chore(deps)(deps): Bump the python-minor-patch group across 1 directory with 8 updates

[dependabot]

Bumps the python-minor-patch group with 8 updates in the / directory:

Package	From	To
urllib3	2.6.3	2.7.0
pydantic	2.13.3	2.13.4
tox	4.53.1	4.54.0
ruff	0.15.12	0.15.13
openapi-python-client	0.28.3	0.28.4
poethepoet	0.45.0	0.46.0
ty	0.0.34	0.0.37
fastmcp	3.2.4	3.3.1

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

• Decompression-bomb safeguards of the streaming API were bypassed:

  1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
  2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

  See GHSA-mf9v-mfxr-j63j for details.

• HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

• Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
• Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
• Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
• Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

• Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
• Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
• Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
• Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
• Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
• Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)

Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

• Decompression-bomb safeguards of the streaming API were bypassed:

  1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
  2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

  See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

• HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

• Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
• Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
• Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
• Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

• Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
• Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

• 9a950b9 Release 2.7.0
• 5ec0de4 Merge commit from fork
• 2bdcc44 Merge commit from fork
• f45b0df Fix a misleading example for ProxyManager (#4970)
• 577193c Switch to nightly PyPy3.11 in CI for now (#4984)
• e90af45 Avoid infinite loop in HTTPResponse.read_chunked when amt=0 (#4974)
• 67ed74f Bump dev dependencies (#4972)
• 3abd481 Upgrade mypy to version 1.20.2 (#4978)
• 2b8725d Drop support for EOL PyPy3.10 (#4979)
• 2944b2a Upgrade setup-chrome and setup-firefox to fix warnings (#4973)
• Additional commits viewable in compare view

Updates pydantic from 2.13.3 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• See full diff in compare view

Updates tox from 4.53.1 to 4.54.0

Release notes

Sourced from tox's releases.

v4.54.0

What's Changed

• 🧪 test(conftest): strip broken nspkg.pth files under py3.15 by @​gaborbernat in tox-dev/tox#3937
• ✨ feat(packaging): declare tox.pytest deps via a testing extra by @​gaborbernat in tox-dev/tox#3940
• 🐛 fix(schema): cover every replace form in the TOML schema by @​gaborbernat in tox-dev/tox#3941

Full Changelog: tox-dev/tox@4.53.1...4.54.0

Changelog

Sourced from tox's changelog.

Features - 4.54.0

• Declare the runtime dependencies of the tox.pytest plugin (pytest, devpi-process and pytest-mock) under a new testing extra, so plugin authors can pull them in via tox[testing] - by :user:gaborbernat. (:issue:3938, :issue:3940)

Bug fixes - 4.54.0

• Extend the generated TOML schema to cover every replace table form (env, ref, posargs, glob, if), including conditional replacements used inside commands. A guard test asserts the schema stays in sync with the loader implementation so future replace types cannot be added without a corresponding schema entry. (:issue:3939)

---

v4.53.1 (2026-05-02)

---

Commits

• 1f1fcc7 release 4.54.0
• b35c8ee 🐛 fix(schema): cover every replace form in the TOML schema (#3941)
• 6eb5c4f ✨ feat(packaging): declare tox.pytest deps via a testing extra (#3940)
• 1ad47dd 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (#3937)
• dfba966 [pre-commit.ci] pre-commit autoupdate (#3936)
• 21069af [pre-commit.ci] pre-commit autoupdate (#3933)
• See full diff in compare view

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

• @​MichaReiser

... (truncated)

Commits

• 2afb467 Bump 0.15.13 (#25157)
• 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
• 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
• 2522549 Remove shellcheck from prek (#25154)
• 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
• bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
• 828cdb7 [ty] Isolate file-watching test environment (#25151)
• 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
• 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
• ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
• Additional commits viewable in compare view

Updates openapi-python-client from 0.28.3 to 0.28.4

Release notes

Sourced from openapi-python-client's releases.

0.28.4 (2026-05-11)

Features

• Update uv_build to 0.11 when using --meta=uv (#1434)

Add support for x-enum-varnames to string enums

#1358 by @​mbbush

You can now customize the variable names of the generated string enumerations using the x-enum-varnames openapi extension. Previously, this was only possible for integer enumerations.

Changelog

Sourced from openapi-python-client's changelog.

0.28.4 (2026-05-11)

Features

• Update uv_build to 0.11 when using --meta=uv (#1434)

Add support for x-enum-varnames to string enums

##1358 by @​mbbush

You can now customize the variable names of the generated string enumerations using the x-enum-varnames openapi extension. Previously, this was only possible for integer enumerations.

Commits

• 284576f Release 0.28.4 (#1408)
• 7be999c chore(deps): lock file maintenance (#1415)
• 7eeb915 chore(deps): update pypa/gh-action-pypi-publish action to v1.14.0 (#1419)
• 894d9f4 chore(deps): update actions/upload-artifact action to v7.0.1 (#1422)
• 5b25891 chore(deps): update dependency typer to >0.16,<0.26 (#1430)
• dd2f095 feat: Update uv_build to 0.11 when using --meta=uv (#1434)
• 5fcaf72 chore(deps): update actions/download-artifact action to v8.0.1 (#1414)
• 75cb057 chore(deps): lock file maintenance (#1402)
• 0534d3b chore(deps): update github artifact actions (major) (#1406)
• 72a37ec Add support for x-enum-varnames to string enums (#1358)
• See full diff in compare view

Updates poethepoet from 0.45.0 to 0.46.0

Release notes

Sourced from poethepoet's releases.

0.46.0

Enhancements

• Experimental Claude Code skill and bump-version task by @​nat-n in nat-n/poethepoet#387
• Use AST parser for all templating to support :- and :+ param expansion operators everywhere by @​nat-n in nat-n/poethepoet#386

Fixes

• Make uv and poetry executors check for bat files to handle shutdown quirks on windows by @​nat-n in nat-n/poethepoet#385
• Strip underscore prefix in documentation for private positional args by @​nat-n in nat-n/poethepoet#383
• Use AST for $POE_EXTRA_ARGS detection and cache parsed content by @​nat-n in nat-n/poethepoet#388

Experimental agent skill

This release ships an experimental agent skill that gives AI coding agents contextual knowledge of poe's task API when working in projects that use it. It works with any agent that supports the skills convention and aims to improve agent abilities when it comes to leveraging and authoring poe tasks.

Please try it out and provide feedback!

Two install methods:

1. Via a built in poe task (similar to how shell completions are installed):

poe _install_skill                          # auto-detects .claude/.codex/.pi/.agents and prompts
poe _install_skill ~/.claude/skills         # explicit path (substitute your agent's dir)
poe _install_skill <skills-dir> --upgrade   # non-interactive upgrade (skips if same/newer)

2. From github via npx skills

npx skills add https://github.com/nat-n/poethepoet/tree/v0.46.0/poethepoet/skills/poethepoet

Full Changelog: nat-n/poethepoet@v0.45.0...v0.46.0

Commits

• 23a4c1a feat: experimental Claude Code skill and bump-version task (#387)
• a04a215 refactor: use AST for $POE_EXTRA_ARGS detection and cache parsed content (#388)
• 61d2e34 refactor: use AST parser for all templating (#386)
• 1bfad47 fix: make uv and poetry executors check for bat files (#385)
• 35e4a1b fix: Strip underscore prefix in documentation for private positional args (#383)
• See full diff in compare view

Updates ty from 0.0.34 to 0.0.37

Release notes

Sourced from ty's releases.

0.0.37

Release Notes

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

Install ty 0.0.37

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

0.0.36

Released on 2026-05-14.

Bug fixes

• Fix Go To-Definition for self-imported submodules (#25106)
• Fix ClassVar[Self] assignment checks for class objects (#24657)
• Fix attribute access on Callable-bounded TypeVars (#24793)
• Fix panic from TypedDict schema cycle with Self fields (#25094)
• Fix panic from accessing args[0] for static_assert (#25149)
• Fix panic from non-name walrus target access (#25121)
• Fix singleton classification for runtime typing objects (#25099)
• Guard self-referential TypeOf recursion in generic callables (#24668)
• Preserve lexical ParamSpec scope for returned Callable annotations (#24909)

... (truncated)

Commits

• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• bc12d1c Bump version to 0.0.35 (#3436)
• fb34d89 Build riscv64 manylinux binary (#3402)
• 05def00 Update maturin to v1.13.1 (#3417)
• 569c081 Update prek dependencies (#3416)
• 608f8ff Update renovate configuration (#3379)
• 518b61d Update uraimo/run-on-arch-action action to v3.1.0 (#3405)
• 5542959 Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12 (#3404)
• See full diff in compare view

Updates fastmcp from 3.2.4 to 3.3.1

Release notes

Sourced from fastmcp's releases.

v3.3.1: Loop There It Is

FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like from fastmcp.tools import tool because component modules reached auth and task primitives through fastmcp.server, pulling in the server/provider stack and exposing a circular import.

Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.

What's Changed

Fixes 🐞

• fix(docs): use valid FA icon on client-only package page by @​jlowin in PrefectHQ/fastmcp#4139
• Decouple component imports from server by @​jlowin in PrefectHQ/fastmcp#4150

Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1

v3.3.0: Slim Reaper

FastMCP 3.3 ships fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.

fastmcp-slim

The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP. fastmcp-slim is a dependency-light distribution that ships the client and transport layer without any of that.

The import namespace is unchanged:

from fastmcp import Client
async with Client("https://example.com/mcp") as client:
result = await client.call_tool("my_tool", {"arg": "value"})

Install fastmcp-slim[client] anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.

Security

The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (/../, /./) that could otherwise bypass prefix checks. And ResponseCachingMiddleware partitions its cache by access token, closing a gap where different users could see each other's cached responses.

Auth

AzureB2CProvider adds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. And OAuthProxy gains a public update_scopes() API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.

Observability

OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (list_tools, list_resources, list_prompts, list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.

Thread Affinity

Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:

... (truncated)

Commits

• d8dcc27 Decouple component imports from server (#4150)
• 255e3e4 fix(docs): use valid FA icon on client-only package page (#4139)
• 73df4dc chore: Update SDK documentation (#4096)
• ee48a0f Refine fastmcp-slim packaging (#4125)
• bb4894d Add fastmcp-slim for client-only installs (#4122)
• 8209093 fix(http): terminate active streamable-HTTP transports before lifespan shutdo...
• cf59a45 Fix OCI Provider issue in 3.x version. Add OCI auth provider example … (#4116)
• 89b99ec fix(proxy): fall back to live identifier for backend_* span attributes (#4109)
• 310314c fix: cli option --no-banner is NOT passed to cli but server-spec in-correctly...
• 28722f8 fix: drop exc_info for expected tool failures, remove unreachable ValidationE...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.