Skip to content

deps(python): bump the python-minor group across 1 directory with 10 updates#5296

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-minor-7d8f6ab8ea
Open

deps(python): bump the python-minor group across 1 directory with 10 updates#5296
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-minor-7d8f6ab8ea

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the python-minor group with 10 updates in the / directory:

Package From To
fastapi 0.135.3 0.136.0
fastmcp 3.2.0 3.2.4
anthropic 0.89.0 0.96.0
pydantic 2.12.5 2.13.3
pydantic-settings 2.13.1 2.14.0
cachetools 7.0.5 7.0.6
ruff 0.15.9 0.15.11
mypy 1.20.0 1.20.1
plotly 6.6.0 6.7.0
selenium 4.41.0 4.43.0

Updates fastapi from 0.135.3 to 0.136.0

Release notes

Sourced from fastapi's releases.

0.136.0

Upgrades

0.135.4

Refactors

Internal

Commits

Updates fastmcp from 3.2.0 to 3.2.4

Release notes

Sourced from fastmcp's releases.

v3.2.4: Patch Me If You Can

A grab bag of fixes, hardening, and polish.

The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.

Security got three meaningful upgrades. FileUpload now validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.

Schema handling had a rough-edges pass. json_schema_to_type no longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by stripping title fields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.

Plus a Keycloak OAuth provider for enterprise auth, improvements to ctx.elicit() (new response_title/response_description, deprecation warning when called without response_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.

What's Changed

Breaking Changes ⚠️

Enhancements ✨

Security 🔒

Fixes 🐞

... (truncated)

Commits
  • 7d76074 Stop pydantic 2.13 from leaking _WrappedResult docstring into tool output sch...
  • b732a4a Overhaul apps docs (#3915)
  • 5c2ff1b chore: Update SDK documentation (#3914)
  • f4f2ec0 Deprecate ctx.elicit() without response_type (#3916)
  • 338b80c chore(deps): bump the uv group across 2 directories with 1 update (#3913)
  • 110cd3a Add response_title and response_description to ctx.elicit() (#3912)
  • 3117846 chore: Update SDK documentation (#3909)
  • 031c7e0 Fix RetryMiddleware not retrying tool errors (#3858)
  • 200d79e Enable PERF and T20 ruff rules (#3845)
  • 82f310f AuthKit: auto-bind token audience to resource URL (RFC 8707) (#3905)
  • Additional commits viewable in compare view

Updates anthropic from 0.89.0 to 0.96.0

Release notes

Sourced from anthropic's releases.

v0.96.0

0.96.0 (2026-04-16)

Full Changelog: v0.95.0...v0.96.0

Features

  • api: add claude-opus-4-7, token budgets and user_profiles (0aa2a0d)

Chores

  • ci: remove release-doctor workflow (1d9add3)

v0.95.0

0.95.0 (2026-04-14)

Full Changelog: v0.94.1...v0.95.0

Features

  • api: mark Sonnet and Opus 4 as deprecated (0c1e773)
  • bedrock: use auth header for mantle client (#1644) (3b93090)

v0.94.1

0.94.1 (2026-04-13)

Full Changelog: v0.94.0...v0.94.1

Bug Fixes

  • streaming: add missing events (c6a06d8)

v0.94.0

0.94.0 (2026-04-10)

Full Changelog: v0.93.0...v0.94.0

Features

Bug Fixes

  • ensure file data are only sent as 1 parameter (837b25b)

Documentation

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.96.0 (2026-04-16)

Full Changelog: v0.95.0...v0.96.0

Features

  • api: add claude-opus-4-7, token budgets and user_profiles (0aa2a0d)

Chores

  • ci: remove release-doctor workflow (1d9add3)

0.95.0 (2026-04-14)

Full Changelog: v0.94.1...v0.95.0

Features

  • api: mark Sonnet and Opus 4 as deprecated (0c1e773)
  • bedrock: use auth header for mantle client (#1644) (3b93090)

0.94.1 (2026-04-13)

Full Changelog: v0.94.0...v0.94.1

Bug Fixes

  • streaming: add missing events (c6a06d8)

0.94.0 (2026-04-10)

Full Changelog: v0.93.0...v0.94.0

Features

Bug Fixes

  • ensure file data are only sent as 1 parameter (837b25b)

Documentation

0.93.0 (2026-04-09)

... (truncated)

Commits
  • 78de297 release: 0.96.0
  • dc0c792 feat(api): add claude-opus-4-7, token budgets and user_profiles
  • 71eff1f chore(ci): remove release-doctor workflow
  • 1056685 release: 0.95.0
  • 9741185 feat(bedrock): use auth header for mantle client (#1644)
  • ef22dbb feat(api): mark Sonnet and Opus 4 as deprecated
  • 6d9b986 codegen metadata
  • 47c48a9 release: 0.94.1
  • 49bab64 fix(streaming): add missing events
  • 7b03b0f release: 0.94.0
  • Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

... (truncated)

Commits
  • 9e9a111 Fix backported test
  • 1ec8c6a Prepare release v2.13.3
  • fb4f204 Handle AttributeError subclasses with from_attributes
  • ca3ddd1 Prepare release v2.13.2
  • 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
  • d45d8be Prepare release 2.13.1
  • 54aca60 Fix ValidationInfo.data missing with model_validate_json()
  • 46bf4fa Fix Pydantic release workflow (#13067)
  • 1b359ed Prepare release v2.13.0 (#13065)
  • b1bf194 Fix model equality when using runtime extra configuration (#13062)
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.13.1 to 2.14.0

Release notes

Sourced from pydantic-settings's releases.

v2.14.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.13.1...v2.14.0

Commits
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • 617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
  • 577c05f Add note about Mypy plugin for BaseSettings.__init__() (#842)
  • 2355bc5 Fix CliPositionalArg[list[CustomType]] crash for custom types (#839)
  • 16bd6fd Introduce zizmor (#838)
  • df8b239 Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group (#837)
  • c5401a2 Introduce yamlfmt (#836)
  • 953e28e Bump the python-packages group with 3 updates (#833)
  • Additional commits viewable in compare view

Updates cachetools from 7.0.5 to 7.0.6

Changelog

Sourced from cachetools's changelog.

v7.0.6 (2026-04-20)

  • Minor code improvements.

  • Update project URLs.

  • Update CI environment.

Commits
  • 28d4506 Release v7.0.6.
  • 51921a4 Remove _TimedCache default timer to simplify type stubs.
  • a4249f6 Bump codecov/codecov-action from 5.5.2 to 6.0.0 (#392)
  • aa87283 feat: update project URLs in pyproject.toml to show on pypi.org (#390)
  • See full diff in compare view

Updates ruff from 0.15.9 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

0.15.10

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

... (truncated)

Commits

Updates mypy from 1.20.0 to 1.20.1

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

  • Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
  • Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
  • Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
  • Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
  • Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
  • Fix regression for catching empty tuple in except (Shantanu, PR 21153)
  • Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
  • Fix narrowing with chained comparison (Shantanu, PR 21150)
  • Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
  • Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
  • --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • Aaron Wieczorek
  • Adam Turner
  • Ali Hamdan
  • asce
  • BobTheBuidler
  • Brent Westbrook
  • Brian Schubert
  • bzoracler
  • Chris Burroughs
  • Christoph Tyralla
  • Colin Watson
  • Donghoon Nam
  • E. M. Bray
  • Emma Smith
  • Ethan Sarp
  • George Ogden
  • getzze
  • grayjk
  • Gregor Riepl
  • Ivan Levkivskyi
  • James Hilliard
  • James Le Cuirot
  • Jeremy Nimmer
  • Joren Hammudoglu
  • Kai (Kazuya Ito)
  • kaushal trivedi
  • Kevin Kannammalil
  • Lukas Geiger
  • Łukasz Langa
  • Marc Mueller
  • Michael R. Crusoe
  • michaelm-openai

... (truncated)

Commits

Updates plotly from 6.6.0 to 6.7.0

Release notes

Sourced from plotly's releases.

v6.7.0

Added

  • Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

  • Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
    • numpy with a version less than 1.22 is no longer supported.
  • Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

  • Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
    • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
    • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
    • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]
Changelog

Sourced from plotly's changelog.

[6.7.0] - 2026-04-09

Added

  • Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

  • Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
    • numpy with a version less than 1.22 is no longer supported.
  • Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

  • Update plotly.js from version 3.4.0 to version 3.5.0. S...

    Description has been truncated

@dependabot
deps(python): bump the python-minor group across 1 directory with 10 …
84c82ea 
…updates

Bumps the python-minor group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.0` |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.2.0` | `3.2.4` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.89.0` | `0.96.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.0` |
| [cachetools](https://github.com/tkem/cachetools) | `7.0.5` | `7.0.6` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.9` | `0.15.11` |
| [mypy](https://github.com/python/mypy) | `1.20.0` | `1.20.1` |
| [plotly](https://github.com/plotly/plotly.py) | `6.6.0` | `6.7.0` |
| [selenium](https://github.com/SeleniumHQ/Selenium) | `4.41.0` | `4.43.0` |



Updates `fastapi` from 0.135.3 to 0.136.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.3...0.136.0)

Updates `fastmcp` from 3.2.0 to 3.2.4
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.2.0...v3.2.4)

Updates `anthropic` from 0.89.0 to 0.96.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.89.0...v0.96.0)

Updates `pydantic` from 2.12.5 to 2.13.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.3)

Updates `pydantic-settings` from 2.13.1 to 2.14.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.0)

Updates `cachetools` from 7.0.5 to 7.0.6
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v7.0.5...v7.0.6)

Updates `ruff` from 0.15.9 to 0.15.11
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.9...0.15.11)

Updates `mypy` from 1.20.0 to 1.20.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.0...v1.20.1)

Updates `plotly` from 6.6.0 to 6.7.0
- [Release notes](https://github.com/plotly/plotly.py/releases)
- [Changelog](https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md)
- [Commits](plotly/plotly.py@v6.6.0...v6.7.0)

Updates `selenium` from 4.41.0 to 4.43.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.43.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: fastmcp
  dependency-version: 3.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: anthropic
  dependency-version: 0.96.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pydantic
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pydantic-settings
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: cachetools
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: ruff
  dependency-version: 0.15.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: mypy
  dependency-version: 1.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: plotly
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: selenium
  dependency-version: 4.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python labels Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants