Skip to content

Bump the pip group across 3 directories with 4 updates#417

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/AI-Upscaling-With-NPU/pip-fc727c99e3
Open

Bump the pip group across 3 directories with 4 updates#417
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/AI-Upscaling-With-NPU/pip-fc727c99e3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the pip group with 2 updates in the /AI-Upscaling-With-NPU directory: jupyterlab and notebook.
Bumps the pip group with 2 updates in the /LLM/rag directory: langchain-core and pypdf.
Bumps the pip group with 1 update in the /Text-Summarizer-Browser-Plugin directory: pypdf.

Updates jupyterlab from 4.4.8 to 4.5.7

Release notes

Sourced from jupyterlab's releases.

v4.5.7

4.5.7

(Full Changelog)

Security patches

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​filipeoliveira05 (activity) | @​flaviomartins (activity) | @​itsmejay80 (activity) | @​jtpio (activity) | @​krassowski (activity) | @​martinRenou (activity) | @​MUFFANUJ (activity) | @​utsav-develops (activity)

v4.5.6

4.5.6

... (truncated)

Commits
  • f514041 [ci skip] Publish 4.5.7
  • 66fe9ad Backport PR #18652 on branch 4.5.x (Video and Audio Content Providers: Fix Ju...
  • f4455fa Fix syntax for Python 3.9 on 4.5.x branch (#18817)
  • d2322b5 Backport PR #18819 on branch 4.5.x (Fix linting issue) (#18820)
  • 5d9cb8c Merge commit from fork
  • 1de120b Merge commit from fork
  • 6926100 Backport PR #18808 on branch 4.5.x (Fix notebook hang when dropping cells) (#...
  • 67e6e88 Backport PR #18647 on branch 4.5.x (Update default font family to honor macOS...
  • bf21eb9 Backport PR #18747 on branch 4.5.x (Fix Contextual Help keyboard shortcut rel...
  • 73cafa5 Backport PR #18788 on branch 4.5.x (Fix name of option for extension manager ...
  • Additional commits viewable in compare view

Updates notebook from 7.4.1 to 7.5.6

Release notes

Sourced from notebook's releases.

v7.5.6

7.5.6

(Full Changelog)

Security patches

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​RamiNoodle733 (activity)

v7.5.5

7.5.5

(Full Changelog)

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

... (truncated)

Changelog

Sourced from notebook's changelog.

7.5.6

(Full Changelog)

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​RamiNoodle733 (activity)

7.5.5

(Full Changelog)

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

7.5.4

(Full Changelog)

Maintenance and upkeep improvements

... (truncated)

Commits

Updates langchain-core from 1.2.22 to 1.3.3

Release notes

Sourced from langchain-core's releases.

langchain-core==1.3.3

Changes since langchain-core==1.3.2

release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992)

langchain-core==1.3.2

Changes since langchain-core==1.3.1

release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834)

langchain-core==1.3.1

Changes since langchain-core==1.3.0

release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813)

langchain-core==1.3.0

Changes since langchain-core==1.2.31

release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588)

langchain-core==1.3.0a3

Initial release

... (truncated)

Commits

Updates pypdf from 6.9.2 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

Robustness (ROB)

Documentation (DOC)

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

Documentation (DOC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

  • Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

  • Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

  • Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

  • Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

  • Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

  • Use remove_orphans in compress_identical_objects (#3310)
  • Fix PdfReadError when xref table contains comments before trailer (#3710)
  • Correctly verify AES padding during decryption (#3699)
  • Fix stale object cache from non-authoritative object streams (#3698)
  • Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

Full Changelog

Commits
  • c476b4f REL: 6.10.2
  • c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
  • b49e7eb REL: 6.10.1
  • 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
  • 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
  • b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
  • 717446b ROB: Consider strict mode setting for decryption errors (#3731)
  • 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
  • 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
  • Additional commits viewable in compare view

Updates pypdf from 6.9.2 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

Robustness (ROB)

Documentation (DOC)

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

Documentation (DOC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

  • Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

  • Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

  • Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

  • Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

  • Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

  • Use remove_orphans in compress_identical_objects (#3310)
  • Fix PdfReadError when xref table contains comments before trailer (#3710)
  • Correctly verify AES padding during decryption (#3699)
  • Fix stale object cache from non-authoritative object streams (#3698)
  • Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

Full Changelog

Commits
  • c476b4f REL: 6.10.2
  • c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
  • b49e7eb REL: 6.10.1
  • 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
  • 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
  • b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
  • 717446b ROB: Consider strict mode setting for decryption errors (#3731)
  • 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
  • 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 3 directories with 4 updates
461b244 
Bumps the pip group with 2 updates in the /AI-Upscaling-With-NPU directory: [jupyterlab](https://github.com/jupyterlab/jupyterlab) and [notebook](https://github.com/jupyter/notebook).
Bumps the pip group with 2 updates in the /LLM/rag directory: [langchain-core](https://github.com/langchain-ai/langchain) and [pypdf](https://github.com/py-pdf/pypdf).
Bumps the pip group with 1 update in the /Text-Summarizer-Browser-Plugin directory: [pypdf](https://github.com/py-pdf/pypdf).


Updates `jupyterlab` from 4.4.8 to 4.5.7
- [Release notes](https://github.com/jupyterlab/jupyterlab/releases)
- [Changelog](https://github.com/jupyterlab/jupyterlab/blob/main/RELEASE.md)
- [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.4.8...@jupyterlab/lsp@4.5.7)

Updates `notebook` from 7.4.1 to 7.5.6
- [Release notes](https://github.com/jupyter/notebook/releases)
- [Changelog](https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md)
- [Commits](https://github.com/jupyter/notebook/compare/@jupyter-notebook/tree@7.4.1...@jupyter-notebook/tree@7.5.6)

Updates `langchain-core` from 1.2.22 to 1.3.3
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.22...langchain-core==1.3.3)

Updates `pypdf` from 6.9.2 to 6.10.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.9.2...6.10.2)

Updates `pypdf` from 6.9.2 to 6.10.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.9.2...6.10.2)

---
updated-dependencies:
- dependency-name: jupyterlab
  dependency-version: 4.5.7
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: notebook
  dependency-version: 7.5.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain-core
  dependency-version: 1.3.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pypdf
  dependency-version: 6.10.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pypdf
  dependency-version: 6.10.2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants