Skip to content

chore(deps): bump the python group with 11 updates#64

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-04ca5886ca
Open

chore(deps): bump the python group with 11 updates#64
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-04ca5886ca

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on pylance, pyarrow, pathspec, tqdm, fastapi, mcp, openai, onnxruntime-gpu, anthropic, ruff and pytest to permit the latest version.
Updates pylance to 7.0.0

Release notes

Sourced from pylance's releases.

v7.0.0

What's Changed

Breaking Changes 🛠

New Features 🎉

... (truncated)

Commits
  • a15ae30 chore: release version 7.0.0
  • 06f52e9 chore: release candidate 7.0.0-rc.1
  • 95613a7 feat: create materialized view API (#6891)
  • 6e0e5a6 feat: expose multi-base config to Python and Java write_fragments API (#6855)
  • 65a0e41 fix(mem_wal): exact PK dedup for LSM vector search (#6881)
  • dbeeefb feat: expose granular trace event targets (#6853)
  • c7c5626 chore: release beta version 7.0.0-beta.17
  • bf68171 feat: add MemWAL sharding evaluator (#6854)
  • e808eb1 feat(mem_wal): cache opened L0 flushed-generation datasets (#6816)
  • 6ddd7e2 feat: implement vector index details (#6099)
  • Additional commits viewable in compare view

Updates pyarrow to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Commits
  • 31b4b6c MINOR: [Release] Update versions for 24.0.0
  • 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
  • a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
  • 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
  • a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
  • 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
  • f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
  • fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
  • 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
  • 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
  • Additional commits viewable in compare view

Updates pathspec to 1.1.1

Release notes

Sourced from pathspec's releases.

v1.1.1

Release v1.1.1. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.1.1 (2026-04-26)

Improvements:

  • Improved type checking with mypy and pyright.

Bug fixes:

  • Fixed typing on PathSpec[TPattern] to PathSpec[TPattern_co].
  • Added missing variant type-hint type[Pattern] to PathSpec.from_lines() parameter pattern_factory.
  • Fixed possible type error when using + and += operators on PathSpec.

1.1.0 (2026-04-22)

New features:

  • Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108)_: Specialize pattern type for PathSpec as PathSpec[TPattern] for better debugging of PathSpec().patterns.

Bug fixes:

  • Issue [#93](https://github.com/cpburnz/python-pathspec/issues/93)_: Git discards invalid range notation. GitIgnoreSpecPattern now discards patterns with invalid range notation like Git.
  • Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106)_: Fix escape() not escaping backslash characters.

Improvements:

  • Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110)_: Nicer debug print outs (and str for regex pattern).

.. _Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106): cpburnz/python-pathspec#106 .. _Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108): cpburnz/python-pathspec#108 .. _Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110): cpburnz/python-pathspec#110

1.0.4 (2026-01-26)

Bug fixes:

  • Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103)_: Using re2 fails if pyre2 is also installed.

.. _Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103): cpburnz/python-pathspec#103

1.0.3 (2026-01-09)

Bug fixes:

... (truncated)

Commits

Updates tqdm to 4.68.3

Release notes

Sourced from tqdm's releases.

tqdm v4.68.3 stable

  • utils: delay os.get_terminal_size (#1763 <- #1760)
  • autonotebook: support QtConsole, Spyder, JupyterLite (#1763, #1628, #1559 <- #1283, #1098, #512)
  • minor docs updates
    • fix typo (#1762)
    • use git-fame
  • misc minor framework updates
    • fix & update CI build
    • pre-commit: add docs & metadata generation
    • move tox.ini -> pyproject.toml, move tox-gh-actions -> tox-gh
    • add Python 3.14, drop 3.7 support
Commits
  • 9aff609 bump version, merge pull request #1763 from tqdm/jupyterlite
  • 9872f80 drop date from snap version str to fix pydantic
  • b829334 support QtConsole, Spyder, JupyterLite
  • 6fa4867 delay os.get_terminal_size
  • 748e107 lint
  • e6e29eb move tox.ini -> pyproject.toml
  • 617e4fa tox-gh-actions -> tox-gh
  • c49c50d add python 3.14, drop python 3.7 support
  • fa2bcdb pre-commit: tqdm.1
  • 1ec7988 auto git-fame
  • Additional commits viewable in compare view

Updates fastapi to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

Commits

Updates mcp to 1.28.0

Release notes

Sourced from mcp's releases.

v1.28.0

Deprecations

Two API surfaces now emit DeprecationWarning ahead of their removal in v2. Nothing is removed in 1.x, and the warnings fire only when the deprecated API is called - importing the modules stays silent.

  • WebSocket transport - mcp.client.websocket.websocket_client and mcp.server.websocket.websocket_servermodelcontextprotocol/typescript-sdk#1783
  • Experimental tasks API - ClientSession.experimental, Server.experimental, ServerSession.experimental, and the experimental_task_handlers= kwarg on ClientSession. Tasks (SEP-1686) were removed from the MCP specification and are expected to return as a separate MCP extension.

If your test suite runs with filterwarnings = ["error"] and exercises these paths, add a scoped ignore such as ignore:The experimental tasks API is deprecated:DeprecationWarning or ignore:The WebSocket .* transport is deprecated:DeprecationWarning.

See #2828 for full details.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.27.2...v1.28.0

Commits
  • 32d3290 [v1.x] Pass a list to parametrize in test_docs_examples (pytest 9.1.0 compat)...
  • 0dca751 [v1.x] Deflake the child process cleanup tests (#2839)
  • 52258a9 [v1.x] Add a v2 status banner to the README (#2835)
  • b8f4917 [v1.x] Deprecate the WebSocket transport and the experimental tasks entry poi...
  • 2309e5e fix: omit null optional fields from task result payloads (#2809)
  • 494eb11 [v1.x] Support Python 3.14 (#2769)
  • 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
  • ce267b6 [v1.x] Bind transport sessions to the authenticated principal (#2719)
  • 1abcca2 [v1.x] Add subject and claims to AccessToken (#2690)
  • 9773a3f [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact (...
  • Additional commits viewable in compare view

Updates openai to 2.43.0

Release notes

Sourced from openai's releases.

v2.43.0

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)
Changelog

Sourced from openai's changelog.

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)

2.42.0 (2026-06-16)

Full Changelog: v2.41.1...v2.42.0

Features

  • api: admin spend_alerts (6134198)
  • api: manual updates (f337bf4)
  • api: update OpenAPI spec or Stainless config (7015158)

Build System

2.41.1 (2026-06-05)

Full Changelog: v2.41.0...v2.41.1

Build System

  • Remove scheduled release workflow trigger (#3366) (2a91011)

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

  • api: Add Amazon Bedrock Responses support

Bug Fixes

  • api: allow setting bedrock api keys on the client directly (4d5bfde)

... (truncated)

Commits

Updates onnxruntime-gpu to 1.27.0

Release notes

Sourced from onnxruntime-gpu's releases.

ONNX Runtime v1.27.0

n.b. This release is targeting ONNX 1.21. ONNX 1.22 will be supported in ORT 1.28. n.b. This changelog was generated via LLM. Only the contributor list has been verified. As always, only trust the commit history.

Announcements & Breaking Changes

  • CUDA 12 package files are now explicitly named as such.
  • CUDA 12 packages are deprecated, please move to CUDA 13 ASAP.

Security Fixes

  • Fixed out-of-bounds read in SoftmaxCrossEntropyLoss via label bounds validation (#28004)
  • Hardened OneHot input validation and output-size computation (#28014)
  • Added SafeInt overflow protection in Expand and capped constant-folding output sizes (#28055)
  • Bounded total output allocation size in Tile kernel (#28070)
  • Added mask/input shape consistency checks in MaxpoolWithMask::Compute (#28223)
  • Fixed BitShift UB for shift amounts greater than or equal to bit width (#28272)
  • Validated sequence bounds in GQA (seqlens_k vs cos_cache) (#28277)
  • Validated conv bias shape in WordConvEmbedding to prevent OOB reads (#28279)
  • Fixed int32 overflow in CUDA Cast and UnaryElementWise kernels for very large tensors (#28386)
  • Fixed out-of-bounds read in CropBase scale handling (#28399)
  • Fixed rank-underflow bug in Inverse kernel trailing-dimension indexing (#28400)
  • Added sparse tensor external file path validation and additional external-path hardening (#28408, #28709, #28725)
  • Switched remaining torch.load() calls to weights_only=True (#28421)
  • Added CPU cache-indirection beam-index validation (#28486)
  • Added additional overflow/bounds checks and test coverage in runtime buffers (#28713, #28747)

New Features

Execution Provider Plugin API

  • Added zero-copy I/O for plugin EPs with HOST_ACCESSIBLE memory (#28037)
  • Added OrtEp::OnSessionInitializationEnd() callback (#28319)
  • Added plugin EP session-options getters (#28377)
  • Added CUDA Plugin EP provider options for streams and external allocators (#28603)

Core APIs & Runtime

  • Added support for ONNX overloaded functions (IR v10+) (#28275)
  • Added FLOAT8E8M0 datatype support in ONNX Runtime (#28381)
  • Added CPU Cast support for FLOAT8E8M0 (#28435)
  • Added kOrtEpDevice_EpMetadataKey_OSDriverVersion example and docs (#28282)

Quantization & Training Tooling

  • Added calibration cache support to quantize_static (#28221)

... (truncated)

Commits
  • 8f0278c [CUDA] Optimize QMoE SoftmaxTopK router for small-batch decode (#29026)
  • 66916b0 fix: NodeJS pkging stage needs to use CFS (#29007)
  • af99e19 Disable OrtEp::ort_version_supported sanity check to work around EPs that don...
  • 6fc112f 1.27.0 - cherry pick 2 (#28900)
  • 8f5403c 1.27.0 - cherry pick 1 (#28817)
  • 0b451f5 Switch NPM publishing to consume from CUDA 13 pipeline (#28773) (#28792)
  • a8baf5c Skip SetupDi device discovery if Win32k system calls are disabled (#28535)
  • 5c34495 fix(quantization): validate bias scale in QDQ Conv → QLinearConv fusion (#28229)
  • 8da5e91 Use abseil for readable POSIX stack traces in debug builds (#28405)
  • 8fcb725 feat(quantization): add opset-21 block_size attribute to QDQ (#28522)
  • Additional commits viewable in compare view

Updates anthropic to 0.111.0

Release notes

Sourced from anthropic's releases.

v0.111.0

0.111.0 (2026-06-18)

Full Changelog: v0.110.0...v0.111.0

Features

  • helpers: tag refusal-fallback middleware requests with fallback-refusal-middleware (#96) (2f8ac78)
Changelog

Sourced from anthropic's changelog.

0.111.0 (2026-06-18)

Full Changelog: v0.110.0...v0.111.0

Features

  • helpers: tag refusal-fallback middleware requests with fallback-refusal-middleware (#96) (2f8ac78)

0.110.0 (2026-06-18)

Full Changelog: v0.109.2...v0.110.0

Features

  • api: add support for new code_execution_20260120 tool (5e23212)

Bug Fixes

  • append x-stainless-helper across header merges instead of clobbering (#105) (922558e)
  • bedrock: preserve stream event type (#1682) (b27e343)
  • helpers: single source of truth for x-stainless-helper key + closed value vocabulary (#95) (e6f7a56)

0.109.2 (2026-06-15)

Full Changelog: v0.109.1...v0.109.2

Chores

  • api: remove retired models from API and SDKs (d4bcfcc)

0.109.1 (2026-06-09)

Full Changelog: v0.109.0...v0.109.1

Bug Fixes

  • api: add frontier_llm refusal category (d3a806b)

0.109.0 (2026-06-09)

Full Changelog: v0.108.0...v0.109.0

Features

  • api: add support for Managed Agents deployments and environment variable credentials (47633bf)

0.108.0 (2026-06-09)

Full Changelog: v0.107.1...v0.108.0

... (truncated)

Commits
  • 5d6fd8d release: 0.111.0
  • 9fdf2ef feat(helpers): tag refusal-fallback middleware requests with fallback-refusal...
  • af2b702 release: 0.110.0
  • a10dbaa feat(api): add support for new code_execution_20260120 tool
  • 9d49b63 fix(helpers): single source of truth for x-stainless-helper key + closed valu...
  • e8a5c84 fix: append x-stainless-helper across header merges instead of clobbering (#105)
  • ed0af5b fix(bedrock): preserve stream event type (#1682)
  • See full diff in compare view

Updates ruff to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

@dependabot
chore(deps): bump the python group with 11 updates
a6a7eba 
Updates the requirements on [pylance](https://github.com/lance-format/lance), [pyarrow](https://github.com/apache/arrow), [pathspec](https://github.com/cpburnz/python-pathspec), [tqdm](https://github.com/tqdm/tqdm), [fastapi](https://github.com/fastapi/fastapi), [mcp](https://github.com/modelcontextprotocol/python-sdk), [openai](https://github.com/openai/openai-python), [onnxruntime-gpu](https://github.com/microsoft/onnxruntime), [anthropic](https://github.com/anthropics/anthropic-sdk-python), [ruff](https://github.com/astral-sh/ruff) and [pytest](https://github.com/pytest-dev/pytest) to permit the latest version.

Updates `pylance` to 7.0.0
- [Release notes](https://github.com/lance-format/lance/releases)
- [Changelog](https://github.com/lance-format/lance/blob/main/release_process.md)
- [Commits](lance-format/lance@v0.10.0...v7.0.0)

Updates `pyarrow` to 24.0.0
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](apache/arrow@go/v16.0.0...apache-arrow-24.0.0)

Updates `pathspec` to 1.1.1
- [Release notes](https://github.com/cpburnz/python-pathspec/releases)
- [Changelog](https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst)
- [Commits](cpburnz/python-pathspec@v0.12.0...v1.1.1)

Updates `tqdm` to 4.68.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.68.2...v4.68.3)

Updates `fastapi` to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.137.1...0.138.0)

Updates `mcp` to 1.28.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.9.0...v1.28.0)

Updates `openai` to 2.43.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.41.1...v2.43.0)

Updates `onnxruntime-gpu` to 1.27.0
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.17.0...v1.27.0)

Updates `anthropic` to 0.111.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.109.2...v0.111.0)

Updates `ruff` to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.18)

Updates `pytest` to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

---
updated-dependencies:
- dependency-name: pylance
  dependency-version: 7.0.0
  dependency-type: direct:production
  dependency-group: python
- dependency-name: pyarrow
  dependency-version: 24.0.0
  dependency-type: direct:production
  dependency-group: python
- dependency-name: pathspec
  dependency-version: 1.1.1
  dependency-type: direct:production
  dependency-group: python
- dependency-name: tqdm
  dependency-version: 4.68.3
  dependency-type: direct:production
  dependency-group: python
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:development
  dependency-group: python
- dependency-name: mcp
  dependency-version: 1.28.0
  dependency-type: direct:development
  dependency-group: python
- dependency-name: openai
  dependency-version: 2.43.0
  dependency-type: direct:development
  dependency-group: python
- dependency-name: onnxruntime-gpu
  dependency-version: 1.27.0
  dependency-type: direct:development
  dependency-group: python
- dependency-name: anthropic
  dependency-version: 0.111.0
  dependency-type: direct:development
  dependency-group: python
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:development
  dependency-group: python
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 23, 2026
@codecov-commenter

codecov-commenter commented Jun 23, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter