Skip to content

Bump the minor-and-patch group with 2 updates#177

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/minor-and-patch-b359b21e1c
Open

Bump the minor-and-patch group with 2 updates#177
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/minor-and-patch-b359b21e1c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 20, 2026

Bumps the minor-and-patch group with 2 updates: pypdf and ty.

Updates pypdf from 6.10.0 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

Robustness (ROB)

Documentation (DOC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

  • Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

  • Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

  • Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

  • Use new parameter names for compress_identical_objects

Full Changelog

Commits
  • c476b4f REL: 6.10.2
  • c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
  • b49e7eb REL: 6.10.1
  • 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
  • 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
  • b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
  • 717446b ROB: Consider strict mode setting for decryption errors (#3731)
  • 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
  • 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
  • Additional commits viewable in compare view

Updates ty from 0.0.29 to 0.0.31

Release notes

Sourced from ty's releases.

0.0.31

Release Notes

Released on 2026-04-15.

Bug fixes

  • Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
  • Avoid panic from double inference with missing functional Enum(...) names (#24638)
  • Avoid panic from double inference with functional Enum(value=...) (#24639)
  • Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
  • Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

  • Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

  • Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

  • Check inherited NamedTuple field conflicts (#24542)
  • Error when duplicate keywords are provided to TypedDict constructors (#24449)
  • Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
  • Respect subclass shadowing for inherited NamedTuple fields (#24640)
  • Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

Install ty 0.0.31

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.31

Released on 2026-04-15.

Bug fixes

  • Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
  • Avoid panic from double inference with missing functional Enum(...) names (#24638)
  • Avoid panic from double inference with functional Enum(value=...) (#24639)
  • Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
  • Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

  • Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

  • Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

  • Check inherited NamedTuple field conflicts (#24542)
  • Error when duplicate keywords are provided to TypedDict constructors (#24449)
  • Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
  • Respect subclass shadowing for inherited NamedTuple fields (#24640)
  • Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

0.0.30

Released on 2026-04-13.

As of v0.0.30, ty no longer unions Unknown into most inferred types of unannotated attributes. For example:

class Foo:
    def __init__(self) -> None:
        self.value = 1
reveal_type(Foo().value)  # revealed: int
Foo().value = "x"  # error: [invalid-assignment]

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch group with 2 updates
5aa7f21 
Bumps the minor-and-patch group with 2 updates: [pypdf](https://github.com/py-pdf/pypdf) and [ty](https://github.com/astral-sh/ty).


Updates `pypdf` from 6.10.0 to 6.10.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.10.0...6.10.2)

Updates `ty` from 0.0.29 to 0.0.31
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.29...0.0.31)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ty
  dependency-version: 0.0.31
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants