ba75fffca7bd9ae"><code>029be08</code></a> Implement websocket keepalive pings for websockets-sansio (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2888">#2888</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/8d397c73191b49c6d5280098d7c09dbe474e00bf"><code>8d397c7</code></a> Version 0.43.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2885">#2885</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/587042d68ff6c813ec0d8cfafaa820ebe7229d23"><code>587042d</code></a> 🐛 Emit <code>http.disconnect</code> ASGI <code>receive()</code> event on server shutting down for s...</li> <li><a href="https://github.com/Kludex/uvicorn/commit/c9a75fb67b2e969253a41ef4ad447e013eee879e"><code>c9a75fb</code></a> chore(deps): bump the github-actions group with 3 updates (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2878">#2878</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/84fd578224e36766efb056585cb6cc5171270089"><code>84fd578</code></a> chore(deps): bump pygments from 2.19.2 to 2.20.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2877">#2877</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/cd52d34b55d898180a65cfc01a6a88aac54c65c3"><code>cd52d34</code></a> Use native <code>context</code> parameter for <code>create_task</code> on Python 3.11+ (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2859">#2859</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/5211880320b2e99a532eb121808039404da234ab"><code>5211880</code></a> Drop cast in ASGI types (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2875">#2875</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/1cb8e747e2817ee46a4c0d44139e46b3b1f8fab6"><code>1cb8e74</code></a> Add websocket 500 fallback header test (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2874">#2874</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/28efbb24bd590f1f943cbc2bf84f197268a8c6d8"><code>28efbb2</code></a> chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2873">#2873</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
73b59980e6 |
Bump langchain-core from 1.2.23 to 1.2.28 in the pip group across 1 directory (#897)
Bumps the pip group with 1 update in the / directory: [langchain-core](https://github.com/langchain-ai/langchain). Updates `langchain-core` from 1.2.23 to 1.2.28 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-core's releases</a>.</em></p> <blockquote> <h2>langchain-core==1.2.28</h2> <p>Changes since langchain-core==1.2.27</p> <p>release(core): release 1.2.28 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36614">#36614</a>) fix(core): add more sanitization to templates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36612">#36612</a>)</p> <h2>langchain-core==1.2.27</h2> <p>Changes since langchain-core==1.2.26</p> <p>release(core): 1.2.27 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36586">#36586</a>) fix(core): handle symlinks in deprecated prompt save path (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36585">#36585</a>) chore: add comment explaining <code>pygments>=2.20.0</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36570">#36570</a>)</p> <p>Credit to Jeff Ponte (<a href="https://github.com/JDP-Security"><code>@JDP-Security</code></a>) for reporting the symlink resolution issue in <a href="https://redirect.github.com/langchain-ai/langchain/issues/36585">#36585</a>.</p> <h2>langchain-core==1.2.26</h2> <p>Changes since langchain-core==1.2.25</p> <p>release(core): 1.2.26 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36511">#36511</a>) fix(core): add init validator and serialization mappings for Bedrock models (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34510">#34510</a>) feat(core): add <code>ChatBaseten</code> to serializable mapping (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36510">#36510</a>) chore(core): drop <code>gpt-3.5-turbo</code> from docstrings (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36497">#36497</a>) fix(core): correct parameter names in filter_messages docstring example (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36462">#36462</a>)</p> <h2>langchain-core==1.2.25</h2> <p>Changes since langchain-core==1.2.24</p> <p>release(core): 1.2.25 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36473">#36473</a>) fix(core): harden check for txt files in deprecated prompt loading functions (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36471">#36471</a>) fix(core): fixed typos in the documentation (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36459">#36459</a>)</p> <p>Credit to Jeff Ponte (<a href="https://github.com/JDP-Security"><code>@JDP-Security</code></a>) for reporting the symlink resolution issue resolved in <a href="https://redirect.github.com/langchain-ai/langchain/issues/36471">#36471</a>.</p> <h2>langchain-core==1.2.24</h2> <p>Changes since langchain-core==1.2.23</p> <p>release(core): 1.2.24 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36434">#36434</a>) feat(core): impute placeholder filenames for OpenAI file inputs (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36433">#36433</a>) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36385">#36385</a>) fix(core): add "computer" to _WellKnownOpenAITools (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36261">#36261</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/dd7c3eb3a4acfc834b038ec9dbde94478c66776e"><code>dd7c3eb</code></a> release(core): release 1.2.28 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36614">#36614</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258"><code>af2ed47</code></a> fix(core): add more sanitization to templates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36612">#36612</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/7e5858d8078124f98f10102da21414689467c132"><code>7e5858d</code></a> release(standard-tests): 1.1.6 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36610">#36610</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/fe99cb29123b704a90f5c8587a757def3b1471e0"><code>fe99cb2</code></a> fix(standard-tests): update standard tests for sandbox backends (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36036">#36036</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/65bbd47cb2721c51ef8638f9e7da35247c4bfdde"><code>65bbd47</code></a> chore(model-profiles): refresh model profile data (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36596">#36596</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/64864041168606535dfbd39055c0dca3dd61b5ba"><code>6486404</code></a> release(core): 1.2.27 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36586">#36586</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/7629c747260cbaed7ca55466d5b9e1b520a7de77"><code>7629c74</code></a> fix(core): handle symlinks in deprecated prompt save path (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36585">#36585</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/ce21bf469d7493f4716bc30feb15a5b3f16ebe1e"><code>ce21bf4</code></a> ci: convert working-directory to validated dropdown (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36575">#36575</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/b8698eacbd2960c7e3195018f42992bf2c9d69c7"><code>b8698ea</code></a> release(ollama): 1.1.0 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36574">#36574</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/3beba77e2e23d498fda07f9b8d6ba00aabfaf69f"><code>3beba77</code></a> feat(ollama): support <code>response_format</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34612">#34612</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.23...langchain-core==1.2.28">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
279630ca2c |
fix: patch 8 security alerts (all severities) (#891)
## Security Alert Patch Resolves 8 Dependabot security alerts across all severity tiers. ### Packages Updated | Package | Old Constraint | New Constraint | Strategy | Scope | CVEs Resolved | |---------|---------------|----------------|----------|-------|---------------| | Pygments | 2.19.2 | 2.20.0 | A — lockfile update | runtime (transitive) | CVE-2026-4539 | | yaml | 1.10.2 | 1.10.3 | A — lockfile patch | runtime (transitive) | CVE-2026-33532 | | yaml | 2.3.3 | 2.8.3 | A — lockfile regen | dev (transitive) | CVE-2026-33532 | | esbuild | 0.21.5 / 0.24.2 | 0.25.0 | C — resolution override (dev-only) | dev-only | GHSA-67mh-4wv8-2f99 | Strategy = direct bump (A) / override (C, dev-only) Scope = runtime (transitive) = transitive dep in runtime chain / dev-only = local dev only ### CVE Details - **CVE-2026-4539** (low) — Pygments ReDoS via inefficient regex for GUID matching. [GHSA-5239-wwwm-4pmq](https://github.com/advisories/GHSA-5239-wwwm-4pmq) - **CVE-2026-33532** (medium) — yaml stack overflow via deeply nested YAML collections. [GHSA-48c2-rrv3-qjmp](https://github.com/advisories/GHSA-48c2-rrv3-qjmp) - **GHSA-67mh-4wv8-2f99** (medium) — esbuild dev server allows any website to send requests and read responses. [GHSA-67mh-4wv8-2f99](https://github.com/advisories/GHSA-67mh-4wv8-2f99) ### Linear Tickets No matching Linear tickets found for the resolved CVEs. ### Verification - [x] All lockfiles regenerated - [x] Linters pass (`ruff check`, `ruff format --check`) - [x] Tests pass (123 passed) 🤖 Submitted by langster-patch |
||
|
|
ad0c8a8ce1 |
Bump pytest-socket from 0.6.0 to 0.7.0 (#890)
Bumps [pytest-socket](https://github.com/miketheman/pytest-socket) from 0.6.0 to 0.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/miketheman/pytest-socket/releases">pytest-socket's releases</a>.</em></p> <blockquote> <h2>0.7.0</h2> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/191">miketheman/pytest-socket#191</a></li> <li>chore(deps-dev): update starlette requirement from ^0.23.0 to ^0.24.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/192">miketheman/pytest-socket#192</a></li> <li>feat: force enable socket CLI flag by <a href="https://github.com/mgaitan"><code>@mgaitan</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/186">miketheman/pytest-socket#186</a></li> <li>chore(deps-dev): update starlette requirement from ^0.24.0 to ^0.25.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/193">miketheman/pytest-socket#193</a></li> <li>chore(deps): update actions/checkout action to v3.4.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/198">miketheman/pytest-socket#198</a></li> <li>chore(deps): bump actions/stale from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/200">miketheman/pytest-socket#200</a></li> <li>chore(deps): bump actions/checkout from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/202">miketheman/pytest-socket#202</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/204">miketheman/pytest-socket#204</a></li> <li>chore(deps-dev): update starlette requirement from ^0.25.0 to ^0.26.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/197">miketheman/pytest-socket#197</a></li> <li>chore(deps): update actions/checkout action to v3.5.2 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/207">miketheman/pytest-socket#207</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/213">miketheman/pytest-socket#213</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/214">miketheman/pytest-socket#214</a></li> <li>chore(deps): update dependency pytest-httpbin to v2 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/215">miketheman/pytest-socket#215</a></li> <li>chore(deps): update dependency starlette to ^0.27.0 [security] by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/219">miketheman/pytest-socket#219</a></li> <li>chore(deps): update actions/checkout action to v3.5.3 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/222">miketheman/pytest-socket#222</a></li> <li>chore(deps): update dependency starlette to ^0.28.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/225">miketheman/pytest-socket#225</a></li> <li>chore(deps): update dependency httpx to ^0.24.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/206">miketheman/pytest-socket#206</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/224">miketheman/pytest-socket#224</a></li> <li>test: remove deprecated asynctest by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/226">miketheman/pytest-socket#226</a></li> <li>test: test against Python 3.11 by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/175">miketheman/pytest-socket#175</a></li> <li>test: extract common function for reuse by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/227">miketheman/pytest-socket#227</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/228">miketheman/pytest-socket#228</a></li> <li>test: update test remote with stable service by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/231">miketheman/pytest-socket#231</a></li> <li>test: speed up with dependency caching by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/232">miketheman/pytest-socket#232</a></li> <li>fix: only emit license and readme for sdist by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/233">miketheman/pytest-socket#233</a></li> <li>test: don't fail silently by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/234">miketheman/pytest-socket#234</a></li> <li>chore(allow_hosts): Use getaddrinfo instead of gethostbyname by <a href="https://github.com/hasier"><code>@hasier</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/209">miketheman/pytest-socket#209</a></li> <li>chore(deps): update dependency pytest to v7.4.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/235">miketheman/pytest-socket#235</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/236">miketheman/pytest-socket#236</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/237">miketheman/pytest-socket#237</a></li> <li>chore(deps-dev): bump starlette from 0.28.0 to 0.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/239">miketheman/pytest-socket#239</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/240">miketheman/pytest-socket#240</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/241">miketheman/pytest-socket#241</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/242">miketheman/pytest-socket#242</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/243">miketheman/pytest-socket#243</a></li> <li>chore(deps): update actions/checkout action to v3.6.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/244">miketheman/pytest-socket#244</a></li> <li>chore(deps): update dependency coverage to v7.3.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/247">miketheman/pytest-socket#247</a></li> <li>chore(deps-dev): bump certifi from 2023.5.7 to 2023.7.22 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/249">miketheman/pytest-socket#249</a></li> <li>chore(deps): update dependency pytest to v7.4.1 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/250">miketheman/pytest-socket#250</a></li> <li>chore(deps): update actions/checkout action to v4 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/251">miketheman/pytest-socket#251</a></li> <li>chore(deps): update dependency pytest-randomly to v3.15.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/248">miketheman/pytest-socket#248</a></li> <li>chore(deps): update dependency coverage to v7.3.1 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/252">miketheman/pytest-socket#252</a></li> <li>chore(deps): update dependency pytest to v7.4.2 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/253">miketheman/pytest-socket#253</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/254">miketheman/pytest-socket#254</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/256">miketheman/pytest-socket#256</a></li> <li>chore(deps): update actions/checkout action to v4.1.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/257">miketheman/pytest-socket#257</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/258">miketheman/pytest-socket#258</a></li> <li>chore(deps): update minimum required pytest version by <a href="https://github.com/miketheman"><code>@miketheman</code></a> in <a href="https://redirect.github.com/miketheman/pytest-socket/pull/269">miketheman/pytest-socket#269</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/miketheman/pytest-socket/blob/main/CHANGELOG.md">pytest-socket's changelog</a>.</em></p> <blockquote> <h2>[0.7.0][] (2024-01-28)</h2> <p>Enhancements:</p> <ul> <li>Force enable socket CLI flag <a href="https://redirect.github.com/miketheman/pytest-socket/issues/186">#186</a></li> <li>Use <code>getaddrinfo()</code> instead of <code>gethostbyname()</code> <a href="https://redirect.github.com/miketheman/pytest-socket/issues/209">#209</a></li> <li>Allow both Hosts via IP and Name <a href="https://redirect.github.com/miketheman/pytest-socket/issues/275">#275</a></li> </ul> <p>Changes:</p> <ul> <li><strong>Removed support for Python 3.7 and older.</strong></li> <li>Dependency updates</li> <li>Development updates</li> <li>Testing updates</li> <li>Emit license and readme for source distribution <a href="https://redirect.github.com/miketheman/pytest-socket/issues/233">#233</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/miketheman/pytest-socket/commit/93f704bc7989cee1df10024e0344c08e16055300"><code>93f704b</code></a> pytest-socket, v0.7.0</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/f8c904d66a4e53e72328407118ed6095cf7fe7e7"><code>f8c904d</code></a> docs: update readme for clarity</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/e9899eb11531e0905c5da799246c0d943353d72f"><code>e9899eb</code></a> chore: remove custom condeql config</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/0621810d5edaf0d44b6f7eb802a83ec089b24612"><code>0621810</code></a> chore(dependencies): update custom httpbin pin (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/302">#302</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/c78b94674965de1d4f536ad4934cf348c866cca5"><code>c78b946</code></a> chore(deps-dev): bump starlette from 0.35.1 to 0.36.1 (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/301">#301</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/7d7f2dffd0ec9fc0cc70e00e8e0c4e89286f3adf"><code>7d7f2df</code></a> chore(deps-dev): bump jinja2 from 3.1.2 to 3.1.3 (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/299">#299</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/182efc81512834f9da212733fa825ba994bc7c71"><code>182efc8</code></a> chore(deps-dev): bump starlette from 0.34.0 to 0.35.1 (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/300">#300</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/8cc5ec0c0f1ea6ddff46ada8450a347f0831c044"><code>8cc5ec0</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/297">#297</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/fbd9abf3205ecc5a62c019acd1bbc58ccab18d9c"><code>fbd9abf</code></a> chore(deps): update dependency httpx to ^0.26.0 (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/292">#292</a>)</li> <li><a href="https://github.com/miketheman/pytest-socket/commit/16b74f83c38ca2855dfd9ee94d96b518471f6a3b"><code>16b74f8</code></a> chore(deps): update dependency coverage to v7.4.0 (<a href="https://redirect.github.com/miketheman/pytest-socket/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https://github.com/miketheman/pytest-socket/compare/0.6.0...0.7.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
81fa67452f |
Bump fastapi from 0.135.1 to 0.135.2 (#889)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.135.2</h2> <h3>Upgrades</h3> <ul> <li>⬆️ Increase lower bound to <code>pydantic >=2.9.0.</code> and fix the test suite. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15139">#15139</a> by <a href="https://github.com/svlandeg"><code>@svlandeg</code></a>.</li> </ul> <h3>Docs</h3> <ul> <li>📝 Add missing last release notes dates. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15202">#15202</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Update docs for contributors and team members regarding translation PRs. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15200">#15200</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>💄 Fix code blocks in reference docs overflowing table width. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15094">#15094</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>📝 Fix duplicated words in docstrings. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15116">#15116</a> by <a href="https://github.com/AhsanSheraz"><code>@AhsanSheraz</code></a>.</li> <li>📝 Add docs for <code>pyproject.toml</code> with <code>entrypoint</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15075">#15075</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Update links in docs to no longer use the classes external-link and internal-link. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15061">#15061</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🔨 Add JS and CSS handling for automatic <code>target=_blank</code> for links in docs. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15063">#15063</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>💄 Update styles for internal and external links in new tab. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15058">#15058</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Add documentation for the FastAPI VS Code extension. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15008">#15008</a> by <a href="https://github.com/savannahostrowski"><code>@savannahostrowski</code></a>.</li> <li>📝 Fix doctrings for <code>max_digits</code> and <code>decimal_places</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14944">#14944</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>📝 Add dates to release notes. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15001">#15001</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Update translations for zh (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15177">#15177</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh-hant (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15178">#15178</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh-hant (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15176">#15176</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15175">#15175</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ja (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15171">#15171</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ko (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15170">#15170</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for tr (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15172">#15172</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ko (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15168">#15168</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ja (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15167">#15167</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for tr (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15169">#15169</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for fr (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15165">#15165</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for fr (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15163">#15163</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for uk (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15160">#15160</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for uk (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15158">#15158</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for pt (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15157">#15157</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for pt (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15159">#15159</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for es (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15155">#15155</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for es (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15154">#15154</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for de (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15156">#15156</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ru (update-and-add). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15152">#15152</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for de (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15153">#15153</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>🔨 Exclude spam comments from statistics in <code>scripts/people.py</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15088">#15088</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>⬆ Bump authlib from 1.6.7 to 1.6.9. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15128">#15128</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15143">#15143</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>⬆ Bump ujson from 5.11.0 to 5.12.0. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15150">#15150</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>🔨 Tweak translation workflow and translation fixer tool. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15166">#15166</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastapi/fastapi/commit/25a3697cedc6e7dfb84e93c8ff965801486f00f4"><code>25a3697</code></a> 🔖 Release version 0.135.2</li> <li><a href="https://github.com/fastapi/fastapi/commit/ab125daa4034435777853a2c5a6c47451414f9aa"><code>ab125da</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/122b6d490f844b6f716855d55a3e11237b7fb61f"><code>122b6d4</code></a> 📝 Add missing last release notes dates (<a href="https://redirect.github.com/fastapi/fastapi/issues/15202">#15202</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/68ac0ab91e9b14c418013790fc0e420a827686b5"><code>68ac0ab</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/ea6e287eb398afe6a82c3ef71780e8451813f674"><code>ea6e287</code></a> 📝 Update docs for contributors and team members regarding translation PRs (<a href="https://redirect.github.com/fastapi/fastapi/issues/1">#1</a>...</li> <li><a href="https://github.com/fastapi/fastapi/commit/d0a6f208c5cb5daaa1de5ea5187729e3789d1dce"><code>d0a6f20</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/fd9e192cf4fae399c0d51dd23e2a137052eb6087"><code>fd9e192</code></a> 💄 Fix code blocks in reference docs overflowing table width (<a href="https://redirect.github.com/fastapi/fastapi/issues/15094">#15094</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/fce9460f865928eb7d0393d8809bbc472e0c21cd"><code>fce9460</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/0227991a01e61bf5cdd93cc00e9e243f52b47a4a"><code>0227991</code></a> 🔨 Exclude spam comments from statistics in <code>scripts/people.py</code> (<a href="https://redirect.github.com/fastapi/fastapi/issues/15088">#15088</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/cbd64b09a32681d3b0ea097608bc62eb0d1587e0"><code>cbd64b0</code></a> 📝 Update release notes</li> <li>Additional commits viewable in <a href="https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0cf1cdb692 |
Bump openai from 2.24.0 to 2.30.0 (#888)
Bumps [openai](https://github.com/openai/openai-python) from 2.24.0 to 2.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openai/openai-python/releases">openai's releases</a>.</em></p> <blockquote> <h2>v2.30.0</h2> <h2>2.30.0 (2026-03-25)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.29.0...v2.30.0">v2.29.0...v2.30.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (<a href="https://github.com/openai/openai-python/commit/ee1bbeddbb38dab817557412dc106354409bb950">ee1bbed</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>api:</strong> align SDK response types with expanded item schemas (<a href="https://github.com/openai/openai-python/commit/f3f258a9d4d19db3fb0c6c35e25ad3cedbe71254">f3f258a</a>)</li> <li>sanitize endpoint path params (<a href="https://github.com/openai/openai-python/commit/89f66988fde790c0c83ff8b876d1e1b10d616367">89f6698</a>)</li> <li><strong>types:</strong> make type required in ResponseInputMessageItem (<a href="https://github.com/openai/openai-python/commit/cfdb1676ea0550840330a58f1a31a40a41a0a53f">cfdb167</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> skip lint on metadata-only changes (<a href="https://github.com/openai/openai-python/commit/faa93e19a1d5c30c7dd672a08dbbdbb3c0374714">faa93e1</a>)</li> <li><strong>internal:</strong> update gitignore (<a href="https://github.com/openai/openai-python/commit/c468477f1546579618865a726e35a685cffeacd9">c468477</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.4 (<a href="https://github.com/openai/openai-python/commit/f350af86c13ade0237778010d264c55fda443354">f350af8</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.5 (<a href="https://github.com/openai/openai-python/commit/5c0340128fc1a416e2dfdc6ab4b05f1e954e8482">5c03401</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.6 (<a href="https://github.com/openai/openai-python/commit/b6353b8411d31dcc95875d801ce9e90a21e0fd52">b6353b8</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.7 (<a href="https://github.com/openai/openai-python/commit/1d654bea74ac9c3d43302587f98f33cfff502e48">1d654be</a>)</li> </ul> <h3>Refactors</h3> <ul> <li><strong>tests:</strong> switch from prism to steady (<a href="https://github.com/openai/openai-python/commit/4a82035669b739d16a0e85d4ded778d51e061948">4a82035</a>)</li> </ul> <h2>v2.29.0</h2> <h2>2.29.0 (2026-03-17)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.28.0...v2.29.0">v2.28.0...v2.29.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> 5.4 nano and mini model slugs (<a href="https://github.com/openai/openai-python/commit/3b456661f77ca3196aceb5ab3350664a63481114">3b45666</a>)</li> <li><strong>api:</strong> add /v1/videos endpoint to batches create method (<a href="https://github.com/openai/openai-python/commit/c0e7a161a996854021e9eb69ea2a60ca0d08047f">c0e7a16</a>)</li> <li><strong>api:</strong> add defer_loading field to ToolFunction (<a href="https://github.com/openai/openai-python/commit/3167595432bdda2f90721901d30ad316db49323e">3167595</a>)</li> <li><strong>api:</strong> add in and nin operators to ComparisonFilter type (<a href="https://github.com/openai/openai-python/commit/664f02b051af84e1ca3fa313981ec72fdea269b3">664f02b</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump minimum typing-extensions version (<a href="https://github.com/openai/openai-python/commit/a2fb2ca55142c6658a18be7bd1392a01f5a83f35">a2fb2ca</a>)</li> <li><strong>pydantic:</strong> do not pass <code>by_alias</code> unless set (<a href="https://github.com/openai/openai-python/commit/8ebe8fbcb011c6a005a715cae50c6400a8596ee0">8ebe8fb</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/openai/openai-python/blob/main/CHANGELOG.md">openai's changelog</a>.</em></p> <blockquote> <h2>2.30.0 (2026-03-25)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.29.0...v2.30.0">v2.29.0...v2.30.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (<a href="https://github.com/openai/openai-python/commit/ee1bbeddbb38dab817557412dc106354409bb950">ee1bbed</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>api:</strong> align SDK response types with expanded item schemas (<a href="https://github.com/openai/openai-python/commit/f3f258a9d4d19db3fb0c6c35e25ad3cedbe71254">f3f258a</a>)</li> <li>sanitize endpoint path params (<a href="https://github.com/openai/openai-python/commit/89f66988fde790c0c83ff8b876d1e1b10d616367">89f6698</a>)</li> <li><strong>types:</strong> make type required in ResponseInputMessageItem (<a href="https://github.com/openai/openai-python/commit/cfdb1676ea0550840330a58f1a31a40a41a0a53f">cfdb167</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> skip lint on metadata-only changes (<a href="https://github.com/openai/openai-python/commit/faa93e19a1d5c30c7dd672a08dbbdbb3c0374714">faa93e1</a>)</li> <li><strong>internal:</strong> update gitignore (<a href="https://github.com/openai/openai-python/commit/c468477f1546579618865a726e35a685cffeacd9">c468477</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.4 (<a href="https://github.com/openai/openai-python/commit/f350af86c13ade0237778010d264c55fda443354">f350af8</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.5 (<a href="https://github.com/openai/openai-python/commit/5c0340128fc1a416e2dfdc6ab4b05f1e954e8482">5c03401</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.6 (<a href="https://github.com/openai/openai-python/commit/b6353b8411d31dcc95875d801ce9e90a21e0fd52">b6353b8</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.7 (<a href="https://github.com/openai/openai-python/commit/1d654bea74ac9c3d43302587f98f33cfff502e48">1d654be</a>)</li> </ul> <h3>Refactors</h3> <ul> <li><strong>tests:</strong> switch from prism to steady (<a href="https://github.com/openai/openai-python/commit/4a82035669b739d16a0e85d4ded778d51e061948">4a82035</a>)</li> </ul> <h2>2.29.0 (2026-03-17)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.28.0...v2.29.0">v2.28.0...v2.29.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> 5.4 nano and mini model slugs (<a href="https://github.com/openai/openai-python/commit/3b456661f77ca3196aceb5ab3350664a63481114">3b45666</a>)</li> <li><strong>api:</strong> add /v1/videos endpoint to batches create method (<a href="https://github.com/openai/openai-python/commit/c0e7a161a996854021e9eb69ea2a60ca0d08047f">c0e7a16</a>)</li> <li><strong>api:</strong> add defer_loading field to ToolFunction (<a href="https://github.com/openai/openai-python/commit/3167595432bdda2f90721901d30ad316db49323e">3167595</a>)</li> <li><strong>api:</strong> add in and nin operators to ComparisonFilter type (<a href="https://github.com/openai/openai-python/commit/664f02b051af84e1ca3fa313981ec72fdea269b3">664f02b</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump minimum typing-extensions version (<a href="https://github.com/openai/openai-python/commit/a2fb2ca55142c6658a18be7bd1392a01f5a83f35">a2fb2ca</a>)</li> <li><strong>pydantic:</strong> do not pass <code>by_alias</code> unless set (<a href="https://github.com/openai/openai-python/commit/8ebe8fbcb011c6a005a715cae50c6400a8596ee0">8ebe8fb</a>)</li> </ul> <h3>Chores</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openai/openai-python/commit/5ae2cc10e4140d36aa236fa7c0bc5ce5ff190a01"><code>5ae2cc1</code></a> release: 2.30.0</li> <li><a href="https://github.com/openai/openai-python/commit/6e772ae791759b25de83313614e0fb26eba895b7"><code>6e772ae</code></a> fix(api): align SDK response types with expanded item schemas</li> <li><a href="https://github.com/openai/openai-python/commit/cd72fba37866bfdddd4a84420afe2ff397279582"><code>cd72fba</code></a> feat(api): add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions</li> <li><a href="https://github.com/openai/openai-python/commit/4f43fe371037415ace13981a277917366b6fc24e"><code>4f43fe3</code></a> chore(tests): bump steady to v0.19.7</li> <li><a href="https://github.com/openai/openai-python/commit/23bc02703bbb9497eadd5d56497d5d6954372a62"><code>23bc027</code></a> chore(ci): skip lint on metadata-only changes</li> <li><a href="https://github.com/openai/openai-python/commit/e3c59bf1ac8533a1be831a6d166f9f7abeabf8e0"><code>e3c59bf</code></a> chore(tests): bump steady to v0.19.6</li> <li><a href="https://github.com/openai/openai-python/commit/56ad9ca089394e535d7df52fe48d544e54086ddc"><code>56ad9ca</code></a> fix(types): make type required in ResponseInputMessageItem</li> <li><a href="https://github.com/openai/openai-python/commit/78c764bdf483a0c48789bfdefe6299830d5abde0"><code>78c764b</code></a> chore(internal): update gitignore</li> <li><a href="https://github.com/openai/openai-python/commit/634b74edd4aaa07a74f9ee30241410d61624264f"><code>634b74e</code></a> chore(tests): bump steady to v0.19.5</li> <li><a href="https://github.com/openai/openai-python/commit/c8c9508899b2119cc69e006403d09cbad7f616e4"><code>c8c9508</code></a> chore(tests): bump steady to v0.19.4</li> <li>Additional commits viewable in <a href="https://github.com/openai/openai-python/compare/v2.24.0...v2.30.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d40334f07 |
Bump langchain-core from 1.2.22 to 1.2.23 (#887)
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.22 to 1.2.23. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-core's releases</a>.</em></p> <blockquote> <h2>langchain-core==1.2.23</h2> <p>Changes since langchain-core==1.2.22</p> <p>release(core): 1.2.23 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36323">#36323</a>) revert: Revert "fix(core): trace invocation params in metadata" (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36322">#36322</a>) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36243">#36243</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/d48364130dfc4ef2e8a751453d2045243c22b388"><code>d483641</code></a> release(core): 1.2.23 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36323">#36323</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/389f7ad1bc15123b8b901e61d0a1785b0a14815f"><code>389f7ad</code></a> revert: Revert "fix(core): trace invocation params in metadata" (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36322">#36322</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/475408fa620996e1958d18a0789ed5bf9fdee054"><code>475408f</code></a> fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_count...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/1545dbfa174c4dcf1d9a8618da59df480b33e235"><code>1545dbf</code></a> chore(langchain): remove unnecessary description for toods list as a group (#...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/494b760028dfedddc1b91ad79f80a05d393d277e"><code>494b760</code></a> fix(chroma): fix Python 3.14 support in langchain-chroma (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36199">#36199</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/c7a677bba511d7f3f5c36f9384ae6ba150866e04"><code>c7a677b</code></a> chore(langchain): add async implementation to todolist and test (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36313">#36313</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/03515881176fddba919e3592e0a41cbc9806fdb8"><code>0351588</code></a> chore: harden language in ci (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36314">#36314</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/954a23094d15b91ae2137cbfabd3870cb8853a5e"><code>954a230</code></a> chore(langchain): speed up todo list middleware init (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36311">#36311</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/89cd0caa54d541e33ae87224c8e277bcbb026020"><code>89cd0ca</code></a> docs: fix grammatical error in development guidelines (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36225">#36225</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/2aeeb58ef11e74ab98f869d6ae5c2ae04721be06"><code>2aeeb58</code></a> chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36243">#36243</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.22...langchain-core==1.2.23">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ffd3ec1e4b |
Bump pytest-cov from 4.1.0 to 7.1.0 (#881)
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 7.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst">pytest-cov's changelog</a>.</em></p> <blockquote> <h2>7.1.0 (2026-03-21)</h2> <ul> <li> <p>Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See <code>[#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641></code>_.</p> </li> <li> <p>Improve handling of ResourceWarning from sqlite3.</p> <p>The plugin adds warning filter for sqlite3 <code>ResourceWarning</code> unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.</p> <p>With this fix one can suppress <code>ResourceWarning</code> from sqlite3 from command line::</p> <p>pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...</p> </li> <li> <p>Various improvements to documentation. Contributed by Art Pelling in <code>[#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718></code>_ and "vivodi" in <code>[#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738></code><em>. Also closed <code>[#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736></code></em>.</p> </li> <li> <p>Fixed some assertions in tests. Contributed by in Markéta Machová in <code>[#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722></code>_.</p> </li> <li> <p>Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).</p> </li> </ul> <h2>7.0.0 (2025-09-09)</h2> <ul> <li> <p>Dropped support for subprocesses measurement.</p> <p>It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a <code>.pth</code> file, there was no way to opt-out and it created bad interations with <code>coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch></code>_ added in <code>7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24></code>_.</p> <p>To migrate to this release you might need to enable the suprocess patch, example for <code>.coveragerc</code>:</p> <p>.. code-block:: ini</p> <p>[run] patch = subprocess</p> <p>This release also requires at least coverage 7.10.6.</p> </li> <li> <p>Switched packaging to have metadata completely in <code>pyproject.toml</code> and use <code>hatchling <https://pypi.org/project/hatchling/></code>_ for building. Contributed by Ofek Lev in <code>[#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551></code>_ with some extras in <code>[#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716></code>_.</p> </li> <li> <p>Removed some not really necessary testing deps like <code>six</code>.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622"><code>66c8a52</code></a> Bump version: 7.0.0 → 7.1.0</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e"><code>f707662</code></a> Make the examples use pypy 3.11.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672"><code>6049a78</code></a> Make context test use the old ctracer (seems the new sysmon tracer behaves di...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b"><code>8ebf20b</code></a> Update changelog.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9"><code>861d30e</code></a> Remove the backup context manager - shouldn't be needed since coverage 5.0, ...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f"><code>fd4c956</code></a> Pass the precision on the nulled total (seems that there's some caching goion...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6"><code>78c9c4e</code></a> Only run the 3.9 on older deps.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc"><code>4849a92</code></a> Punctuation.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7"><code>197c35e</code></a> Update changelog and hopefully I don't forget to publish release again :))</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f"><code>14dc1c9</code></a> Update examples to use 3.11 and make the adhoc layout example look a bit more...</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest-cov/compare/v4.1.0...v7.1.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c7331426ad |
Bump langchain-core from 1.2.19 to 1.2.22 in the pip group across 1 directory (#886)
Bumps the pip group with 1 update in the / directory: [langchain-core](https://github.com/langchain-ai/langchain). Updates `langchain-core` from 1.2.19 to 1.2.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-core's releases</a>.</em></p> <blockquote> <h2>langchain-core==1.2.22</h2> <p>Changes since langchain-core==1.2.21</p> <p>release(core): 1.2.22 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36201">#36201</a>) fix(core): validate paths in <code>prompt.save</code> and <code>load_prompt</code>, deprecate methods (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36200">#36200</a>)</p> <h2>langchain-core==1.2.21</h2> <p>Changes since langchain-core==1.2.20</p> <p>release(core): 1.2.21 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36179">#36179</a>) fix(core,model-profiles): add missing <code>ModelProfile</code> fields, warn on schema drift (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36129">#36129</a>) chore(core): remove stale blockbuster allowlist for deleted context module (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36168">#36168</a>) ci: suppress pytest streaming output in CI (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36092">#36092</a>)</p> <h2>langchain-core==1.2.20</h2> <p>Changes since langchain-core==1.2.19</p> <p>release(core): 1.2.20 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36085">#36085</a>) fix(core): trace invocation params in metadata (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36080">#36080</a>) feat: Add LangSmith integration metadata to create_agent and init_chat_model (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35810">#35810</a>) feat(core): harden anti-ssrf (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35960">#35960</a>) ci: avoid unnecessary dep installs in lint targets (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36046">#36046</a>) docs(core): document <code>base_url</code> in mermaid api (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35961">#35961</a>) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35805">#35805</a>) chore: housekeeping (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35850">#35850</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/d22df94537e4267f72dc1bbfc8e3849baf20d9f7"><code>d22df94</code></a> release(core): 1.2.22 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36201">#36201</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c"><code>27add91</code></a> fix(core): validate paths in <code>prompt.save</code> and <code>load_prompt</code>, deprecate metho...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/7563fceb40ce31165524f3f57ec65e487c02b1a7"><code>7563fce</code></a> chore(model-profiles): refresh model profile data (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36195">#36195</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/3e64c255b84b283b3a65216b19b9838734258c96"><code>3e64c25</code></a> chore: use repo permissions instead of org membership for maintainer override...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/1778b082ecd64a9dedd48674d874ca1bfcbe4c7d"><code>1778b08</code></a> chore(partners): bump <code>langchain-core</code> min to <code>1.2.21</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36183">#36183</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/ad574fce0d52740c249b0db7bde871d779ffb93d"><code>ad574fc</code></a> fix(openai): bump min core version (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36180">#36180</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/19f81cf6f1d73f7adf156491ba0617497a526b8c"><code>19f81cf</code></a> release(core): 1.2.21 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36179">#36179</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/6d07ef28a7023dc7b832fe52862f7a6fc0a187f3"><code>6d07ef2</code></a> release(openai): 1.1.12 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36178">#36178</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/2f64d80cc65091985873c339ca76a59af7baf739"><code>2f64d80</code></a> fix(core,model-profiles): add missing <code>ModelProfile</code> fields, warn on schema d...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/5ffece5c033365baf4a3df52ffed5c6bfbed27ee"><code>5ffece5</code></a> chore(core): remove stale blockbuster allowlist for deleted context module (#...</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.19...langchain-core==1.2.22">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1f35a9186a |
Bump the npm_and_yarn group across 2 directories with 1 update (#885)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [brace-expansion](https://github.com/juliangruber/brace-expansion). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `brace-expansion` from 1.1.12 to 1.1.13 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13">compare view</a></li> </ul> </details> <br /> Updates `brace-expansion` from 1.1.12 to 1.1.13 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3436a68908 |
Bump orjson from 3.11.6 to 3.11.7 (#880)
Bumps [orjson](https://github.com/ijl/orjson) from 3.11.6 to 3.11.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.7</h2> <h3>Changed</h3> <ul> <li>Use a faster library to serialize <code>float</code>. Users with byte-exact regression tests should note positive exponents are now written using a <code>+</code>, e.g., <code>1.2e+30</code> instead of <code>1.2e30</code>. Both formats are spec-compliant.</li> <li>ABI compatibility with CPython 3.15 alpha 5 free-threading.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.7 - 2026-02-02</h2> <h3>Changed</h3> <ul> <li>Use a faster library to serialize <code>float</code>. Users with byte-exact regression tests should note positive exponents are now written using a <code>+</code>, e.g., <code>1.2e+30</code> instead of <code>1.2e30</code>. Both formats are spec-compliant.</li> <li>ABI compatibility with CPython 3.15 alpha 5 free-threading.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/ec2b066cae79ae4a90ed126ac5723335dd99e408"><code>ec2b066</code></a> 3.11.7</li> <li><a href="https://github.com/ijl/orjson/commit/1ca01f78cf4198ec37407d83713afa6e5c53dbf9"><code>1ca01f7</code></a> zmij</li> <li><a href="https://github.com/ijl/orjson/commit/1716a226bd1f38db01503f30cd37b0efec48d88e"><code>1716a22</code></a> cargo update</li> <li>See full diff in <a href="https://github.com/ijl/orjson/compare/3.11.6...3.11.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
671371df0f |
Bump pytest from 8.4.2 to 9.0.2 (#879)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.2 to 9.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.2</h2> <h1>pytest 9.0.2 (2025-12-06)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13896">#13896</a>: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.</p> <p>You may enable it again by passing <code>-p terminalprogress</code>. We may enable it by default again once compatibility improves in the future.</p> <p>Additionally, when the environment variable <code>TERM</code> is <code>dumb</code>, the escape codes are no longer emitted, even if the plugin is enabled.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13904">#13904</a>: Fixed the TOML type of the <code>tmp_path_retention_count</code> settings in the API reference from number to string.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>: The private <code>config.inicfg</code> attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13965">#13965</a>: Fixed quadratic-time behavior when handling <code>unittest</code> subtests in Python 3.10.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/4492">#4492</a>: The API Reference now contains cross-reference-able documentation of <code>pytest's command-line flags <command-line-flags></code>.</li> </ul> <h2>9.0.1</h2> <h1>pytest 9.0.1 (2025-11-12)</h1> <h2>Bug fixes</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13895">#13895</a>: Restore support for skipping tests via <code>raise unittest.SkipTest</code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13896">#13896</a>: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13904">#13904</a>: Fixed the TOML type of the verbosity settings in the API reference from number to string.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13910">#13910</a>: Fixed <!-- raw HTML omitted -->UserWarning: Do not expect file_or_dir<!-- raw HTML omitted --> on some earlier Python 3.12 and 3.13 point versions.</li> </ul> <h2>Packaging updates and notes for downstreams</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13933">#13933</a>: The tox configuration has been adjusted to make sure the desired version string can be passed into its <code>package_env</code> through the <code>SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST</code> environment variable as a part of the release process -- by <code>webknjaz</code>.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13891">#13891</a>, <a href="https://redirect.github.com/pytest-dev/pytest/issues/13942">#13942</a>: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by <code>bluetech</code> and <code>webknjaz</code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13933">#13933</a>: The tox configuration has been adjusted to make sure the desired version string can be passed into its <code>package_env</code> through the <code>SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST</code> environment variable as a part of the release process -- by <code>webknjaz</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/3d10b5148e03eb82b3ee29181dbdc73cf82699e2"><code>3d10b51</code></a> Prepare release version 9.0.2</li> <li><a href="https://github.com/pytest-dev/pytest/commit/188750b725add8c3400eee6fbb6b80559c296d69"><code>188750b</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14030">#14030</a> from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/b7d7bef90cb9a6db8ac1d3dd5b9ae0eb9abd6c58"><code>b7d7bef</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14014">#14014</a> from bluetech/compat-note</li> <li><a href="https://github.com/pytest-dev/pytest/commit/bd08e85ac76614ff5ca9ae338aee8d8b06c8fae0"><code>bd08e85</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14013">#14013</a> from pytest-dev/patchback/backports/9.0.x/922b60377...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/bc783862991241c442c9f9c068e51737ec15ea10"><code>bc78386</code></a> Add CLI options reference documentation (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13930">#13930</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/5a4e398ce89bc23d2cf3fd98c042fdffb6fa8afa"><code>5a4e398</code></a> Fix docs typo (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14005">#14005</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14008">#14008</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/d7ae6df394398168bf9d926f803c26849c8f07ee"><code>d7ae6df</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14006">#14006</a> from pytest-dev/maintenance/update-plugin-list-tmpl...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/556f6a22e12d13d1ffeceaf64424eb95d5e0fb87"><code>556f6a2</code></a> pre-commit: fix rst-lint after new release (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13999">#13999</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14001">#14001</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c60fbe63a26f64a42738e3f3527a8f79024fdf50"><code>c60fbe6</code></a> Fix quadratic-time behavior when handling <code>unittest</code> subtests in Python 3.10 ...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/73d9b011183d9a1c4a7007c1119d97a6e627788e"><code>73d9b01</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13995">#13995</a> from nicoddemus/patchback/backports/9.0.x/1b5200c0f...</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.4.2...9.0.2">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
42696df0d2 |
Bump the npm_and_yarn group across 3 directories with 1 update (#883)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [picomatch](https://github.com/micromatch/picomatch). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [picomatch](https://github.com/micromatch/picomatch). Bumps the npm_and_yarn group with 1 update in the /libs/langserve-playground directory: [picomatch](https://github.com/micromatch/picomatch). Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 4.0.3 to 4.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
57503807b7 |
Bump requests from 2.32.5 to 2.33.0 in the pip group across 1 directory (#882)
Bumps the pip group with 1 update in the / directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.5 to 2.33.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761"><code>bc04dfd</code></a> v2.33.0</li> <li><a href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"><code>66d21cb</code></a> Merge commit from fork</li> <li><a href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028"><code>8b9bc8f</code></a> Move badges to top of README (<a href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li> <li><a href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286"><code>e331a28</code></a> Remove unused extraction call (<a href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li> <li><a href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29"><code>753fd08</code></a> docs: fix FAQ grammar in httplib2 example</li> <li><a href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71"><code>774a0b8</code></a> docs(socks): same block as other sections</li> <li><a href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303"><code>9c72a41</code></a> Bump github/codeql-action from 4.33.0 to 4.34.1</li> <li><a href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be"><code>ebf7190</code></a> Bump github/codeql-action from 4.32.0 to 4.33.0</li> <li><a href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798"><code>0e4ae38</code></a> docs: exclude Response.is_permanent_redirect from API docs (<a href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li> <li><a href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a"><code>d568f47</code></a> docs: clarify Quickstart POST example (<a href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b19fa6640a |
Bump uvicorn from 0.39.0 to 0.42.0 (#878)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.39.0 to 0.42.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p> <blockquote> <h2>Version 0.42.0</h2> <h2>Changed</h2> <ul> <li>Use <code>bytearray</code> for request body accumulation to avoid O(n^2) allocation on fragmented bodies (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2845">#2845</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Escape brackets and backslash in httptools <code>HEADER_RE</code> regex (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2824">#2824</a>)</li> <li>Fix multiple issues in websockets sans-io implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2825">#2825</a>)</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bysiber"><code>@bysiber</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2825">Kludex/uvicorn#2825</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0">https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0</a></p> <h2>Version 0.41.0</h2> <h2>Added</h2> <ul> <li>Add <code>--limit-max-requests-jitter</code> to stagger worker restarts (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2707">#2707</a>)</li> <li>Add socket path to <code>scope["server"]</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2561">#2561</a>)</li> </ul> <h2>Changed</h2> <ul> <li>Rename <code>LifespanOn.error_occured</code> to <code>error_occurred</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2776">#2776</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Ignore permission denied errors in watchfiles reloader (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2817">#2817</a>)</li> <li>Ensure lifespan shutdown runs when <code>should_exit</code> is set during startup (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2812">#2812</a>)</li> <li>Reduce the log level of 'request limit exceeded' messages (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2788">#2788</a>)</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/t-kawasumi"><code>@t-kawasumi</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2776">Kludex/uvicorn#2776</a></li> <li><a href="https://github.com/fardyn"><code>@fardyn</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2800">Kludex/uvicorn#2800</a></li> <li><a href="https://github.com/ewie"><code>@ewie</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2807">Kludex/uvicorn#2807</a></li> <li><a href="https://github.com/shevron"><code>@shevron</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2788">Kludex/uvicorn#2788</a></li> <li><a href="https://github.com/jonashaag"><code>@jonashaag</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2707">Kludex/uvicorn#2707</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.40.0...0.41.0">https://github.com/Kludex/uvicorn/compare/0.40.0...0.41.0</a></p> <h2>Version 0.40.0</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p> <blockquote> <h2>0.42.0 (March 16, 2026)</h2> <h3>Changed</h3> <ul> <li>Use <code>bytearray</code> for request body accumulation to avoid O(n^2) allocation on fragmented bodies (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2845">#2845</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Escape brackets and backslash in httptools <code>HEADER_RE</code> regex (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2824">#2824</a>)</li> <li>Fix multiple issues in websockets sans-io implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2825">#2825</a>)</li> </ul> <h2>0.41.0 (February 16, 2026)</h2> <h3>Added</h3> <ul> <li>Add <code>--limit-max-requests-jitter</code> to stagger worker restarts (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2707">#2707</a>)</li> <li>Add socket path to <code>scope["server"]</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2561">#2561</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Rename <code>LifespanOn.error_occured</code> to <code>error_occurred</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2776">#2776</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Ignore permission denied errors in watchfiles reloader (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2817">#2817</a>)</li> <li>Ensure lifespan shutdown runs when <code>should_exit</code> is set during startup (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2812">#2812</a>)</li> <li>Reduce the log level of 'request limit exceeded' messages (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2788">#2788</a>)</li> </ul> <h2>0.40.0 (December 21, 2025)</h2> <h3>Remove</h3> <ul> <li>Drop support for Python 3.9 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2772">#2772</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/uvicorn/commit/02bed6f8c38e74f684bb0e572977a9bfdc1f6fea"><code>02bed6f</code></a> Version 0.42.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2852">#2852</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/d8f25013161d8206e129e39bf48432d3a85e1744"><code>d8f2501</code></a> chore: pre-create Config objects in benchmarks to measure protocol hot paths ...</li> <li><a href="https://github.com/Kludex/uvicorn/commit/9dbb7836bb0fdb446d083ecd8dc5a2a95bb96b98"><code>9dbb783</code></a> Add WebSocket protocol benchmarks for wsproto and websockets-sansio (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2849">#2849</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/b3c69da8c1a36e1834e614abe38243671e156077"><code>b3c69da</code></a> Use bytearray for request body accumulation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2845">#2845</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/3f3ebee20f46504a3f7279dd72f9c24ce9070b11"><code>3f3ebee</code></a> Disable <code>pytest-xdist</code> for CodSpeed benchmark runs (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2847">#2847</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/d072de754f825bee4710363dd49d41efd5285dcc"><code>d072de7</code></a> Add fragmented body benchmark for chunked body accumulation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2846">#2846</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/e300c2c75d71bea6f8d1799ca6f182f1e5583aaa"><code>e300c2c</code></a> Add CodSpeed benchmark suite for HTTP protocol hot paths (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2844">#2844</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/1fa697651bacf10d72f74de104ead814ce6fcdc0"><code>1fa6976</code></a> Escape brackets and backslash in httptools HEADER_RE regex (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2824">#2824</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/59ec1de7a4f07afbd139812f033f3af8b784de74"><code>59ec1de</code></a> Fix multiple issues in websockets sansio implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2825">#2825</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/2fc0efcdd958abd3adbe6ea19682408d6b2e1b18"><code>2fc0efc</code></a> Clarify Windows asyncio event loop selection in docs (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2843">#2843</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/uvicorn/compare/0.39.0...0.42.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c4d5b8ad2a |
Bump the npm_and_yarn group across 2 directories with 1 update (#877)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [flatted](https://github.com/WebReflection/flatted). Updates `flatted` from 3.4.1 to 3.4.2 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li>See full diff in <a href="https://github.com/WebReflection/flatted/compare/v3.4.1...v3.4.2">compare view</a></li> </ul> </details> <br /> Updates `flatted` from 3.4.1 to 3.4.2 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li>See full diff in <a href="https://github.com/WebReflection/flatted/compare/v3.4.1...v3.4.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b3cb77a649 |
Bump codespell from 2.4.1 to 2.4.2 (#876)
Bumps [codespell](https://github.com/codespell-project/codespell) from 2.4.1 to 2.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codespell-project/codespell/releases">codespell's releases</a>.</em></p> <blockquote> <h2>v2.4.2</h2> <!-- raw HTML omitted --> <h2>Highlights</h2> <ul> <li>Fixed compatibility with chardet 7+</li> </ul> <h2>What's Changed</h2> <ul> <li>Fix and clarify cases in ignore patterns by <a href="https://github.com/DanielYang59"><code>@DanielYang59</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3583">codespell-project/codespell#3583</a></li> <li>codespell-private.yml: Do not codespell digital signature files by <a href="https://github.com/cclauss"><code>@cclauss</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3623">codespell-project/codespell#3623</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/codespell-project/codespell/pull/3634">codespell-project/codespell#3634</a></li> <li>numbes->numbers and numbesr->numbers by <a href="https://github.com/skshetry"><code>@skshetry</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3635">codespell-project/codespell#3635</a></li> <li>Add spelling corrections for disclose and variables. by <a href="https://github.com/cfi-gb"><code>@cfi-gb</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3622">codespell-project/codespell#3622</a></li> <li>Add spelling correction for Vulnererability and variants. by <a href="https://github.com/cfi-gb"><code>@cfi-gb</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3625">codespell-project/codespell#3625</a></li> <li>Remove lets->let's by <a href="https://github.com/Piedone"><code>@Piedone</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3633">codespell-project/codespell#3633</a></li> <li>Add corrections for "dictate" by <a href="https://github.com/jdufresne"><code>@jdufresne</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3636">codespell-project/codespell#3636</a></li> <li>Add specicification (and pl) typo by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3639">codespell-project/codespell#3639</a></li> <li>Remove "blueish" correction by <a href="https://github.com/hadess"><code>@hadess</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3510">codespell-project/codespell#3510</a></li> <li>Add "lighting" as an option to fix "lighning" by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3648">codespell-project/codespell#3648</a></li> <li>Revert adding <code>lien</code> to the rare dictionary by <a href="https://github.com/nikolaik"><code>@nikolaik</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3631">codespell-project/codespell#3631</a></li> <li>"ane" could have been "one" by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3645">codespell-project/codespell#3645</a></li> <li>Add spelling correction for "priort" by <a href="https://github.com/cfi-gb"><code>@cfi-gb</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3647">codespell-project/codespell#3647</a></li> <li>Remove "fix" of "deques" - it is quite legit by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3649">codespell-project/codespell#3649</a></li> <li>Several new suggestions by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3621">codespell-project/codespell#3621</a></li> <li>Add proposal constraints to containts by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3652">codespell-project/codespell#3652</a></li> <li>Additions dleay,infp,practive,utiliy by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3643">codespell-project/codespell#3643</a></li> <li>Add calncelled and its variations by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3650">codespell-project/codespell#3650</a></li> <li>Use raw strings for regex by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3654">codespell-project/codespell#3654</a></li> <li>Allow multiple spaces before codespell:ignore by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3653">codespell-project/codespell#3653</a></li> <li>Added correction from <code>timeour</code> to <code>timeout</code> by <a href="https://github.com/jamesbraza"><code>@jamesbraza</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3656">codespell-project/codespell#3656</a></li> <li>Add typos found in various software projects by <a href="https://github.com/luzpaz"><code>@luzpaz</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3640">codespell-project/codespell#3640</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/codespell-project/codespell/pull/3659">codespell-project/codespell#3659</a></li> <li>Add codespell suggestions for enabke and friends by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3657">codespell-project/codespell#3657</a></li> <li>END: add "queues" (plural from queue) as possible fix for ques by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3591">codespell-project/codespell#3591</a></li> <li>agreegate, lesda, realod, colouer by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3665">codespell-project/codespell#3665</a></li> <li>Update pre-commit version in documentation by <a href="https://github.com/prchoward"><code>@prchoward</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3666">codespell-project/codespell#3666</a></li> <li>MAINT: Rename CI file and run name by <a href="https://github.com/larsoner"><code>@larsoner</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3667">codespell-project/codespell#3667</a></li> <li>preoccuption->preoccupation; occuption->occupation by <a href="https://github.com/TheGiraffe3"><code>@TheGiraffe3</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3668">codespell-project/codespell#3668</a></li> <li>Suggestions for: checkto, diminsion, waitfor by <a href="https://github.com/mdeweerd"><code>@mdeweerd</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3670">codespell-project/codespell#3670</a></li> <li>Typos found in sigstore-python by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3664">codespell-project/codespell#3664</a></li> <li>usgin->using by <a href="https://github.com/ydah"><code>@ydah</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3672">codespell-project/codespell#3672</a></li> <li>Add typos found in various software projects by <a href="https://github.com/luzpaz"><code>@luzpaz</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3669">codespell-project/codespell#3669</a></li> <li>Add coered -> coerced by <a href="https://github.com/effigies"><code>@effigies</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3680">codespell-project/codespell#3680</a></li> <li>backwward(s)->backward(s), onwward(s)->onward(s) by <a href="https://github.com/cjwatson"><code>@cjwatson</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3682">codespell-project/codespell#3682</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/codespell-project/codespell/pull/3685">codespell-project/codespell#3685</a></li> <li>telemetery->telemetry by <a href="https://github.com/august-soderberg"><code>@august-soderberg</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3686">codespell-project/codespell#3686</a></li> <li>Add hexedacimal and similar typos by <a href="https://github.com/Akuli"><code>@Akuli</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3692">codespell-project/codespell#3692</a></li> <li>Add rounted->routed, rounded and friends by <a href="https://github.com/peternewman"><code>@peternewman</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3693">codespell-project/codespell#3693</a></li> <li>Add symmectric and similar typos by <a href="https://github.com/Akuli"><code>@Akuli</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3694">codespell-project/codespell#3694</a></li> <li>Fix CI on Windows: pip upgrade pip by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/codespell-project/codespell/pull/3698">codespell-project/codespell#3698</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/codespell-project/codespell/commit/2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a"><code>2ccb47f</code></a> Compat with chardet 7 (<a href="https://redirect.github.com/codespell-project/codespell/issues/3886">#3886</a>)</li> <li><a href="https://github.com/codespell-project/codespell/commit/4ec53bf6a3e510c64900d5ee838abd99d49b2910"><code>4ec53bf</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/codespell-project/codespell/commit/2a4acba3f282f1b5ccb7ad8b57bc991810663a44"><code>2a4acba</code></a> Bump actions/download-artifact from 7 to 8</li> <li><a href="https://github.com/codespell-project/codespell/commit/be17cacc96a5ee3f014e048f5962cfdb7145e096"><code>be17cac</code></a> Bump actions/upload-artifact from 6 to 7</li> <li><a href="https://github.com/codespell-project/codespell/commit/04a071280d56148cab14249ccc8d4181c0066b3c"><code>04a0712</code></a> Bump ruff (<a href="https://redirect.github.com/codespell-project/codespell/issues/3879">#3879</a>)</li> <li><a href="https://github.com/codespell-project/codespell/commit/583d8796d92eb58e15072db03e5b756be45f638a"><code>583d879</code></a> avoide->avoid, avoided, avoids,</li> <li><a href="https://github.com/codespell-project/codespell/commit/1f59f34d7c6d1642fdb325d9dfa49cf9eb5f692a"><code>1f59f34</code></a> Add correction for 'foudation' to 'foundation'</li> <li><a href="https://github.com/codespell-project/codespell/commit/e047fdafb8620b08a86349014487886bcd9c2205"><code>e047fda</code></a> Add spelling correction for gather and variants.</li> <li><a href="https://github.com/codespell-project/codespell/commit/b5cd66de14b8f65b0f45fabbe1c89bd69ea60939"><code>b5cd66d</code></a> respondant->respondent</li> <li><a href="https://github.com/codespell-project/codespell/commit/92125a3814fa6e86cd2055385916ce5186d3e5df"><code>92125a3</code></a> Add detection of ivoice and variants.</li> <li>Additional commits viewable in <a href="https://github.com/codespell-project/codespell/compare/v2.4.1...v2.4.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
58a7c24429 |
Bump ruff from 0.15.0 to 0.15.6 (#872)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.0 to 0.15.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.15.6</h2> <h2>Release Notes</h2> <p>Released on 2026-03-12.</p> <h3>Preview features</h3> <ul> <li>Add support for <code>lazy</code> import parsing (<a href="https://redirect.github.com/astral-sh/ruff/pull/23755">#23755</a>)</li> <li>Add support for star-unpacking of comprehensions (PEP 798) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23788">#23788</a>)</li> <li>Reject semantic syntax errors for lazy imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23757">#23757</a>)</li> <li>Drop a few rules from the preview default set (<a href="https://redirect.github.com/astral-sh/ruff/pull/23879">#23879</a>)</li> <li>[<code>airflow</code>] Flag <code>Variable.get()</code> calls outside of task execution context (<code>AIR003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23584">#23584</a>)</li> <li>[<code>airflow</code>] Flag runtime-varying values in DAG/task constructor arguments (<code>AIR304</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23631">#23631</a>)</li> <li>[<code>flake8-bugbear</code>] Implement <code>delattr-with-constant</code> (<code>B043</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23737">#23737</a>)</li> <li>[<code>flake8-tidy-imports</code>] Add <code>TID254</code> to enforce lazy imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23777">#23777</a>)</li> <li>[<code>flake8-tidy-imports</code>] Allow users to ban lazy imports with <code>TID254</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23847">#23847</a>)</li> <li>[<code>isort</code>] Retain <code>lazy</code> keyword when sorting imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23762">#23762</a>)</li> <li>[<code>pyupgrade</code>] Add <code>from __future__ import annotations</code> automatically (<code>UP006</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23260">#23260</a>)</li> <li>[<code>refurb</code>] Support <code>newline</code> parameter in <code>FURB101</code> for Python 3.13+ (<a href="https://redirect.github.com/astral-sh/ruff/pull/23754">#23754</a>)</li> <li>[<code>ruff</code>] Add <code>os-path-commonprefix</code> (<code>RUF071</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23814">#23814</a>)</li> <li>[<code>ruff</code>] Add unsafe fix for os-path-commonprefix (<code>RUF071</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23852">#23852</a>)</li> <li>[<code>ruff</code>] Limit <code>RUF036</code> to typing contexts; make it unsafe for non-typing-only (<a href="https://redirect.github.com/astral-sh/ruff/pull/23765">#23765</a>)</li> <li>[<code>ruff</code>] Use starred unpacking for <code>RUF017</code> in Python 3.15+ (<a href="https://redirect.github.com/astral-sh/ruff/pull/23789">#23789</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Fix <code>--add-noqa</code> creating unwanted leading whitespace (<a href="https://redirect.github.com/astral-sh/ruff/pull/23773">#23773</a>)</li> <li>Fix <code>--add-noqa</code> breaking shebangs (<a href="https://redirect.github.com/astral-sh/ruff/pull/23577">#23577</a>)</li> <li>[formatter] Fix lambda body formatting for multiline calls and subscripts (<a href="https://redirect.github.com/astral-sh/ruff/pull/23866">#23866</a>)</li> <li>[formatter] Preserve required annotation parentheses in annotated assignments (<a href="https://redirect.github.com/astral-sh/ruff/pull/23865">#23865</a>)</li> <li>[formatter] Preserve type-expression parentheses in the formatter (<a href="https://redirect.github.com/astral-sh/ruff/pull/23867">#23867</a>)</li> <li>[<code>flake8-annotations</code>] Fix stack overflow in <code>ANN401</code> on quoted annotations with escape sequences (<a href="https://redirect.github.com/astral-sh/ruff/pull/23912">#23912</a>)</li> <li>[<code>pep8-naming</code>] Check naming conventions in <code>match</code> pattern bindings (<code>N806</code>, <code>N815</code>, <code>N816</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23899">#23899</a>)</li> <li>[<code>perflint</code>] Fix comment duplication in fixes (<code>PERF401</code>, <code>PERF403</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23729">#23729</a>)</li> <li>[<code>pyupgrade</code>] Properly trigger <code>super</code> change in nested class (<code>UP008</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/22677">#22677</a>)</li> <li>[<code>ruff</code>] Avoid syntax errors in <code>RUF036</code> fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/23764">#23764</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-bandit</code>] Flag <code>S501</code> with <code>requests.request</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23873">#23873</a>)</li> <li>[<code>flake8-executable</code>] Fix WSL detection in non-Docker containers (<a href="https://redirect.github.com/astral-sh/ruff/pull/22879">#22879</a>)</li> <li>[<code>flake8-print</code>] Ignore <code>pprint</code> calls with <code>stream=</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23787">#23787</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Update docs for Markdown code block formatting (<a href="https://redirect.github.com/astral-sh/ruff/pull/23871">#23871</a>)</li> <li>[<code>flake8-bugbear</code>] Fix misleading description for <code>B904</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23731">#23731</a>)</li> </ul> <h3>Contributors</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.15.6</h2> <p>Released on 2026-03-12.</p> <h3>Preview features</h3> <ul> <li>Add support for <code>lazy</code> import parsing (<a href="https://redirect.github.com/astral-sh/ruff/pull/23755">#23755</a>)</li> <li>Add support for star-unpacking of comprehensions (PEP 798) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23788">#23788</a>)</li> <li>Reject semantic syntax errors for lazy imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23757">#23757</a>)</li> <li>Drop a few rules from the preview default set (<a href="https://redirect.github.com/astral-sh/ruff/pull/23879">#23879</a>)</li> <li>[<code>airflow</code>] Flag <code>Variable.get()</code> calls outside of task execution context (<code>AIR003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23584">#23584</a>)</li> <li>[<code>airflow</code>] Flag runtime-varying values in DAG/task constructor arguments (<code>AIR304</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23631">#23631</a>)</li> <li>[<code>flake8-bugbear</code>] Implement <code>delattr-with-constant</code> (<code>B043</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23737">#23737</a>)</li> <li>[<code>flake8-tidy-imports</code>] Add <code>TID254</code> to enforce lazy imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23777">#23777</a>)</li> <li>[<code>flake8-tidy-imports</code>] Allow users to ban lazy imports with <code>TID254</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23847">#23847</a>)</li> <li>[<code>isort</code>] Retain <code>lazy</code> keyword when sorting imports (<a href="https://redirect.github.com/astral-sh/ruff/pull/23762">#23762</a>)</li> <li>[<code>pyupgrade</code>] Add <code>from __future__ import annotations</code> automatically (<code>UP006</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23260">#23260</a>)</li> <li>[<code>refurb</code>] Support <code>newline</code> parameter in <code>FURB101</code> for Python 3.13+ (<a href="https://redirect.github.com/astral-sh/ruff/pull/23754">#23754</a>)</li> <li>[<code>ruff</code>] Add <code>os-path-commonprefix</code> (<code>RUF071</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23814">#23814</a>)</li> <li>[<code>ruff</code>] Add unsafe fix for os-path-commonprefix (<code>RUF071</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23852">#23852</a>)</li> <li>[<code>ruff</code>] Limit <code>RUF036</code> to typing contexts; make it unsafe for non-typing-only (<a href="https://redirect.github.com/astral-sh/ruff/pull/23765">#23765</a>)</li> <li>[<code>ruff</code>] Use starred unpacking for <code>RUF017</code> in Python 3.15+ (<a href="https://redirect.github.com/astral-sh/ruff/pull/23789">#23789</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Fix <code>--add-noqa</code> creating unwanted leading whitespace (<a href="https://redirect.github.com/astral-sh/ruff/pull/23773">#23773</a>)</li> <li>Fix <code>--add-noqa</code> breaking shebangs (<a href="https://redirect.github.com/astral-sh/ruff/pull/23577">#23577</a>)</li> <li>[formatter] Fix lambda body formatting for multiline calls and subscripts (<a href="https://redirect.github.com/astral-sh/ruff/pull/23866">#23866</a>)</li> <li>[formatter] Preserve required annotation parentheses in annotated assignments (<a href="https://redirect.github.com/astral-sh/ruff/pull/23865">#23865</a>)</li> <li>[formatter] Preserve type-expression parentheses in the formatter (<a href="https://redirect.github.com/astral-sh/ruff/pull/23867">#23867</a>)</li> <li>[<code>flake8-annotations</code>] Fix stack overflow in <code>ANN401</code> on quoted annotations with escape sequences (<a href="https://redirect.github.com/astral-sh/ruff/pull/23912">#23912</a>)</li> <li>[<code>pep8-naming</code>] Check naming conventions in <code>match</code> pattern bindings (<code>N806</code>, <code>N815</code>, <code>N816</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23899">#23899</a>)</li> <li>[<code>perflint</code>] Fix comment duplication in fixes (<code>PERF401</code>, <code>PERF403</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/23729">#23729</a>)</li> <li>[<code>pyupgrade</code>] Properly trigger <code>super</code> change in nested class (<code>UP008</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/22677">#22677</a>)</li> <li>[<code>ruff</code>] Avoid syntax errors in <code>RUF036</code> fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/23764">#23764</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-bandit</code>] Flag <code>S501</code> with <code>requests.request</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23873">#23873</a>)</li> <li>[<code>flake8-executable</code>] Fix WSL detection in non-Docker containers (<a href="https://redirect.github.com/astral-sh/ruff/pull/22879">#22879</a>)</li> <li>[<code>flake8-print</code>] Ignore <code>pprint</code> calls with <code>stream=</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23787">#23787</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Update docs for Markdown code block formatting (<a href="https://redirect.github.com/astral-sh/ruff/pull/23871">#23871</a>)</li> <li>[<code>flake8-bugbear</code>] Fix misleading description for <code>B904</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/23731">#23731</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/zsol"><code>@zsol</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/e4c7f357777a2fdd34dbe6a98b1b7d3e7488f675"><code>e4c7f35</code></a> Bump 0.15.6 (<a href="https://redirect.github.com/astral-sh/ruff/issues/23919">#23919</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/edfe6c17a493669227da45ce7edc786208d9d0b0"><code>edfe6c1</code></a> [ty] Narrow type context during collection literal inference (<a href="https://redirect.github.com/astral-sh/ruff/issues/23844">#23844</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/dd16d689abd9d0fa1caf4316e70479fd422b6142"><code>dd16d68</code></a> Exclude broken symlink in ecosystem check (<a href="https://redirect.github.com/astral-sh/ruff/issues/23921">#23921</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/3f94c6ac6397cdc3160459d9d6e3892e3f3242dd"><code>3f94c6a</code></a> Fix stack overflow in ANN401 on quoted annotations with escape sequences (<a href="https://redirect.github.com/astral-sh/ruff/issues/23">#23</a>...</li> <li><a href="https://github.com/astral-sh/ruff/commit/91fc7bd3f936974d7107ba8fd0668bc251a55c58"><code>91fc7bd</code></a> [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...</li> <li><a href="https://github.com/astral-sh/ruff/commit/04229cffb44dfe8c64a0879eb3cea472a08d1565"><code>04229cf</code></a> [ty] Initial test suite for PEP-728 <code>TypedDict</code> features (<a href="https://redirect.github.com/astral-sh/ruff/issues/23832">#23832</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/728b9d6fd300d492fc2572bcfade170141296f97"><code>728b9d6</code></a> [<code>pep8-naming</code>] Check naming conventions in <code>match</code> pattern bindings (<code>N806</code>,...</li> <li><a href="https://github.com/astral-sh/ruff/commit/88d1eecd261679fc9d1d10f30d814230a7f28513"><code>88d1eec</code></a> [ty] Ensure a <code>type[]</code> type <code>T</code> is always considered assignable to a union th...</li> <li><a href="https://github.com/astral-sh/ruff/commit/37cdd61406ad4965847c9baa7c3f6ca633887d68"><code>37cdd61</code></a> Fix lambda body formatting for multiline calls and subscripts (<a href="https://redirect.github.com/astral-sh/ruff/issues/23866">#23866</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/a25a4df54aca67d23b4867ddad634fe0768fd6a2"><code>a25a4df</code></a> [ty] Disambiguate duplicate-looking overloaded callables in union display (<a href="https://redirect.github.com/astral-sh/ruff/issues/2">#2</a>...</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.15.0...0.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c01d65ba3c |
Bump fastapi from 0.128.4 to 0.135.1 (#867)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.128.4 to 0.135.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.135.1</h2> <h3>Fixes</h3> <ul> <li>🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15038">#15038</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Docs</h3> <ul> <li>✏️ Fix typo in <code>docs/en/docs/_llm-test.md</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15007">#15007</a> by <a href="https://github.com/adityagiri3600"><code>@adityagiri3600</code></a>.</li> <li>📝 Update Skill, optimize context, trim and refactor into references. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15031">#15031</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>👥 Update FastAPI People - Experts. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15037">#15037</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>👥 Update FastAPI People - Contributors and Translators. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15029">#15029</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>👥 Update FastAPI GitHub topic repositories. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15036">#15036</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.135.0</h2> <h3>Features</h3> <ul> <li>✨ Add support for Server Sent Events. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15030">#15030</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>. <ul> <li>New docs: <a href="https://fastapi.tiangolo.com/tutorial/server-sent-events/">Server-Sent Events (SSE)</a>.</li> </ul> </li> </ul> <h2>0.134.0</h2> <h3>Features</h3> <ul> <li>✨ Add support for streaming JSON Lines and binary data with <code>yield</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15022">#15022</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>. <ul> <li>This also upgrades Starlette from <code>>=0.40.0</code> to <code>>=0.46.0</code>, as it's needed to properly unrwap and re-raise exceptions from exception groups.</li> <li>New docs: <a href="https://fastapi.tiangolo.com/tutorial/stream-json-lines/">Stream JSON Lines</a>.</li> <li>And new docs: <a href="https://fastapi.tiangolo.com/advanced/stream-data/">Stream Data</a>.</li> </ul> </li> </ul> <h3>Docs</h3> <ul> <li>📝 Update Library Agent Skill with streaming responses. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15024">#15024</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Update docs for responses and new stream with <code>yield</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15023">#15023</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Add <code>await</code> in <code>StreamingResponse</code> code example to allow cancellation. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14681">#14681</a> by <a href="https://github.com/casperdcl"><code>@casperdcl</code></a>.</li> <li>📝 Rename <code>docs_src/websockets</code> to <code>docs_src/websockets_</code> to avoid import errors. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14979">#14979</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>🔨 Run tests with <code>pytest-xdist</code> and <code>pytest-cov</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14992">#14992</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <h2>0.133.1</h2> <h3>Features</h3> <ul> <li>🔧 Add FastAPI Agent Skill. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14982">#14982</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>. <ul> <li>Read more about it in <a href="https://tiangolo.com/ideas/library-agent-skills/">Library Agent Skills</a>.</li> </ul> </li> </ul> <h3>Internal</h3> <ul> <li>✅ Fix all tests are skipped on Windows. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14994">#14994</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastapi/fastapi/commit/ca5f60ee72f35fb2134d8b5d26bbb75965bcff66"><code>ca5f60e</code></a> 🔖 Release version 0.135.1</li> <li><a href="https://github.com/fastapi/fastapi/commit/87f75aa62c1dde90f4dfbfa7fc2c33127d757d34"><code>87f75aa</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/8a9258b169dce3e321f614c14b1877c18750d6c7"><code>8a9258b</code></a> 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...</li> <li><a href="https://github.com/fastapi/fastapi/commit/60385078233e00f9f13307ff038f12f88fc5c240"><code>6038507</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/c796ba4f46a6e81477ce44eabe13fd01d82f2c4a"><code>c796ba4</code></a> 👥 Update FastAPI People - Experts (<a href="https://redirect.github.com/fastapi/fastapi/issues/15037">#15037</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/b24aa03b888b78dd2ec6540d47c84a8676d6a7cb"><code>b24aa03</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/2c6104752a97273976c8a63e897de98a48f19ce0"><code>2c61047</code></a> ✏️ Fix typo in <code>docs/en/docs/_llm-test.md</code> (<a href="https://redirect.github.com/fastapi/fastapi/issues/15007">#15007</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/e3bbeef8a2687fdf34d4de2d304a59135a30e63c"><code>e3bbeef</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/d726c8cb2b8e00279487fa8661a5276d2ff2125f"><code>d726c8c</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/cf514e6d3839ca69ca45a55a6f862e74892339b9"><code>cf514e6</code></a> 👥 Update FastAPI People - Contributors and Translators (<a href="https://redirect.github.com/fastapi/fastapi/issues/15029">#15029</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fastapi/fastapi/compare/0.128.4...0.135.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
09fd6de4aa |
Bump the npm_and_yarn group across 2 directories with 1 update (#874)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [flatted](https://github.com/WebReflection/flatted). Updates `flatted` from 3.2.9 to 3.4.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li><a href="https://github.com/WebReflection/flatted/commit/d3418c718160eae69dbc0405dce75f7849019e1e"><code>d3418c7</code></a> 3.4.0</li> <li><a href="https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"><code>7eb65d8</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/88">#88</a> from WebReflection/avoid-recusrion</li> <li><a href="https://github.com/WebReflection/flatted/commit/7774aae45d3775c842abe9d071fd009171a5fc0c"><code>7774aae</code></a> Avoid recursion on parse due possible shenanigans</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.1">compare view</a></li> </ul> </details> <br /> Updates `flatted` from 3.2.9 to 3.4.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li><a href="https://github.com/WebReflection/flatted/commit/d3418c718160eae69dbc0405dce75f7849019e1e"><code>d3418c7</code></a> 3.4.0</li> <li><a href="https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"><code>7eb65d8</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/88">#88</a> from WebReflection/avoid-recusrion</li> <li><a href="https://github.com/WebReflection/flatted/commit/7774aae45d3775c842abe9d071fd009171a5fc0c"><code>7774aae</code></a> Avoid recursion on parse due possible shenanigans</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
81bffe199f |
Bump langchain-core from 1.2.16 to 1.2.19 (#873)
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.16 to 1.2.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-core's releases</a>.</em></p> <blockquote> <h2>langchain-core==1.2.19</h2> <p>Changes since langchain-core==1.2.18</p> <p>release(core): 1.2.19 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35832">#35832</a>) chore(core): move BaseCrossEncoder to langchain-core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35809">#35809</a>) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35775">#35775</a>)</p> <h2>langchain-core==1.2.18</h2> <p>Changes since langchain-core==1.2.17</p> <p>release(core): 1.2.18 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35704">#35704</a>) fix(core): fix double backticks in deprecation docstring for alternative_import (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35658">#35658</a>) fix(core): preserve default_factory when generating tool call schema (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35550">#35550</a>) feat(openai): support tool search (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35582">#35582</a>) chore: bump the minor-and-patch group across 3 directories with 7 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35605">#35605</a>)</p> <h2>langchain-core==1.2.17</h2> <p>Changes since langchain-core==1.2.16</p> <p>release(core): 1.2.17 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35527">#35527</a>) fix(core): extract usage metadata from serialized tracer message outputs (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35526">#35526</a>) chore: bump the langchain-deps group across 3 directories with 7 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35513">#35513</a>) chore: bump the langchain-deps group across 3 directories with 14 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35441">#35441</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/41cca203e633d8506b563f263b005cb52909300d"><code>41cca20</code></a> release(core): 1.2.19 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35832">#35832</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/307cdcac9e4e3d7cdcc86eeb3a4688b486f8e1d8"><code>307cdca</code></a> chore(core): move BaseCrossEncoder to langchain-core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35809">#35809</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/cee6430b1cd2530cdebcdb8820ed4ebf700556a4"><code>cee6430</code></a> refactor(xai): remove redundant <code>lc_attributes</code> override (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35791">#35791</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/6b9b4c6546332346b787f337b92879fc9b6b530c"><code>6b9b4c6</code></a> feat(xai): support <code>base_url</code> alias and <code>XAI_API_BASE</code> env var (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35790">#35790</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/b676167707b9c8e27feef7e58a11edb0fe011703"><code>b676167</code></a> fix(deepseek): accept <code>base_url</code> as alias for <code>api_base</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35789">#35789</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/5d9568b5f5a94ef21bee094f38694415e099ed73"><code>5d9568b</code></a> feat(model-profiles): new fields + <code>Makefile</code> target (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35788">#35788</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/1891d414beceeef8e23a05e9e8f6011ccbf4d8b2"><code>1891d41</code></a> chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35774">#35774</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/1d954bccfad779097f63688b324f82fed48f4c5e"><code>1d954bc</code></a> chore: bump tornado from 6.5.2 to 6.5.5 in /libs/langchain (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35773">#35773</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/261b1d57e40b8470673d923b925aeed58415bc59"><code>261b1d5</code></a> chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35775">#35775</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/9521c679db9641912b97297d434adc8d000b5a9c"><code>9521c67</code></a> fix(openai): close PIL Image handles in token counting to prevent fd leak (<a href="https://redirect.github.com/langchain-ai/langchain/issues/3">#3</a>...</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.16...langchain-core==1.2.19">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e2353612f8 |
Bump the pip group across 1 directory with 2 updates (#871)
Bumps the pip group with 2 updates in the / directory: [orjson](https://github.com/ijl/orjson) and [tornado](https://github.com/tornadoweb/tornado). Updates `orjson` from 3.11.5 to 3.11.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.6</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.6 - 2026-01-29</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad"><code>ec02024</code></a> 3.11.6</li> <li><a href="https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6"><code>d581687</code></a> build, clippy misc</li> <li><a href="https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2"><code>4105b29</code></a> writer::num</li> <li><a href="https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370"><code>62bb185</code></a> Fix sporadic crash on serializing object close</li> <li><a href="https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad"><code>d860078</code></a> PyRef idiom refactors</li> <li><a href="https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8"><code>343ae2f</code></a> Deserializer, Utf8Buffer</li> <li><a href="https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2"><code>7835f58</code></a> PyBytesRef and other input refactor</li> <li><a href="https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd"><code>71e0516</code></a> PyStrRef</li> <li><a href="https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94"><code>1096df4</code></a> MSRV 1.89</li> <li><a href="https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771"><code>b718e75</code></a> Drop support for python3.9</li> <li>Additional commits viewable in <a href="https://github.com/ijl/orjson/compare/3.11.5...3.11.6">compare view</a></li> </ul> </details> <br /> Updates `tornado` from 6.5.2 to 6.5.5 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tornadoweb/tornado/commit/7d6465056ceb7a054b3f64cf1c18271753b10482"><code>7d64650</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a> from bdarnell/update-cibw</li> <li><a href="https://github.com/tornadoweb/tornado/commit/d05d59b8080a0d5d6a260994c7aad7049209d345"><code>d05d59b</code></a> build: Bump cibuildwheel to 3.4.0</li> <li><a href="https://github.com/tornadoweb/tornado/commit/c2f46732b0ad14bf0db4219c96a945f4b60205f5"><code>c2f4673</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a> from bdarnell/release-655</li> <li><a href="https://github.com/tornadoweb/tornado/commit/e5f1aa4b6fa2c16b29024830227838fcb0c79b6f"><code>e5f1aa4</code></a> Release notes and version bump for v6.5.5</li> <li><a href="https://github.com/tornadoweb/tornado/commit/78a046f99f89977dfc8ff5a1fe16d298afbeeaca"><code>78a046f</code></a> httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li> <li><a href="https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104"><code>24a2d96</code></a> web: Validate characters in all cookie attributes.</li> <li><a href="https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839"><code>119a195</code></a> httputil: Add limits on multipart form data parsing</li> <li><a href="https://github.com/tornadoweb/tornado/commit/63d4df4eefa6750bb14efa1ebffe67b8c54fbad4"><code>63d4df4</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a> from bdarnell/release-654</li> <li><a href="https://github.com/tornadoweb/tornado/commit/eadbf9adbe9db19e2686a32f48ddf9a25518c4f6"><code>eadbf9a</code></a> Release notes and version bump for 6.5.4</li> <li><a href="https://github.com/tornadoweb/tornado/commit/bbc2b1429c6db80765a8a95c09ddddc7bb40e4e8"><code>bbc2b14</code></a> Make sure that the in-operator on HTTPHeaders is case insensitive</li> <li>Additional commits viewable in <a href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9001867cc1 |
Fix all open Dependabot security vulnerabilities (#864)
## Summary - **rollup** (high): Bump resolution `^3.29.5` → `^3.30.0` to fix arbitrary file write via path traversal (CVE-2026-27606) - **ajv** (medium): Add resolution `^8.18.0` to fix ReDoS when using `$data` option (CVE-2025-69873) — resolves all 4 ajv alerts - **langchain-core** (low): Upgrade `0.3.83` → `1.2.16` to fix SSRF via image_url token counting (CVE-2026-26013) - **langsmith** (medium): Upgrade `0.4.32` → `0.7.9` to fix SSRF via tracing header injection (CVE-2026-25528) - **Python 3.9**: Dropped (EOL since Oct 2025) — required to enable langchain-core 1.x and langsmith 0.6.x+ which have the security fixes Resolves Dependabot alerts #143, #144, #149, #150, #151, #152, #155, #156. ## Test plan - [ ] CI passes on Python 3.10 and 3.11 - [ ] Playground builds still succeed with updated yarn.lock - [ ] Verify Dependabot alerts auto-close after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
81152822bc |
Bump openai from 0.28.1 to 2.18.0 (#857)
Bumps [openai](https://github.com/openai/openai-python) from 0.28.1 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openai/openai-python/releases">openai's releases</a>.</em></p> <blockquote> <h2>v2.18.0</h2> <h2>2.18.0 (2026-02-09)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.17.0...v2.18.0">v2.17.0...v2.18.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add context_management to responses (<a href="https://github.com/openai/openai-python/commit/137e992b80956401d1867274fa7a0969edfdba54">137e992</a>)</li> <li><strong>api:</strong> responses context_management (<a href="https://github.com/openai/openai-python/commit/c3bd017318347af0a0105a7e975c8d91e22f7941">c3bd017</a>)</li> </ul> <h2>v2.17.0</h2> <h2>2.17.0 (2026-02-05)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.16.0...v2.17.0">v2.16.0...v2.17.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add shell_call_output status field (<a href="https://github.com/openai/openai-python/commit/1bbaf8865000b338c24c9fdd5e985183feaca10f">1bbaf88</a>)</li> <li><strong>api:</strong> image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (<a href="https://github.com/openai/openai-python/commit/7d965135f93f41b0c3dbf3dc9f01796bd9645b6c">7d96513</a>)</li> <li><strong>client:</strong> add custom JSON encoder for extended type support (<a href="https://github.com/openai/openai-python/commit/9f43c8b1a1641db2336cc6d0ec0c6dc470a89103">9f43c8b</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> undo change to web search Find action (<a href="https://github.com/openai/openai-python/commit/8f14eb0a74363fdfc648c5cd5c6d34a85b938d3c">8f14eb0</a>)</li> <li><strong>client:</strong> update type for <code>find_in_page</code> action (<a href="https://github.com/openai/openai-python/commit/ec54ddeb357e49edd81cc3fe53d549c297e59a07">ec54dde</a>)</li> </ul> <h2>v2.16.0</h2> <h2>2.16.0 (2026-01-27)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.15.0...v2.16.0">v2.15.0...v2.16.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> api update (<a href="https://github.com/openai/openai-python/commit/b97f9f26b9c46ca4519130e60a8bf12ad8d52bf3">b97f9f2</a>)</li> <li><strong>api:</strong> api updates (<a href="https://github.com/openai/openai-python/commit/9debcc02370f5b76a6a609ded18fbf8dea87b9cb">9debcc0</a>)</li> <li><strong>client:</strong> add support for binary request streaming (<a href="https://github.com/openai/openai-python/commit/49561d88279628bc400d1b09aa98765b67018ef1">49561d8</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>api:</strong> mark assistants as deprecated (<a href="https://github.com/openai/openai-python/commit/0419cbcbf1021131c7492321436ed01ca4337835">0419cbc</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> upgrade <code>actions/github-script</code> (<a href="https://github.com/openai/openai-python/commit/5139f13ef35e64dadc65f2ba2bab736977985769">5139f13</a>)</li> <li><strong>internal:</strong> update <code>actions/checkout</code> version (<a href="https://github.com/openai/openai-python/commit/f2767144c11833070c0579063ed33918089b4617">f276714</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/openai/openai-python/blob/main/CHANGELOG.md">openai's changelog</a>.</em></p> <blockquote> <h2>2.18.0 (2026-02-09)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.17.0...v2.18.0">v2.17.0...v2.18.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add context_management to responses (<a href="https://github.com/openai/openai-python/commit/137e992b80956401d1867274fa7a0969edfdba54">137e992</a>)</li> <li><strong>api:</strong> responses context_management (<a href="https://github.com/openai/openai-python/commit/c3bd017318347af0a0105a7e975c8d91e22f7941">c3bd017</a>)</li> </ul> <h2>2.17.0 (2026-02-05)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.16.0...v2.17.0">v2.16.0...v2.17.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add shell_call_output status field (<a href="https://github.com/openai/openai-python/commit/1bbaf8865000b338c24c9fdd5e985183feaca10f">1bbaf88</a>)</li> <li><strong>api:</strong> image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (<a href="https://github.com/openai/openai-python/commit/7d965135f93f41b0c3dbf3dc9f01796bd9645b6c">7d96513</a>)</li> <li><strong>client:</strong> add custom JSON encoder for extended type support (<a href="https://github.com/openai/openai-python/commit/9f43c8b1a1641db2336cc6d0ec0c6dc470a89103">9f43c8b</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> undo change to web search Find action (<a href="https://github.com/openai/openai-python/commit/8f14eb0a74363fdfc648c5cd5c6d34a85b938d3c">8f14eb0</a>)</li> <li><strong>client:</strong> update type for <code>find_in_page</code> action (<a href="https://github.com/openai/openai-python/commit/ec54ddeb357e49edd81cc3fe53d549c297e59a07">ec54dde</a>)</li> </ul> <h2>2.16.0 (2026-01-27)</h2> <p>Full Changelog: <a href="https://github.com/openai/openai-python/compare/v2.15.0...v2.16.0">v2.15.0...v2.16.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> api update (<a href="https://github.com/openai/openai-python/commit/b97f9f26b9c46ca4519130e60a8bf12ad8d52bf3">b97f9f2</a>)</li> <li><strong>api:</strong> api updates (<a href="https://github.com/openai/openai-python/commit/9debcc02370f5b76a6a609ded18fbf8dea87b9cb">9debcc0</a>)</li> <li><strong>client:</strong> add support for binary request streaming (<a href="https://github.com/openai/openai-python/commit/49561d88279628bc400d1b09aa98765b67018ef1">49561d8</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>api:</strong> mark assistants as deprecated (<a href="https://github.com/openai/openai-python/commit/0419cbcbf1021131c7492321436ed01ca4337835">0419cbc</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> upgrade <code>actions/github-script</code> (<a href="https://github.com/openai/openai-python/commit/5139f13ef35e64dadc65f2ba2bab736977985769">5139f13</a>)</li> <li><strong>internal:</strong> update <code>actions/checkout</code> version (<a href="https://github.com/openai/openai-python/commit/f2767144c11833070c0579063ed33918089b4617">f276714</a>)</li> </ul> <h3>Documentation</h3> <ul> <li><strong>examples:</strong> update Azure Realtime sample to use v1 API (<a href="https://redirect.github.com/openai/openai-python/issues/2829">#2829</a>) (<a href="https://github.com/openai/openai-python/commit/3b319819544d629c5b8c206b8b1f6ec6328c6136">3b31981</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openai/openai-python/commit/a7a60166ad8f686f388719a147f815b053c9e885"><code>a7a6016</code></a> release: 2.18.0 (<a href="https://redirect.github.com/openai/openai-python/issues/2846">#2846</a>)</li> <li><a href="https://github.com/openai/openai-python/commit/e8888736c86bb1d5a27100867da22b11ab5bb1b7"><code>e888873</code></a> release: 2.17.0</li> <li><a href="https://github.com/openai/openai-python/commit/b982088450a89409ae0eedc1f27f84f383b447af"><code>b982088</code></a> fix(client): undo change to web search Find action</li> <li><a href="https://github.com/openai/openai-python/commit/b95c09d3f1b760378ee4137b83a8e9b87156bedd"><code>b95c09d</code></a> codegen metadata</li> <li><a href="https://github.com/openai/openai-python/commit/31b4218b71025c9183eb8320629af5de74682adc"><code>31b4218</code></a> codegen metadata</li> <li><a href="https://github.com/openai/openai-python/commit/a1fb97bb3580d58a4534a3b4278b5cd4a43ddbc6"><code>a1fb97b</code></a> fix(client): update type for <code>find_in_page</code> action</li> <li><a href="https://github.com/openai/openai-python/commit/42cb178759bd2bac2274f4c7afd3c550e6cf9aa2"><code>42cb178</code></a> feat(api): image generation actions for responses; ResponseFunctionCallArgume...</li> <li><a href="https://github.com/openai/openai-python/commit/db4d87193089f60d8a2c2841ded3c7fdcd54a5bb"><code>db4d871</code></a> feat(client): add custom JSON encoder for extended type support</li> <li><a href="https://github.com/openai/openai-python/commit/2360dfa7fd26a8f92211702c04752a10fe5fff27"><code>2360dfa</code></a> codegen metadata</li> <li><a href="https://github.com/openai/openai-python/commit/7da396e2601ea1587c8798a9c60d9d3497146380"><code>7da396e</code></a> codegen metadata</li> <li>Additional commits viewable in <a href="https://github.com/openai/openai-python/compare/v0.28.1...v2.18.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fa7f3b828b |
Bump uvicorn from 0.23.2 to 0.39.0 (#858)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.23.2 to 0.39.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p> <blockquote> <h2>Version 0.39.0</h2> <h2>What's Changed</h2> <ul> <li>explicitly start ASGI run with empty context by <a href="https://github.com/pmeier"><code>@pmeier</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2742">Kludex/uvicorn#2742</a></li> <li>fix(websockets): Send close frame on ASGI return by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2769">Kludex/uvicorn#2769</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/pmeier"><code>@pmeier</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2742">Kludex/uvicorn#2742</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.38.0...0.39.0">https://github.com/Kludex/uvicorn/compare/0.38.0...0.39.0</a></p> <h2>Version 0.38.0</h2> <h2>What's Changed</h2> <ul> <li>Support Python 3.14 by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2723">Kludex/uvicorn#2723</a></li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/NGANAMODEIJunior"><code>@NGANAMODEIJunior</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2713">Kludex/uvicorn#2713</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.37.0...0.38.0">https://github.com/Kludex/uvicorn/compare/0.37.0...0.38.0</a></p> <h2>Version 0.37.0</h2> <h2>What's Changed</h2> <ul> <li>Add <code>--timeout-worker-healthcheck</code> setting by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2711">Kludex/uvicorn#2711</a></li> <li>Add <code>os.PathLike[str]</code> type to <code>ssl_ca_certs</code> by <a href="https://github.com/rnv812"><code>@rnv812</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2676">Kludex/uvicorn#2676</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/LincolnPuzey"><code>@LincolnPuzey</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2669">Kludex/uvicorn#2669</a></li> <li><a href="https://github.com/rnv812"><code>@rnv812</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2676">Kludex/uvicorn#2676</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.36.1...0.37.0">https://github.com/Kludex/uvicorn/compare/0.36.1...0.37.0</a></p> <h2>Version 0.36.1</h2> <h2>What's Changed</h2> <ul> <li>Raise an exception when calling removed <code>Config.setup_event_loop()</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2709">Kludex/uvicorn#2709</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.36.0...0.36.1">https://github.com/Kludex/uvicorn/compare/0.36.0...0.36.1</a></p> <h2>Version 0.36.0</h2> <h2>Added</h2> <ul> <li>Support custom IOLOOPs by <a href="https://github.com/gnir-work"><code>@gnir-work</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2435">Kludex/uvicorn#2435</a></li> <li>Allow to provide importable string in <code>--http</code>, <code>--ws</code> and <code>--loop</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2658">Kludex/uvicorn#2658</a></li> </ul> <hr /> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/gnir-work"><code>@gnir-work</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2435">Kludex/uvicorn#2435</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p> <blockquote> <h2>0.39.0 (December 21, 2025)</h2> <h3>Fixed</h3> <ul> <li>Send close frame on ASGI return for WebSockets (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2769">#2769</a>)</li> <li>Explicitly start ASGI run with empty context (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2742">#2742</a>)</li> </ul> <h2>0.38.0 (October 18, 2025)</h2> <h3>Added</h3> <ul> <li>Support Python 3.14 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2723">#2723</a>)</li> </ul> <h2>0.37.0 (September 23, 2025)</h2> <h3>Added</h3> <ul> <li>Add <code>--timeout-worker-healthcheck</code> option (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2711">#2711</a>)</li> <li>Add <code>os.PathLike[str]</code> type to <code>ssl_ca_certs</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2676">#2676</a>)</li> </ul> <h2>0.36.1 (September 23, 2025)</h2> <h3>Fixed</h3> <ul> <li>Raise an exception when calling removed <code>Config.setup_event_loop()</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2709">#2709</a>)</li> </ul> <h2>0.36.0 (September 20, 2025)</h2> <h3>Added</h3> <ul> <li>Support custom IOLOOPs (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2435">#2435</a>)</li> <li>Allow to provide importable string in <code>--http</code>, <code>--ws</code> and <code>--loop</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2658">#2658</a>)</li> </ul> <h2>0.35.0 (June 28, 2025)</h2> <h3>Added</h3> <ul> <li>Add <code>WebSocketsSansIOProtocol</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2540">#2540</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Refine help message for option <code>--proxy-headers</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2653">#2653</a>)</li> </ul> <h2>0.34.3 (June 1, 2025)</h2> <h3>Fixed</h3> <ul> <li>Don't include <code>cwd()</code> when non-empty <code>--reload-dirs</code> is passed (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2598">#2598</a>)</li> <li>Apply <code>get_client_addr</code> formatting to WebSocket logging (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2636">#2636</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/uvicorn/commit/4f40b8495772eb3a1ab3613ffd7be5156f8e1389"><code>4f40b84</code></a> Version 0.39.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2770">#2770</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/5692dfc416f9e65aee5028e55d119313d8d3ab0f"><code>5692dfc</code></a> fix(websockets): Send close frame on ASGI return (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2769">#2769</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/4194764a26824e5d8ddd1fa673df78dff82966e0"><code>4194764</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2763">#2763</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/d94bf28743de545d2d4b150f022203a5178cb705"><code>d94bf28</code></a> explicitly start ASGI run with empty context (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2742">#2742</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/8ae0bcbecb0a655789abf0c2dd4200848fc68a30"><code>8ae0bcb</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2748">#2748</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/4744ff9a1a4888c76ea160328cc9dcc2680c2c71"><code>4744ff9</code></a> Add groups configuration for GitHub Actions (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2747">#2747</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/0391372376c264604a0475b0864bcbf3a8705352"><code>0391372</code></a> chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2746">#2746</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/69a6ae319801a5866ec07afdeb2ff3d912f4d3a0"><code>69a6ae3</code></a> Improve typing in <code>test_http.py</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2740">#2740</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/3850ad6520cafb290bd4174fa9c4ca5d33440c82"><code>3850ad6</code></a> Version 0.38.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2733">#2733</a>)</li> <li><a href="https://github.com/Kludex/uvicorn/commit/9b3f17a549ec96f57bf4d975145fc58feefdd4e8"><code>9b3f17a</code></a> Support Python 3.14 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2723">#2723</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/uvicorn/compare/0.23.2...0.39.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6b53d46321 |
Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#863)
Potential fix for [https://github.com/langchain-ai/langserve/security/code-scanning/1](https://github.com/langchain-ai/langserve/security/code-scanning/1) In general, to fix this class of issue, you explicitly declare a `permissions:` block in the workflow (either at the top level or per job) that grants only the scopes required. For linting and caching, read-only `contents` access is sufficient; no write access or extra scopes are needed. For this specific workflow, the least-privilege, non-breaking fix is to add a root-level `permissions:` block just under the `name: lint` line. That will apply to all jobs (here only `build`) that don’t override permissions. Based on the steps (checkout, cache, running local tools), only repository contents need to be readable, so we can set: ```yaml permissions: contents: read ``` No other parts of the file need to change, and no additional imports or methods are required, since this is pure workflow configuration. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> |
||
|
|
79bf88aa7a |
Bump pydantic from 2.11.10 to 2.12.5 (#856)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.10 to 2.12.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.12.5 2025-11-26</h2> <h2>v2.12.5 (2025-11-26)</h2> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5">https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5</a></p> <h2>v2.12.4 2025-11-05</h2> <h2>v2.12.4 (2025-11-05)</h2> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4">https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4</a></p> <h2>v2.12.3 2025-10-17</h2> <h2>v2.12.3 (2025-10-17)</h2> <h3>What's Changed</h3> <p>This is the third 2.13 patch release, fixing issues related to the <code>FieldInfo</code> class, and reverting a change to the supported <a href="https://docs.pydantic.dev/latest/concepts/validators/#model-validators"><em>after</em> model validator</a> function signatures.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.12.5 (2025-11-26)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.5">GitHub release</a></p> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> <h2>v2.12.4 (2025-11-05)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.4">GitHub release</a></p> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> <h2>v2.12.3 (2025-10-17)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.3">GitHub release</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pydantic/pydantic/commit/bd2d0dd0137dfa1a8fdff2529b9dfb1547980150"><code>bd2d0dd</code></a> Prepare release v2.12.5</li> <li><a href="https://github.com/pydantic/pydantic/commit/7d0302ec7ec2cf115de3450a615522875bdd8b56"><code>7d0302e</code></a> Document security implications when using <code>create_model()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/e9ef980def726b6f59b6c495ddc9dc259a0228db"><code>e9ef980</code></a> Fix typo in Standard Library Types documentation</li> <li><a href="https://github.com/pydantic/pydantic/commit/f2c20c00c265a31a13c48f9bae923a87c829952e"><code>f2c20c0</code></a> Add <code>pydantic-docs</code> dev dependency, make use of versioning blocks</li> <li><a href="https://github.com/pydantic/pydantic/commit/a76c1aa26f2d64a3fd080ac515d80832689197e8"><code>a76c1aa</code></a> Update documentation about JSON Schema</li> <li><a href="https://github.com/pydantic/pydantic/commit/8cbc72ca489891e574fba45238ee8bd4f8e719a2"><code>8cbc72c</code></a> Add documentation about custom <code>__init__()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/99eba599069da137b3f708ffa74627f2b456ba73"><code>99eba59</code></a> Add additional test for <code>FieldInfo.get_default()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/c71076988e507ea93844c77c3bf0bbb85a5716af"><code>c710769</code></a> Special case <code>MISSING</code> sentinel in <code>smart_deepcopy()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/20a9d771c210fd77d52366ac923258c4c199727f"><code>20a9d77</code></a> Do not delete mock validator/serializer in <code>rebuild_dataclass()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/c86515a3a8f2120148fab2eaedd3bc45925779d0"><code>c86515a</code></a> Update parts of the model and <code>revalidate_instances</code> documentation</li> <li>Additional commits viewable in <a href="https://github.com/pydantic/pydantic/compare/v2.11.10...v2.12.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2007e07a83 |
Bump starlette from 0.48.0 to 0.49.1 in the pip group across 1 directory (#855)
Bumps the pip group with 1 update in the / directory: [starlette](https://github.com/Kludex/starlette). Updates `starlette` from 0.48.0 to 0.49.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 0.49.1</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h2>Fixed</h2> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.49.0...0.49.1">https://github.com/Kludex/starlette/compare/0.49.0...0.49.1</a></p> <h2>Version 0.49.0</h2> <h2>Added</h2> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h2>Changed</h2> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/TheWesDias"><code>@TheWesDias</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3017">Kludex/starlette#3017</a></li> <li><a href="https://github.com/gmos2104"><code>@gmos2104</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3027">Kludex/starlette#3027</a></li> <li><a href="https://github.com/secrett2633"><code>@secrett2633</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2996">Kludex/starlette#2996</a></li> <li><a href="https://github.com/adam-sikora"><code>@adam-sikora</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2976">Kludex/starlette#2976</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.48.0...0.49.0">https://github.com/Kludex/starlette/compare/0.48.0...0.49.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>0.49.1 (October 28, 2025)</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h4>Fixed</h4> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <h2>0.49.0 (October 28, 2025)</h2> <h4>Added</h4> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee"><code>7e4b742</code></a> Version 0.49.1 (<a href="https://redirect.github.com/Kludex/starlette/issues/3047">#3047</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"><code>4ea6e22</code></a> Merge commit from fork</li> <li><a href="https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee"><code>7d88ea6</code></a> Version 0.49.0 (<a href="https://redirect.github.com/Kludex/starlette/issues/3046">#3046</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e"><code>26d66bb</code></a> Do not pollute exception context in Middleware (<a href="https://redirect.github.com/Kludex/starlette/issues/2976">#2976</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5"><code>a59397d</code></a> Set encodings when reading config files (<a href="https://redirect.github.com/Kludex/starlette/issues/2996">#2996</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372"><code>3b7f0cb</code></a> test: add test for unknown status (<a href="https://redirect.github.com/Kludex/starlette/issues/3035">#3035</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd"><code>b09ce1a</code></a> docs: fix legibility issues on sponsorship page (<a href="https://redirect.github.com/Kludex/starlette/issues/3039">#3039</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b"><code>0f0edcf</code></a> Revert "Add Marcelo Trylesinski to the license (<a href="https://redirect.github.com/Kludex/starlette/issues/3025">#3025</a>)" (<a href="https://redirect.github.com/Kludex/starlette/issues/3044">#3044</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8"><code>3912d63</code></a> docs: add social icons (<a href="https://redirect.github.com/Kludex/starlette/issues/3038">#3038</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad"><code>4915a93</code></a> Add discord to README/docs (<a href="https://redirect.github.com/Kludex/starlette/issues/3034">#3034</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/starlette/compare/0.48.0...0.49.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ad24198ad6 |
Bump the npm_and_yarn group across 3 directories with 2 updates (#862)
Bumps the npm_and_yarn group with 1 update in the /langserve/chat_playground directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /langserve/playground directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /libs/langserve-playground directory: [rollup](https://github.com/rollup/rollup). Updates `minimatch` from 3.1.2 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5">compare view</a></li> </ul> </details> <br /> Updates `minimatch` from 3.1.2 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5">compare view</a></li> </ul> </details> <br /> Updates `rollup` from 4.57.1 to 4.59.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rollup/rollup/commit/ae846957f109690a866cc3e4c073613c338d3476"><code>ae84695</code></a> 4.59.0</li> <li><a href="https://github.com/rollup/rollup/commit/b39616e9175b3d9fc3977c99153174c490805a93"><code>b39616e</code></a> Update audit-resolve</li> <li><a href="https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"><code>c60770d</code></a> Validate bundle stays within output dir (<a href="https://redirect.github.com/rollup/rollup/issues/6275">#6275</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/33f39c1f205ea2eadaf4b589e493453e2baa3662"><code>33f39c1</code></a> 4.58.0</li> <li><a href="https://github.com/rollup/rollup/commit/b61c40803b717854c1c28937e8098e5ad3c7b8ca"><code>b61c408</code></a> forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...</li> <li><a href="https://github.com/rollup/rollup/commit/7f00689ec90e2cafb11c26eefbcac62343c936f6"><code>7f00689</code></a> Extend agent instructions</li> <li><a href="https://github.com/rollup/rollup/commit/e7b2b85af0901244ecc141b9d792c6db6b527ea4"><code>e7b2b85</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6270">#6270</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/2aa5da9baf82211b8207d268c8751630cb766970"><code>2aa5da9</code></a> fix(deps): update minor/patch updates (<a href="https://redirect.github.com/rollup/rollup/issues/6267">#6267</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/4319837c5448d0c10d89e9ded118888deec2eeec"><code>4319837</code></a> chore(deps): update dependency lru-cache to v11 (<a href="https://redirect.github.com/rollup/rollup/issues/6269">#6269</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/c3b6b4bdc4f2ed978fa233132a526957e6513233"><code>c3b6b4b</code></a> chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://redirect.github.com/rollup/rollup/issues/6268">#6268</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v4.57.1...v4.59.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0b1e78db0b |
Bump the pip group across 1 directory with 2 updates (#854)
Bumps the pip group with 2 updates in the / directory: [orjson](https://github.com/ijl/orjson) and [nbconvert](https://github.com/jupyter/nbconvert). Updates `orjson` from 3.11.3 to 3.11.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/fb3eb1f729c7e7b019f780af5695722c99c7c695"><code>fb3eb1f</code></a> 3.11.5</li> <li><a href="https://github.com/ijl/orjson/commit/52688e02c51c845cde24a46cd1011a6010d10eb8"><code>52688e0</code></a> Record contributors in headers</li> <li><a href="https://github.com/ijl/orjson/commit/dc083e87d5262e7dde3ba4b1d2a377b5b065a27c"><code>dc083e8</code></a> Further compatibility and build misc</li> <li><a href="https://github.com/ijl/orjson/commit/18f0186d47fbadd53c9db4e39a442d5b04225418"><code>18f0186</code></a> Compatibility and build misc</li> <li><a href="https://github.com/ijl/orjson/commit/a4fdeb3aff125d501ec0dd0577f9b38b2b977b4f"><code>a4fdeb3</code></a> 3.11.4</li> <li><a href="https://github.com/ijl/orjson/commit/2e80d68afacafca8751e6a64ca05d0d4087dbd15"><code>2e80d68</code></a> unlikely to cold_path, remove intrinsics</li> <li><a href="https://github.com/ijl/orjson/commit/27edea92f8da2fdfc3f1342474e2f1686f1edf55"><code>27edea9</code></a> FFI through crate::ffi, partial non-CPython compatibility</li> <li><a href="https://github.com/ijl/orjson/commit/416a8c9578da780d0d58b5e6b751793deafc610d"><code>416a8c9</code></a> Unconditionally build yyjson</li> <li><a href="https://github.com/ijl/orjson/commit/c8c1a17dca8436a2fee05ca060febd096e653d98"><code>c8c1a17</code></a> edition 2024</li> <li><a href="https://github.com/ijl/orjson/commit/af4179a1fa0aafffd0f867203b6c36e9a522f165"><code>af4179a</code></a> build maintenance, panic_immediate_abort break, test 3.15</li> <li>See full diff in <a href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare view</a></li> </ul> </details> <br /> Updates `nbconvert` from 7.16.6 to 7.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.0</h2> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196"><code>21b35d8</code></a> Publish 7.17.0</li> <li><a href="https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71"><code>c9ac1d1</code></a> Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...</li> <li><a href="https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced"><code>b13276d</code></a> avoid cov environment on free-threaded Pythons (<a href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li> <li><a href="https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6"><code>7c7055f</code></a> [pre-commit.ci] auto fixes from pre-commit.com hooks</li> <li><a href="https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852"><code>74f3ddd</code></a> Fix QtPNGExporter returning empty bytes on macOS</li> <li><a href="https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a"><code>216550b</code></a> fix links</li> <li><a href="https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c"><code>39777ac</code></a> try to comment fialing test</li> <li><a href="https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14"><code>7b591ca</code></a> ruff-check</li> <li><a href="https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9"><code>6ec7638</code></a> parent</li> <li><a href="https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19"><code>59414b3</code></a> fix mypy</li> <li>Additional commits viewable in <a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5eff20817d |
Bump ruff from 0.1.15 to 0.15.0 (#850)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.1.15 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.15.0</h2> <h2>Release Notes</h2> <p>Released on 2026-02-03.</p> <p>Check out the <a href="https://astral.sh/blog/ruff-v0.15.0">blog post</a> for a migration guide and overview of the changes!</p> <h3>Breaking changes</h3> <ul> <li> <p>Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.</p> </li> <li> <p>The linter now supports block suppression comments. For example, to suppress <code>N803</code> for all parameters in this function:</p> <pre lang="python"><code># ruff: disable[N803] def foo( legacyArg1, legacyArg2, legacyArg3, legacyArg4, ): ... # ruff: enable[N803] </code></pre> <p>See the <a href="https://docs.astral.sh/ruff/linter/#block-level">documentation</a> for more details.</p> </li> <li> <p>The <code>ruff:alpine</code> Docker image is now based on Alpine 3.23 (up from 3.21).</p> </li> <li> <p>The <code>ruff:debian</code> and <code>ruff:debian-slim</code> Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."</p> </li> <li> <p>Binaries for the <code>ppc64</code> (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.</p> </li> <li> <p>Ruff now resolves all <code>extend</code>ed configuration files before falling back on a default Python version.</p> </li> </ul> <h3>Stabilization</h3> <p>The following rules have been stabilized and are no longer in preview:</p> <ul> <li><a href="https://docs.astral.sh/ruff/rules/blocking-http-call-httpx-in-async-function"><code>blocking-http-call-httpx-in-async-function</code></a> (<code>ASYNC212</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/blocking-path-method-in-async-function"><code>blocking-path-method-in-async-function</code></a> (<code>ASYNC240</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/blocking-input-in-async-function"><code>blocking-input-in-async-function</code></a> (<code>ASYNC250</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/map-without-explicit-strict"><code>map-without-explicit-strict</code></a> (<code>B912</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/if-exp-instead-of-or-operator"><code>if-exp-instead-of-or-operator</code></a> (<code>FURB110</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/single-item-membership-test"><code>single-item-membership-test</code></a> (<code>FURB171</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/missing-maxsplit-arg"><code>missing-maxsplit-arg</code></a> (<code>PLC0207</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/unnecessary-lambda"><code>unnecessary-lambda</code></a> (<code>PLW0108</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/unnecessary-empty-iterable-within-deque-call"><code>unnecessary-empty-iterable-within-deque-call</code></a> (<code>RUF037</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/in-empty-collection"><code>in-empty-collection</code></a> (<code>RUF060</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/legacy-form-pytest-raises"><code>legacy-form-pytest-raises</code></a> (<code>RUF061</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/non-octal-permissions"><code>non-octal-permissions</code></a> (<code>RUF064</code>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.15.0</h2> <p>Released on 2026-02-03.</p> <p>Check out the <a href="https://astral.sh/blog/ruff-v0.15.0">blog post</a> for a migration guide and overview of the changes!</p> <h3>Breaking changes</h3> <ul> <li> <p>Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.</p> </li> <li> <p>The linter now supports block suppression comments. For example, to suppress <code>N803</code> for all parameters in this function:</p> <pre lang="python"><code># ruff: disable[N803] def foo( legacyArg1, legacyArg2, legacyArg3, legacyArg4, ): ... # ruff: enable[N803] </code></pre> <p>See the <a href="https://docs.astral.sh/ruff/linter/#block-level">documentation</a> for more details.</p> </li> <li> <p>The <code>ruff:alpine</code> Docker image is now based on Alpine 3.23 (up from 3.21).</p> </li> <li> <p>The <code>ruff:debian</code> and <code>ruff:debian-slim</code> Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."</p> </li> <li> <p>Binaries for the <code>ppc64</code> (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.</p> </li> <li> <p>Ruff now resolves all <code>extend</code>ed configuration files before falling back on a default Python version.</p> </li> </ul> <h3>Stabilization</h3> <p>The following rules have been stabilized and are no longer in preview:</p> <ul> <li><a href="https://docs.astral.sh/ruff/rules/blocking-http-call-httpx-in-async-function"><code>blocking-http-call-httpx-in-async-function</code></a> (<code>ASYNC212</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/blocking-path-method-in-async-function"><code>blocking-path-method-in-async-function</code></a> (<code>ASYNC240</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/blocking-input-in-async-function"><code>blocking-input-in-async-function</code></a> (<code>ASYNC250</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/map-without-explicit-strict"><code>map-without-explicit-strict</code></a> (<code>B912</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/if-exp-instead-of-or-operator"><code>if-exp-instead-of-or-operator</code></a> (<code>FURB110</code>)</li> <li><a href="https://docs.astral.sh/ruff/rules/single-item-membership-test"><code>single-item-membership-test</code></a> (<code>FURB171</code>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/ce5f7b6127a5d684e96fd0f8e387f73c41c7a1b0"><code>ce5f7b6</code></a> Bump 0.15.0 (<a href="https://redirect.github.com/astral-sh/ruff/issues/23055">#23055</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b4e40f539cdbafac8afd6e510994ca64c3b317b9"><code>b4e40f5</code></a> [ty] Fix <code>__contains__</code> to respect descriptors (<a href="https://redirect.github.com/astral-sh/ruff/issues/23056">#23056</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/848cb72dc14b4c9409bf08e8323b4119d6b90005"><code>848cb72</code></a> [ty] Fix narrowing of nonlocal variables with conditional assignments (<a href="https://redirect.github.com/astral-sh/ruff/issues/22966">#22966</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/da7f33af22c7da3f3cb9321f776dda4131dda3cb"><code>da7f33a</code></a> [ty] Add a diagnostic for <code>Final</code> without assignment (<a href="https://redirect.github.com/astral-sh/ruff/issues/23001">#23001</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/e65f9a6b039fa411e5609a7bda9bb7ffd11e9b1a"><code>e65f9a6</code></a> Document markdown formatting feature (<a href="https://redirect.github.com/astral-sh/ruff/issues/22990">#22990</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/c0c1b985c9ec4b3570b0a28af69ad6776a3ec401"><code>c0c1b98</code></a> Format markdown code blocks with line-by-line regex parse (<a href="https://redirect.github.com/astral-sh/ruff/issues/22996">#22996</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/9f8f3e196bd6d4f2c572075536dd38b769c48087"><code>9f8f3e1</code></a> Allow positional-only params with defaults in method overrides (<a href="https://redirect.github.com/astral-sh/ruff/issues/23037">#23037</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/ef83810e118e3e41aa6c63f87f8a8147363a3e56"><code>ef83810</code></a> [ty] ecosystem-analyzer: Support bare git repositories (<a href="https://redirect.github.com/astral-sh/ruff/issues/23054">#23054</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/54dfee4cb800c0b0890b2b2c74c64cc45584194c"><code>54dfee4</code></a> Customize where the <code>fix_title</code> sub-diagnostic appears (<a href="https://redirect.github.com/astral-sh/ruff/issues/23044">#23044</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b53460799b592e5276e1d148d8a48469f396032e"><code>b534607</code></a> 2026 Ruff Formatter Style (<a href="https://redirect.github.com/astral-sh/ruff/issues/22735">#22735</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/v0.1.15...0.15.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com> |
||
|
|
5a6f73cdf6 |
Bump the npm_and_yarn group across 3 directories with 12 updates (#851)
Bumps the npm_and_yarn group with 6 updates in the /langserve/chat_playground directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.14` | `5.4.21` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.23.2` | `7.28.6` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | Bumps the npm_and_yarn group with 6 updates in the /langserve/playground directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.14` | `5.4.21` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.23.2` | `7.28.6` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | Bumps the npm_and_yarn group with 6 updates in the /libs/langserve-playground directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.29.5` | | [tsup](https://github.com/egoist/tsup) | `7.2.0` | `8.3.5` | Updates `lodash` from 4.17.21 to 4.17.23 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> Updates `vite` from 4.5.14 to 5.4.21 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v5.4.21</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.20</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.19</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->5.4.21 (2025-10-20)<!-- raw HTML omitted --></h2> <ul> <li>fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>) (<a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c">cad1d31</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a> <a href="https://redirect.github.com/vitejs/vite/issues/20970">#20970</a></li> <li>chore: update CHANGELOG (<a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c">ca88ed7</a>)</li> </ul> <h2><!-- raw HTML omitted -->5.4.20 (2025-09-08)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea">482000f</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li> <li>fix: port sirv@3.0.2 changes to sirv@2.0.4 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20737">#20737</a>) (<a href="https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069">4f1c35b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20737">#20737</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.19 (2025-04-30)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>, check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>) (<a href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0">766947e</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19965">#19965</a> <a href="https://redirect.github.com/vitejs/vite/issues/19966">#19966</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.18 (2025-04-10)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>, reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19831">#19831</a>) (<a href="https://github.com/vitejs/vite/commit/823675baff2bd6809c74ba2d9acca0327923a54f">823675b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19830">#19830</a> <a href="https://redirect.github.com/vitejs/vite/issues/19831">#19831</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.17 (2025-04-03)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782">#19782</a>, fs check with svg and relative paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19784">#19784</a>) (<a href="https://github.com/vitejs/vite/commit/84b2b46ed129be8215108e789a90adbb33a9c42c">84b2b46</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19782">#19782</a> <a href="https://redirect.github.com/vitejs/vite/issues/19784">#19784</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.16 (2025-03-31)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761">#19761</a>, fs check in transform middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19762">#19762</a>) (<a href="https://github.com/vitejs/vite/commit/b627c50d359f3bd9b602408fbbf462cf4a2f019c">b627c50</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19761">#19761</a> <a href="https://redirect.github.com/vitejs/vite/issues/19762">#19762</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.15 (2025-03-24)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702">#19702</a>, fs raw query with query separators (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19703">#19703</a>) (<a href="https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41">807d7f0</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19702">#19702</a> <a href="https://redirect.github.com/vitejs/vite/issues/19703">#19703</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.14 (2025-01-21)<!-- raw HTML omitted --></h2> <ul> <li>fix: <code>preview.allowedHosts</code> with specific values was not respected (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246">#19246</a>) (<a href="https://github.com/vitejs/vite/commit/9df6e6beabf0d18988ec13b8b742d2aba29662f9">9df6e6b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19246">#19246</a></li> <li>fix: allow CORS from loopback addresses by default (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249">#19249</a>) (<a href="https://github.com/vitejs/vite/commit/7d1699ccf673e2790704756d89d2e1e4ee478fb4">7d1699c</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19249">#19249</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/adce3c22c64cc9d44cc8f45cc92b543e3e4bf385"><code>adce3c2</code></a> release: v5.4.21</li> <li><a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c"><code>cad1d31</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c"><code>ca88ed7</code></a> chore: update CHANGELOG</li> <li><a href="https://github.com/vitejs/vite/commit/997700f01c7199daf7330d33a7fd3a43b2e9e3ba"><code>997700f</code></a> release: v5.4.20</li> <li><a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea"><code>482000f</code></a> fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/80a333a23103ced0442d4463d1191433d90f5e19"><code>80a333a</code></a> release: v5.4.19</li> <li><a href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0"><code>766947e</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>, check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/731b77d19d36f5682a5441b49cb2f6473389ad99"><code>731b77d</code></a> release: v5.4.18</li> <li><a href="https://github.com/vitejs/vite/commit/823675baff2bd6809c74ba2d9acca0327923a54f"><code>823675b</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>, reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19831">#19831</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0a2518a98d2354c61ee8ef51f7d00fa92aebb511"><code>0a2518a</code></a> release: v5.4.17</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v5.4.21/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `@babel/helpers` from 7.23.2 to 7.28.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/helpers</code>'s releases</a>.</em></p> <blockquote> <h2>v7.28.6 (2026-01-12)</h2> <p>Thanks <a href="https://github.com/kadhirash"><code>@kadhirash</code></a> and <a href="https://github.com/kolvian"><code>@kolvian</code></a> for your first PRs!</p> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-cli</code>, <code>babel-code-frame</code>, <code>babel-core</code>, <code>babel-helper-check-duplicate-nodes</code>, <code>babel-helper-fixtures</code>, <code>babel-helper-plugin-utils</code>, <code>babel-node</code>, <code>babel-plugin-transform-flow-comments</code>, <code>babel-plugin-transform-modules-commonjs</code>, <code>babel-plugin-transform-property-mutators</code>, <code>babel-preset-env</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17589">#17589</a> Improve Unicode handling in code-frame tokenizer (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-regenerator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17556">#17556</a> fix: <code>transform-regenerator</code> correctly handles scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-react-jsx</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17538">#17538</a> fix: Keep jsx comments (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-core</code>, <code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17606">#17606</a> Polish(standalone): improve message on invalid preset/plugin (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-plugin-bugfix-v8-static-class-fields-redefine-readonly</code>, <code>babel-plugin-proposal-decorators</code>, <code>babel-plugin-proposal-import-attributes-to-assertions</code>, <code>babel-plugin-proposal-import-wasm-source</code>, <code>babel-plugin-syntax-async-do-expressions</code>, <code>babel-plugin-syntax-decorators</code>, <code>babel-plugin-syntax-destructuring-private</code>, <code>babel-plugin-syntax-do-expressions</code>, <code>babel-plugin-syntax-explicit-resource-management</code>, <code>babel-plugin-syntax-export-default-from</code>, <code>babel-plugin-syntax-flow</code>, <code>babel-plugin-syntax-function-bind</code>, <code>babel-plugin-syntax-function-sent</code>, <code>babel-plugin-syntax-import-assertions</code>, <code>babel-plugin-syntax-import-attributes</code>, <code>babel-plugin-syntax-import-defer</code>, <code>babel-plugin-syntax-import-source</code>, <code>babel-plugin-syntax-jsx</code>, <code>babel-plugin-syntax-module-blocks</code>, <code>babel-plugin-syntax-optional-chaining-assign</code>, <code>babel-plugin-syntax-partial-application</code>, <code>babel-plugin-syntax-pipeline-operator</code>, <code>babel-plugin-syntax-throw-expressions</code>, <code>babel-plugin-syntax-typescript</code>, <code>babel-plugin-transform-async-generator-functions</code>, <code>babel-plugin-transform-async-to-generator</code>, <code>babel-plugin-transform-class-properties</code>, <code>babel-plugin-transform-class-static-block</code>, <code>babel-plugin-transform-dotall-regex</code>, <code>babel-plugin-transform-duplicate-named-capturing-groups-regex</code>, <code>babel-plugin-transform-explicit-resource-management</code>, <code>babel-plugin-transform-exponentiation-operator</code>, <code>babel-plugin-transform-json-strings</code>, <code>babel-plugin-transform-logical-assignment-operators</code>, <code>babel-plugin-transform-nullish-coalescing-operator</code>, <code>babel-plugin-transform-numeric-separator</code>, <code>babel-plugin-transform-object-rest-spread</code>, <code>babel-plugin-transform-optional-catch-binding</code>, <code>babel-plugin-transform-optional-chaining</code>, <code>babel-plugin-transform-private-methods</code>, <code>babel-plugin-transform-private-property-in-object</code>, <code>babel-plugin-transform-regexp-modifiers</code>, <code>babel-plugin-transform-unicode-property-regex</code>, <code>babel-plugin-transform-unicode-sets-regex</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17580">#17580</a> Allow Babel 8 in compatible Babel 7 plugins (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>🏃♀️ Performance</h4> <ul> <li><code>babel-plugin-transform-react-jsx</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17555">#17555</a> perf: Use lighter traversal for jsx <code>__source,__self</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>Committers: 7</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Eliot Pontarelli (<a href="https://github.com/kolvian"><code>@kolvian</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Kadhirash Sivakumar (<a href="https://github.com/kadhirash"><code>@kadhirash</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li>coderaiser (<a href="https://github.com/coderaiser"><code>@coderaiser</code></a>)</li> </ul> <h2>v7.28.5 (2025-10-23)</h2> <p>Thank you <a href="https://github.com/CO0Ki3"><code>@CO0Ki3</code></a>, <a href="https://github.com/Olexandr88"><code>@Olexandr88</code></a>, and <a href="https://github.com/youthfulhps"><code>@youthfulhps</code></a> for your first PRs!</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17446">#17446</a> Allow <code>Runtime Errors for Function Call Assignment Targets</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-helper-validator-identifier</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17501">#17501</a> fix: update identifier to unicode 17 (<a href="https://github.com/fisker"><code>@fisker</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-plugin-proposal-destructuring-private</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17534">#17534</a> Allow mixing private destructuring and rest (<a href="https://github.com/CO0Ki3"><code>@CO0Ki3</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17521">#17521</a> Improve <code>@babel/parser</code> error typing (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li><a href="https://redirect.github.com/babel/babel/pull/17491">#17491</a> fix: improve ts-only declaration parsing (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-proposal-discard-binding</code>, <code>babel-plugin-transform-destructuring</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17"><code>d7f4008</code></a> v7.28.6</li> <li><a href="https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177"><code>99dcba5</code></a> chore: enable some ts-eslint rules (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592">#17592</a>)</li> <li><a href="https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23"><code>c1b55f6</code></a> Use <code>eslint.config.mts</code> (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573">#17573</a>)</li> <li><a href="https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f"><code>35055e3</code></a> v7.28.4</li> <li><a href="https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c"><code>18d88b8</code></a> Improve <code>@babel/core</code> typings (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471">#17471</a>)</li> <li><a href="https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2"><code>ef155f5</code></a> v7.28.3</li> <li><a href="https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a"><code>741cbd2</code></a> chore: fix various typos across codebase (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476">#17476</a>)</li> <li><a href="https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6"><code>cac0ff4</code></a> v7.28.2</li> <li><a href="https://github.com/babel/babel/commit/f743094585b39bd9f7a9e3a3561215b2103e2474"><code>f743094</code></a> fix: <code>regeneratorDefine</code> compatibility with es5 strict mode (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17441">#17441</a>)</li> <li><a href="https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110"><code>baa4cb8</code></a> v7.27.6</li> <li>Additional commits viewable in <a href="https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for <code>@babel/helpers</code> since your current version.</p> </details> <br /> Updates `brace-expansion` from 1.1.11 to 1.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's releases</a>.</em></p> <blockquote> <h2>v1.1.12</h2> <ul> <li>pkg: publish on tag 1.x c460dbd</li> <li>fmt ccb8ac6</li> <li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>) c3c73c8</li> </ul> <hr /> <p><a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711"><code>44f33b4</code></a> 1.1.12</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570"><code>c460dbd</code></a> pkg: publish on tag 1.x</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f"><code>ccb8ac6</code></a> fmt</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217"><code>c3c73c8</code></a> Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.18.20 to 0.21.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.21.5</h2> <ul> <li> <p>Fix <code>Symbol.metadata</code> on classes without a class decorator (<a href="https://redirect.github.com/evanw/esbuild/issues/3781">#3781</a>)</p> <p>This release fixes a bug with esbuild's support for the <a href="https://github.com/tc39/proposal-decorator-metadata">decorator metadata proposal</a>. Previously esbuild only added the <code>Symbol.metadata</code> property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the <code>Symbol.metadata</code> property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.</p> </li> <li> <p>Allow unknown import attributes to be used with the <code>copy</code> loader (<a href="https://redirect.github.com/evanw/esbuild/issues/3792">#3792</a>)</p> <p>Import attributes (the <code>with</code> keyword on <code>import</code> statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load <code>./bagel.js</code> as type <code>bagel</code>:</p> <pre lang="js"><code>// This is an error with "--bundle" without also using "--external:./bagel.js" import tasty from "./bagel.js" with { type: "bagel" } </code></pre> <p>Because of that, bundling this code with esbuild is an error unless the file <code>./bagel.js</code> is external to the bundle (such as with <code>--bundle --external:./bagel.js</code>).</p> <p>However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the <code>copy</code> loader. That's because the <code>copy</code> loader behaves similarly to <code>--external</code> in that the file is left external to the bundle. The difference is that the <code>copy</code> loader copies the file into the output folder and rewrites the import path while <code>--external</code> doesn't. That means the following will now work with the <code>copy</code> loader (such as with <code>--bundle --loader:.bagel=copy</code>):</p> <pre lang="js"><code>// This is no longer an error with "--bundle" and "--loader:.bagel=copy" import tasty from "./tasty.bagel" with { type: "bagel" } </code></pre> </li> <li> <p>Support import attributes with glob-style imports (<a href="https://redirect.github.com/evanw/esbuild/issues/3797">#3797</a>)</p> <p>This release adds support for import attributes (the <code>with</code> option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:</p> <pre lang="ts"><code>async function loadLocale(locale: string): Locale { const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } }) return unpackLocale(locale, data) } </code></pre> <p>Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:</p> <pre><code>✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data <pre><code>example.ts:2:28: 2 │ const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } }) ╵ ~~~~~~~~~~~~~~~~~~~~~~~~~~ </code></pre> <p></code></pre></p> <p>In addition, this change means plugins can now access the contents of <code>with</code> for glob-style imports.</p> </li> <li> <p>Support <code>${configDir}</code> in <code>tsconfig.json</code> files (<a href="https://redirect.github.com/evanw/esbuild/issues/3782">#3782</a>)</p> <p>This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence <code>${configDir}</code> is now respected at the start of <code>baseUrl</code> and <code>paths</code> values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base <code>tsconfig.json</code> files specified via <code>extends</code> refer to the directory of the top-level <code>tsconfig.json</code> file. Here is an example:</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md">esbuild's changelog</a>.</em></p> <blockquote> <h1>Changelog: 2023</h1> <p>This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).</p> <h2>0.19.11</h2> <ul> <li> <p>Fix TypeScript-specific class transform edge case (<a href="https://redirect.github.com/evanw/esbuild/issues/3559">#3559</a>)</p> <p>The previous release introduced an optimization that avoided transforming <code>super()</code> in the class constructor for TypeScript code compiled with <code>useDefineForClassFields</code> set to <code>false</code> if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case <em>and</em> there are <code>#private</code> instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to <code>super()</code> (since <code>super()</code> is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:</p> <pre lang="ts"><code>// Original code class Foo extends Bar { #private = 1; public: any; constructor() { super(); } } <p>// Old output (with esbuild v0.19.9) class Foo extends Bar { constructor() { super(); this.#private = 1; } #private; }</p> <p>// Old output (with esbuild v0.19.10) class Foo extends Bar { constructor() { this.#private = 1; super(); } #private; }</p> <p>// New output class Foo extends Bar { #private = 1; constructor() { super(); } } </code></pre></p> </li> <li> <p>Minifier: allow reording a primitive past a side-effect (<a href="https://redirect.github.com/evanw/esbuild/issues/3568">#3568</a>)</p> <p>The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/fc37c2fa9de2ad77476a6d4a8f1516196b90187e"><code>fc37c2f</code></a> publish 0.21.5 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/cb119249a19603b12fdf8df1c5a81c21420a1cb0"><code>cb11924</code></a> fix <code>Symbol.metadata</code> errors in decorator tests</li> <li><a href="https://github.com/evanw/esbuild/commit/b93a2a95ac697f4aa01471e0a383a25626f1998e"><code>b93a2a9</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3781">#3781</a>: add metadata to all decorated classes</li> <li><a href="https://github.com/evanw/esbuild/commit/953dae945b265df7d9728dbd961f7a27dce941cd"><code>953dae9</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3797">#3797</a>: import attributes and glob-style import</li> <li><a href="https://github.com/evanw/esbuild/commit/98cb2ed72cfc4187f45fe1a6abe5417ad613356b"><code>98cb2ed</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3782">#3782</a>: support <code>${configDir}</code> in tsconfig.json</li> <li><a href="https://github.com/evanw/esbuild/commit/8e6603b83f6be8de8204a7c5af755874f8b8da68"><code>8e6603b</code></a> run <code>make update-compat-table</code></li> <li><a href="https://github.com/evanw/esbuild/commit/db1b8ca20f26091fbaebd5b4a8ce950de984e750"><code>db1b8ca</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3792">#3792</a>: import attributes and the <code>copy</code> loader</li> <li><a href="https://github.com/evanw/esbuild/commit/de572d0e5363fef5457d3581ec340e481b139152"><code>de572d0</code></a> fix non-deterministic import attribute plugin test</li> <li><a href="https://github.com/evanw/esbuild/commit/ae8d1b4f307b290bde0f17aceb51dd6f62eac64c"><code>ae8d1b4</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3794">#3794</a>: <code>--supported:object-accessors=false</code></li> <li><a href="https://github.com/evanw/esbuild/commit/67cbf87a4909d87a902ca8c3b69ab5330defab0a"><code>67cbf87</code></a> publish 0.21.4 to npm</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.18.20...v0.21.5">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (<<)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP => HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `micromatch` from 4.0.5 to 4.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/releases">micromatch's releases</a>.</em></p> <blockquote> <h2>4.0.8</h2> <p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's changelog</a>.</em></p> <blockquote> <h2>[4.0.8] - 2024-08-22</h2> <ul> <li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li> </ul> <h2>[4.0.7] - 2024-05-22</h2> <ul> <li>this is basically v4.0.5, with some README updates</li> <li><strong>it is vulnerable to CVE-2024-4067</strong></li> <li>Updated braces to v3.0.3 to avoid CVE-2024-4068</li> <li>does NOT break API compatibility</li> </ul> <h2>[4.0.6] - 2024-05-21</h2> <ul> <li>Added <code>hasBraces</code> to check if a pattern contains braces.</li> <li>Fixes CVE-2024-4067</li> <li><strong>BREAKS API COMPATIBILITY</strong></li> <li>Should be labeled as a major release, but it's not.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920"><code>8bd704e</code></a> 4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a"><code>a0e6841</code></a> run verb to generate README documentation</li> <li><a href="https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a"><code>4ec2884</code></a> Merge branch 'v4' into hauserkristof-feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade"><code>03aa805</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a> from hauserkristof/feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8"><code>814f5f7</code></a> lint</li> <li><a href="https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae"><code>67fcce6</code></a> fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5</li> <li><a href="https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30"><code>113f2e3</code></a> fix: CVE numbers in CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f"><code>d9dbd9a</code></a> feat: updated CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e"><code>2ab1315</code></a> fix: use actions/setup-node@v4</li> <li><a href="https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce"><code>1406ea3</code></a> feat: rework test to work on macos with node 10,12 and 14</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8">compare view</a></li> </ul> </details> <br /> Updates `nanoid` from 3.3.6 to 3.3.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/releases">nanoid's releases</a>.</em></p> <blockquote> <h2>3.3.11</h2> <ul> <li>Fixed React Native support.</li> </ul> <h2>3.3.10</h2> <ul> <li>Fixed React Native support (by <a href="https://github.com/steida"><code>@steida</code></a>).</li> </ul> <h2>3.3.9</h2> <ul> <li>Reduced npm package size.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.11</h2> <ul> <li>Fixed React Native support.</li> </ul> <h2>3.3.10</h2> <ul> <li>Fixed React Native support (by <a href="https://github.com/steida"><code>@steida</code></a>).</li> </ul> <h2>3.3.9</h2> <ul> <li>Reduced npm package size.</li> </ul> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> <h2>3.3.7</h2> <ul> <li>Fixed <code>node16</code> TypeScript support (by Saadi Myftija).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/37289ceee51a3194a1f121a1e5d2bbb864076b74"><code>37289ce</code></a> Release 3.3.11 version</li> <li><a href="https://github.com/ai/nanoid/commit/23690b77719ec8043c2509d28c1d74b0e2295b75"><code>23690b7</code></a> Fix CI</li> <li><a href="https://github.com/ai/nanoid/commit/c147962de7f5da3311a0e731030a28f49c5266a3"><code>c147962</code></a> Fix RN support</li> <li><a href="https://github.com/ai/nanoid/commit/a83734e28fa071f51fe3614a5fb891f08a4b91b2"><code>a83734e</code></a> Move to manually ESM/CJS dual package</li> <li><a href="https://github.com/ai/nanoid/commit/bb12e8a6f9c37ebe0b5ff2c697b8f9dcf34c8948"><code>bb12e8a</code></a> Release 3.3.10 version</li> <li><a href="https://github.com/ai/nanoid/commit/8f44264cd724080447f40620974163f1daca4612"><code>8f44264</code></a> Fix Expo support</li> <li><a href="https://github.com/ai/nanoid/commit/adf9b0c05eeeebbbf391c16bbd93da2fc275e235"><code>adf9b0c</code></a> Release 3.3.9 version</li> <li><a href="https://github.com/ai/nanoid/commit/1c6f08825b4f17c4462bd1c19dbc3f1c5626b76f"><code>1c6f088</code></a> Remove dev file from npm package</li> <li><a href="https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744"><code>3044cd5</code></a> Release 3.3.8 version</li> <li><a href="https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231"><code>4fe3495</code></a> Update size limit</li> <li>Additional commits viewable in <a href="https://github.com/ai/nanoid/compare/3.3.6...3.3.11">compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.21 to 4.17.23 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> Updates `vite` from 4.5.14 to 5.4.21 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v5.4.21</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.20</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.19</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->5.4.21 (2025-10-20)<!-- raw HTML omitted --></h2> <ul> <li>fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>) (<a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c">cad1d31</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a> <a href="https://redirect.github.com/vitejs/vite/issues/20970">#20970</a></li> <li>chore: update CHANGELOG (<a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c">ca88ed7</a>)</li> </ul> <h2><!-- raw HTML omitted -->5.4.20 (2025-09-08)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea">482000f</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li> <li>fix: port sirv@3.0.2 changes to sirv@2.0.4 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20737">#20737</a>) (<a href="https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069">4f1c35b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20737">#20737</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.19 (2025-04-30)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>, check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>) (<a href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0">766947e</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19965">#19965</a> <a href="https://redirect.github.com/vitejs/vite/issues/19966">#19966</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.18 (2025-04-10)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>, reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19831">#19831</a>) (<a href="https://github.com/vitejs/vite/commit/823675baff2bd6809c74ba2d9acca0327923a54f">823675b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19830">#19830</a> <a href="https://redirect.github.com/vitejs/vite/issues/19831">#19831</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.17 (2025-04-03)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782">#19782</a>, fs check with svg and relative paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19784">#19784</a>) (<a href="https://github.com/vitejs/vite/commit/84b2b46ed129be8215108e789a90adbb33a9c42c">84b2b46</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19782">#19782</a> <a href="https://redirect.github.com/vitejs/vite/issues/19784">#19784</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.16 (2025-03-31)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761">#19761</a>, fs check in transform middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19762">#19762</a>) (<a href="https://github.com/vitejs/vite/commit/b627c50d359f3bd9b602408fbbf462cf4a2f019c">b627c50</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19761">#19761</a> <a href="https://redirect.github.com/vitejs/vite/issues/19762">#19762</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.15 (2025-03-24)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702">#19702</a>, fs raw query with query separators (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19703">#19703</a>) (<a href="https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41">807d7f0</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19702">#19702</a> <a href="https://redirect.github.com/vitejs/vite/issues/19703">#19703</a></li> </ul> <h2><!-- raw HTML omitted -->5.4.14 (2025-01-21)<!-- raw HTML omitted --></h2> <ul> <li>fix: <code>preview.allowedHosts</code> with specific values was not respected (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246">#19246</a>) (<a href="https://github.com/vitejs/vite/commit/9df6e6beabf0d18988ec13b8b742d2aba29662f9">9df6e6b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19246">#19246</a></li> <li>fix: allow CORS from loopback addresses by default (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249">#19249</a>) (<a href="https://github.com/vitejs/vite/commit/7d1699ccf673e2790704756d89d2e1e4ee478fb4">7d1699c</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/19249">#19249</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/adce3c22c64cc9d44cc8f45cc92b543e3e4bf385"><code>adce3c2</code></a> release: v5.4.21</li> <li><a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c"><code>cad1d31</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c"><code>ca88ed7</code></a> chore: update CHANGELOG</li> <li><a href="https://github.com/vitejs/vite/commit/997700f01c7199daf7330d33a7fd3a43b2e9e3ba"><code>997700f</code></a> release: v5.4.20</li> <li><a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea"><code>482000f</code></a> fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/80a333a23103ced0442d4463d1191433d90f5e19"><code>80a333a</code></a> release: v5.4.19</li> <li><a href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0"><code>766947e</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>, check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/731b77d19d36f5682a5441b49cb2f6473389ad99"><code>731b77d</code></a> release: v5.4.18</li> <li><a href="https://github.com/vitejs/vite/commit/823675baff2bd6809c74ba2d9acca0327923a54f"><code>823675b</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>, reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19831">#19831</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0a2518a98d2354c61ee8ef51f7d00fa92aebb511"><code>0a2518a</code></a> release: v5.4.17</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v5.4.21/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `@babel/helpers` from 7.23.2 to 7.28.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/helpers</code>'s releases</a>.</em></p> <blockquote> <h2>v7.28.6 (2026-01-12)</h2> <p>Thanks <a href="https://github.com/kadhirash"><code>@kadhirash</code></a> and <a href="https://github.com/kolvian"><code>@kolvian</code></a> for your first PRs!</p> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-cli</code>, <code>babel-code-frame</code>, <code>babel-core</code>, <code>babel-helper-check-duplicate-nodes</code>, <code>babel-helper-fixtures</code>, <code>babel-helper-plugin-utils</code>, <code>babel-node</code>, <code>babel-plugin-transform-flow-comments</code>, <code>babel-plugin-transform-modules-commonjs</code>, <code>babel-plugin-transform-property-mutators</code>, <code>babel-preset-env</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17589">#17589</a> Improve Unicode handling in code-frame tokenizer (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-regenerator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17556">#17556</a> fix: <code>transform-regenerator</code> correctly handles scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-react-jsx</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17538">#17538</a> fix: Keep jsx comments (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-core</code>, <code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17606">#17606</a> Polish(standalone): improve message on invalid preset/plugin (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-plugin-bugfix-v8-static-class-fields-redefine-readonly</code>, <code>babel-plugin-proposal-decorators</code>, <code>babel-plugin-proposal-import-attributes-to-assertions</code>, <code>babel-plugin-proposal-import-wasm-source</code>, <code>babel-plugin-syntax-async-do-expressions</code>, <code>babel-plugin-syntax-decorators</code>, <code>babel-plugin-syntax-destructuring-private</code>, <code>babel-plugin-syntax-do-expressions</code>, <code>babel-plugin-syntax-explicit-resource-management</code>, <code>babel-plugin-syntax-export-default-from</code>, <code>babel-plugin-syntax-flow</code>, <code>babel-plugin-syntax-function-bind</code>, <code>babel-plugin-syntax-function-sent</code>, <code>babel-plugin-syntax-import-assertions</code>, <code>babel-plugin-syntax-import-attributes</code>, <code>babel-plugin-syntax-import-defer</code>, <code>babel-plugin-syntax-import-source</code>, <code>babel-plugin-syntax-jsx</code>, <code>babel-plugin-syntax-module-blocks</code>, <code>babel-plugin-syntax-optional-chaining-assign</code>, <code>babel-plugin-syntax-partial-application</code>, <code>babel-plugin-syntax-pipeline-operator</code>, <code>babel-plugin-syntax-throw-expressions</code>, <code>babel-plugin-syntax-typescript</code>, <code>babel-plugin-transform-async-generator-functions</code>, <code>babel-plugin-transform-async-to-generator</code>, <code>babel-plugin-transform-class-properties</code>, <code>babel-plugin-transform-class-static-block</code>, <code>babel-plugin-transform-dotall-regex</code>, <code>babel-plugin-transform-duplicate-named-capturing-groups-regex</code>, <code>babel-plugin-transform-explicit-resource-management</code>, <code>babel-plugin-transform-exponentiation-operator</code>, <code>babel-plugin-transform-json-strings</code>, <code>babel-plugin-transform-logical-assignment-operators</code>, <code>babel-plugin-transform-nullish-coalescing-operator</code>, <code>babel-plugin-transform-numeric-separator</code>, <code>babel-plugin-transform-object-rest-spread</code>, <code>babel-plugin-transform-optional-catch-binding</code>, <code>babel-plugin-transform-optional-chaining</code>, <code>babel-plugin-transform-private-methods</code>, <code>babel-plugin-transform-private-property-in-object</code>, <code>babel-plugin-transform-regexp-modifiers</code>, <code>babel-plugin-transform-unicode-property-regex</code>, <code>babel-plugin-transform-unicode-sets-regex</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17580">#17580</a> Allow Babel 8 in compatible Babel 7 plugins (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>🏃♀️ Performance</h4> <ul> <li><code>babel-plugin-transform-react-jsx</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17555">#17555</a> perf: Use lighter traversal for jsx <code>__source,__self</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>Committers: 7</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Eliot Pontarelli (<a href="https://github.com/kolvian"><code>@kolvian</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Kadhirash Sivakumar (<a href="https://github.com/kadhirash"><code>@kadhirash</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li>coderaiser (<a href="https://github.com/coderaiser"><code>@coderaiser</code></a>)</li> </ul> <h2>v7.28.5 (2025-10-23)</h2> <p>Thank you <a href="https://github.com/CO0Ki3"><code>@CO0Ki3</code></a>, <a href="https://github.com/Olexandr88"><code>@Olexandr88</code></a>, and <a href="https://github.com/youthfulhps"><code>@youthfulhps</code></a> for your first PRs!</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17446">#17446</a> Allow <code>Runtime Errors for Function Call Assignment Targets</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-helper-validator-identifier</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17501">#17501</a> fix: update identifier to unicode 17 (<a href="https://github.com/fisker"><code>@fisker</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-plugin-proposal-destructuring-private</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17534">#17534</a> Allow mixing private destructuring and rest (<a href="https://github.com/CO0Ki3"><code>@CO0Ki3</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17521">#17521</a> Improve <code>@babel/parser</code> error typing (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li><a href="https://redirect.github.com/babel/babel/pull/17491">#17491</a> fix: improve ts-only declaration parsing (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-proposal-discard-binding</code>, <code>babel-plugin-transform-destructuring</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17"><code>d7f4008</code></a> v7.28.6</li> <li><a href="https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177"><code>99dcba5</code></a> chore: enable some ts-eslint rules (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592">#17592</a>)</li> <li><a href="https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23"><code>c1b55f6</code></a> Use <code>eslint.config.mts</code> (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573">#17573</a>)</li> <li><a href="https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f"><code>35055e3</code></a> v7.28.4</li> <li><a href="https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c"><code>18d88b8</code></a> Improve <code>@babel/core</code> typings (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471">#17471</a>)</li> <li><a href="https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2"><code>ef155f5</code></a> v7.28.3</li> <li><a href="https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a"><code>741cbd2</code></a> chore: fix various typos across codebase (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476">#17476</a>)</li> <li><a href="https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6"><code>cac0ff4</code></a> v7.28.2</li> <li><a href="https://github.com/babel/babel/commit/f743094585b39bd9f7a9e3a3561215b2103e2474"><code>f743094</code></a> fix: <code>regeneratorDefine</code> compatibility with es5 strict mode (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17441">#17441</a>)</li> <li><a href="https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110"><code>baa4cb8</code></a> v7.27.6</li> <li>Additional commits viewable in <a href="https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for <code>@babel/helpers</code> since your current version.</p> </details> <br /> Updates `brace-expansion` from 1.1.11 to 1.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's releases</a>.</em></p> <blockquote> <h2>v1.1.12</h2> <ul> <li>pkg: publish on tag 1.x c460dbd</li> <li>fmt ccb8ac6</li> <li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>) c3c73c8</li> </ul> <hr /> <p><a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711"><code>44f33b4</code></a> 1.1.12</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570"><code>c460dbd</code></a> pkg: publish on tag 1.x</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f"><code>ccb8ac6</code></a> fmt</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217"><code>c3c73c8</code></a> Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.18.20 to 0.21.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.21.5</h2> <ul> <li> <p>Fix <code>Symbol.metadata</code> on classes without a class decorator (<a href="https://redirect.github.com/evanw/esbuild/issues/3781">#3781</a>)</p> <p>This release fixes a bug with esbuild's support for the <a href="https://github.com/tc39/proposal-decorator-metadata">decorator metadata proposal</a>. Previously esbuild only added the <code>Symbol.metadata</code> property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the <code>Symbol.metadata</code> property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.</p> </li> <li> <p>Allow unknown import attributes to be used with the <code>copy</code> loader (<a href="https://redirect.github.com/ev... _Description has been truncated_ Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
243b9ed35e |
Bump langchain-core from 0.3.78 to 0.3.83 (#849)
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 0.3.78 to 0.3.83. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-core's releases</a>.</em></p> <blockquote> <h2>langchain-core==0.3.83</h2> <p>Changes since langchain-core==0.3.82</p> <p>release(core): 0.3.83 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34733">#34733</a>) feat(core,langchain,text-splitters): (v0.3) use uuid7 for run ids (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34732">#34732</a>)</p> <h2>langchain-core==0.3.82</h2> <p>Changes since langchain-core==0.3.81</p> <p>release(core): 0.3.82 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34688">#34688</a>) fix(core): defer persisting traces for iterator inputs (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34687">#34687</a>) feat(core): add <code>usage_metadata</code> to metadata in <code>LangChainTracer</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34686">#34686</a>)</p> <h2>langchain-core==0.3.81</h2> <p>Changes since langchain-core==0.3.80</p> <p>release(core): 0.3.81 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34459">#34459</a>) fix(core): serialization patch (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34458">#34458</a>)</p> <h2>langchain-core==0.3.80</h2> <p>Changes since langchain-core==0.3.79</p> <p>release(core): 0.3.80 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34039">#34039</a>) fix(core): fix validation for input variables in f-string templates, restrict functionality supported by jinja2, mustache templates (GHSA-6qv9-48xg-fc7f) (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34038">#34038</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/c0e2f08f789feac9447325583fef0efbd85eb858"><code>c0e2f08</code></a> release(core): 0.3.83 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34733">#34733</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/4dab5fafc01cfaddfeac6f5b139b4d58bacb1a40"><code>4dab5fa</code></a> feat(core,langchain,text-splitters): (v0.3) use uuid7 for run ids (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34732">#34732</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/e6dde2b99c7aadd42d348288540954dded975bb3"><code>e6dde2b</code></a> release(core): 0.3.82 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34688">#34688</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/126a337082bd019a39a9eee84264a2de556aca29"><code>126a337</code></a> fix(core): defer persisting traces for iterator inputs (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34687">#34687</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/13c13c4bac6f94a08120b4c7cef58af9dfff105c"><code>13c13c4</code></a> feat(core): add <code>usage_metadata</code> to metadata in <code>LangChainTracer</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34686">#34686</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/6dc06da1bb2f3781844895c259a67e40bc598f19"><code>6dc06da</code></a> release(core): 0.3.81 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34459">#34459</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6"><code>d9ec4c5</code></a> fix(core): serialization patch (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34458">#34458</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/d62d77925cce59a15bcb8287babe1ad10f1cbe18"><code>d62d779</code></a> fix(docs): add redirects (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34411">#34411</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/7ab4a7841a2fe77e3b305c876e3e1eb31d2a9fce"><code>7ab4a78</code></a> chore(infra): properly disable testing for 0.3 against latest packages (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34041">#34041</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/6e968fd23c76e0676d29776ff48bd583ad1e1839"><code>6e968fd</code></a> chore(infra): disable integration tests temporarily when releasing v0.3 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/34040">#34040</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.78...langchain-core==0.3.83">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7a89867dd2 |
Bump fastapi from 0.118.0 to 0.128.4 (#847)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.118.0 to 0.128.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.128.4</h2> <h3>Refactors</h3> <ul> <li>♻️ Refactor internals, simplify Pydantic v2/v1 utils, <code>create_model_field</code>, better types for <code>lenient_issubclass</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14860">#14860</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14857">#14857</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14856">#14856</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Update translations for fr (outdated pages). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14839">#14839</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>🌐 Update translations for tr (outdated and missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14838">#14838</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>⬆️ Upgrade development dependencies. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14854">#14854</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.128.3</h2> <h3>Refactors</h3> <ul> <li>♻️ Re-implement <code>on_event</code> in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14851">#14851</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Upgrades</h3> <ul> <li>⬆️ Upgrade Starlette supported version range to <code>starlette>=0.40.0,<1.0.0</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14853">#14853</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Update translations for ru (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14834">#14834</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>👷 Run tests with Starlette from git. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14849">#14849</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>👷 Run tests with lower bound uv sync, upgrade <code>fastapi[all]</code> minimum dependencies: <code>ujson >=5.8.0</code>, <code>orjson >=3.9.3</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14846">#14846</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h2>0.128.2</h2> <h3>Features</h3> <ul> <li>✨ Add support for PEP695 <code>TypeAliasType</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/13920">#13920</a> by <a href="https://github.com/cstruct"><code>@cstruct</code></a>.</li> <li>✨ Allow <code>Response</code> type hint as dependency annotation. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14794">#14794</a> by <a href="https://github.com/jonathan-fulton"><code>@jonathan-fulton</code></a>.</li> </ul> <h3>Fixes</h3> <ul> <li>🐛 Fix using <code>Json[list[str]]</code> type (issue <a href="https://redirect.github.com/fastapi/fastapi/issues/10997">#10997</a>). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14616">#14616</a> by <a href="https://github.com/mkanetsuna"><code>@mkanetsuna</code></a>.</li> </ul> <h3>Docs</h3> <ul> <li>📝 Update docs for translations. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14830">#14830</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Fix duplicate word in <code>advanced-dependencies.md</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14815">#14815</a> by <a href="https://github.com/Rayyan-Oumlil"><code>@Rayyan-Oumlil</code></a>.</li> </ul> <h3>Translations</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastapi/fastapi/commit/8eac94bd91c212a2aab676acd7f8e94cd3097dd0"><code>8eac94b</code></a> 🔖 Release version 0.128.4</li> <li><a href="https://github.com/fastapi/fastapi/commit/58cdfc7f4b1ad22a4e6450319affb42d185775d9"><code>58cdfc7</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/d59fbc3494940c9afe675cc89271bd0fa744574f"><code>d59fbc3</code></a> ♻️ Refactor internals, simplify Pydantic v2/v1 utils, <code>create_model_field</code>, b...</li> <li><a href="https://github.com/fastapi/fastapi/commit/cc6ced6345f6be18038437b73866294697294f3e"><code>cc6ced6</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/cf55bade7ea6e4bf85a167e8aed1c6167e7a4196"><code>cf55bad</code></a> ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed (<a href="https://redirect.github.com/fastapi/fastapi/issues/14857">#14857</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/ac8362c447b94247e9f7268c3d1e2807818647ae"><code>ac8362c</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/3c49346238643287780d9f0d673f88b0d02df109"><code>3c49346</code></a> ♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic (<a href="https://redirect.github.com/fastapi/fastapi/issues/14856">#14856</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/512c3ad88c8f03a03154df317c65aa0ca4f1f78d"><code>512c3ad</code></a> 📝 Update release notes</li> <li><a href="https://github.com/fastapi/fastapi/commit/cba537ab717ff205857a0eb877c69e79cfd06a51"><code>cba537a</code></a> 🌐 Update translations for fr (outdated pages) (<a href="https://redirect.github.com/fastapi/fastapi/issues/14839">#14839</a>)</li> <li><a href="https://github.com/fastapi/fastapi/commit/2eb454ab04e81325ed430a036103e4aede299d61"><code>2eb454a</code></a> 📝 Update release notes</li> <li>Additional commits viewable in <a href="https://github.com/fastapi/fastapi/compare/0.118.0...0.128.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
56e0d5dc9c |
Bump jupyterlab from 3.6.8 to 4.5.3 (#845)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6c255acd8f |
Bump actions/checkout from 3 to 6 (#842)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.1">https://github.com/actions/checkout/compare/v4...v4.3.1</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a> Fix tag handling: preserve annotations and explicit fetch-tags (<a href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li> <li><a href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a> Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...</li> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/v3...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8aa1e86ab3 |
Bump pytest from 7.4.4 to 8.4.2 (#844)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>8.4.2</h2> <h1>pytest 8.4.2 (2025-09-03)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13478">#13478</a>: Fixed a crash when using <code>console_output_style</code>{.interpreted-text role="confval"} with <code>times</code> and a module is skipped.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13530">#13530</a>: Fixed a crash when using <code>pytest.approx</code>{.interpreted-text role="func"} and <code>decimal.Decimal</code>{.interpreted-text role="class"} instances with the <code>decimal.FloatOperation</code>{.interpreted-text role="class"} trap set.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13549">#13549</a>: No longer evaluate type annotations in Python <code>3.14</code> when inspecting function signatures.</p> <p>This prevents crashes during module collection when modules do not explicitly use <code>from __future__ import annotations</code> and import types for annotations within a <code>if TYPE_CHECKING:</code> block.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13559">#13559</a>: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in <code>pytest.Parser.addini</code>{.interpreted-text role="meth"}.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13563">#13563</a>: <code>pytest.approx</code>{.interpreted-text role="func"} now only imports <code>numpy</code> if NumPy is already in <code>sys.modules</code>. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13577">#13577</a>: Clarify that <code>pytest_generate_tests</code> is discovered in test modules/classes; other hooks must be in <code>conftest.py</code> or plugins.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13480">#13480</a>: Self-testing: fixed a few test failures when run with <code>-Wdefault</code> or a similar override.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13547">#13547</a>: Self-testing: corrected expected message for <code>test_doctest_unexpected_exception</code> in Python <code>3.14</code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13684">#13684</a>: Make pytest's own testsuite insensitive to the presence of the <code>CI</code> environment variable -- by <code>ogrisel</code>{.interpreted-text role="user"}.</li> </ul> <h2>8.4.1</h2> <h1>pytest 8.4.1 (2025-06-17)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13461">#13461</a>: Corrected <code>_pytest.terminal.TerminalReporter.isatty</code> to support being called as a method. Before it was just a boolean which could break correct code when using <code>-o log_cli=true</code>).</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13477">#13477</a>: Reintroduced <code>pytest.PytestReturnNotNoneWarning</code>{.interpreted-text role="class"} which was removed by accident in pytest [8.4]{.title-ref}.</p> <p>This warning is raised when a test functions returns a value other than <code>None</code>, which is often a mistake made by beginners.</p> <p>See <code>return-not-none</code>{.interpreted-text role="ref"} for more information.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13497">#13497</a>: Fixed compatibility with <code>Twisted 25+</code>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13492">#13492</a>: Fixed outdated warning about <code>faulthandler</code> not working on Windows.</li> </ul> <h2>8.4.0</h2> <h1>pytest 8.4.0 (2025-06-02)</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/bfae4224fd554d3d7f2c277a4cc092b6ec6af3ae"><code>bfae422</code></a> Prepare release version 8.4.2</li> <li><a href="https://github.com/pytest-dev/pytest/commit/89905381a163be30ae87d62e5f750e902d750c5f"><code>8990538</code></a> Fix passenv CI in tox ini and make tests insensitive to the presence of the C...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ca676bfe005aebcb12f4146d1b0f1d2772e2cd5d"><code>ca676bf</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13687">#13687</a> from pytest-dev/patchback/backports/8.4.x/e63f6e51c...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/975a60a63ce385a44655596e254c1899feaa53e4"><code>975a60a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13686">#13686</a> from pytest-dev/patchback/backports/8.4.x/12bde8af6...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7723ce84b87ab08f86ddafcb342acc28ba5ec99d"><code>7723ce8</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13683">#13683</a> from even-even/fix_Exeption_to_Exception_in_errorMe...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/b7f05680d1301e0969b30bcb3c4b27433c9ee2b7"><code>b7f0568</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13685">#13685</a> from CoretexShadow/fix/docs-pytest-generate-tests</li> <li><a href="https://github.com/pytest-dev/pytest/commit/2c94c4a6948ba53440818389298157fa5d5f94cd"><code>2c94c4a</code></a> add missing colon (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13640">#13640</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13641">#13641</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c3d7684bc01c8c48d05145a30c5211ca8656c68c"><code>c3d7684</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13606">#13606</a> from pytest-dev/patchback/backports/8.4.x/5f9938563...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/dc6e3be2ddc75a149b6d102d9b7c82ee47a00cfa"><code>dc6e3be</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13605">#13605</a> from The-Compiler/training-update-2025-07</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f87289c36c8dbe7740e3020f5546b6f8b0861ff0"><code>f87289c</code></a> Fix crash with <code>times</code> output style and skipped module (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13573">#13573</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13579">#13579</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/7.4.4...8.4.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3fc780e472 |
Bump actions/cache from 3 to 5 (#843)
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h2>What's Changed</h2> <ul> <li>Upgrade to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.3.0...v5.0.0">https://github.com/actions/cache/compare/v4.3.0...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>Add note on runner versions by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> <li>Prepare <code>v4.3.0</code> release by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p> <h2>v4.2.4</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li> <li>Upgrade <code>@actions/cache</code> to <code>4.0.5</code> and move <code>@protobuf-ts/plugin</code> to dev depdencies by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1634">actions/cache#1634</a></li> <li>Prepare release <code>4.2.4</code> by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1636">actions/cache#1636</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.2.4">https://github.com/actions/cache/compare/v4...v4.2.4</a></p> <h2>v4.2.3</h2> <h2>What's Changed</h2> <ul> <li>Update to use <code>@actions/cache</code> 4.0.3 package & prepare for new release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a> (SAS tokens for cache entries are now masked in debug logs)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1695">#1695</a> from actions/Link-/prepare-5.0.3</li> <li><a href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a> Add review for the <code>@actions/http-client</code> license</li> <li><a href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a> Add licensed output</li> <li><a href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a> Upgrade dependencies and address security warnings</li> <li><a href="https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a"><code>345d5c2</code></a> Add 5.0.3 builds</li> <li><a href="https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7"><code>8b402f5</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1692">#1692</a> from GhadimiR/main</li> <li><a href="https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002"><code>304ab5a</code></a> license for httpclient</li> <li><a href="https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be"><code>609fc19</code></a> Update licensed record for cache</li> <li><a href="https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5"><code>b22231e</code></a> Build</li> <li><a href="https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a"><code>93150cd</code></a> Add PR link to releases</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/v3...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
404cab2506 |
Bump aiohttp from 3.12.15 to 3.13.3 in the pip group across 1 directory (#841)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
db4c41fcb3 |
Bump urllib3 from 2.5.0 to 2.6.3 in the pip group across 1 directory (#840)
Bumps the pip group with 1 update in the / directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.5.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langserve/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d592a8abd9 | chore: workflow perms (#846) | ||
|
|
8721a82087 | chore: dependabot (#838) |