Skip to content

deps(python): bump the python-minor group with 7 updates#5281

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-minor-7617e11d41
Open

deps(python): bump the python-minor group with 7 updates#5281
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-minor-7617e11d41

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps the python-minor group with 7 updates:

Package From To
fastmcp 3.2.0 3.2.3
anthropic 0.89.0 0.94.1
pydantic 2.12.5 2.13.0
ruff 0.15.9 0.15.10
mypy 1.20.0 1.20.1
plotly 6.6.0 6.7.0
selenium 4.41.0 4.43.0

Updates fastmcp from 3.2.0 to 3.2.3

Release notes

Sourced from fastmcp's releases.

v3.2.3: Redis or Not

fakeredis 2.35.0 shipped an undocumented rename (FakeConnectionFakeAsyncRedisConnection) that broke pydocket's memory:// backend, causing fastmcp[tasks] installs to fail at startup with an ImportError. This pins fakeredis<2.35.0 in the tasks extra as a stopgap until a fixed pydocket ships.

What's Changed

Fixes 🐞

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.2.2...v3.2.3

v3.2.2: Audience Appreciation

The Azure audience fix in 3.2.1 overcorrected: it switched token validation from client_id to identifier_uri, which fixed custom Application ID URIs but broke the default case where Azure AD v2 tokens set aud to the bare client ID GUID. Both formats are now accepted.

What's Changed

Fixes 🐞

Dependencies 📦

Full Changelog: PrefectHQ/fastmcp@v3.2.1...v3.2.2

v3.2.1: Audience Participation

Most of the fixes in this patch are about auth providers getting audience validation wrong. Cognito token verification was checking the aud JWT claim, but Cognito access tokens don't include one; they use client_id instead. Azure was hardcoding the raw client ID as the expected audience, ignoring the identifier_uri parameter even though Entra v2.0 tokens use the Application ID URI as aud. Both now validate correctly without changing the provider API. Consent cookies also had an unbounded growth problem in high-DCR-client environments, eventually blowing past reverse proxy header limits; they're now capped as an LRU.

On the OpenAPI side, nullable: true fields from 3.0 specs were leaking into tool input schemas as-is instead of being converted to JSON Schema's type: ["string", "null"]. Server variable templates in base URLs (like https://{region}.api.example.com) were also being passed through raw instead of substituted with their defaults.

Smaller fixes: form submissions from Prefab UI now correctly handle unchecked boolean checkboxes, the client no longer crashes on error responses with empty or non-text content from third-party servers, and asyncio.iscoroutinefunction no longer emits deprecation warnings on Python 3.14.

What's Changed

Breaking Changes ⚠️

Enhancements ✨

Fixes 🐞

... (truncated)

Commits
  • d1adb04 Pin fakeredis<2.35.0 in tasks extra (#3804)
  • 0194c6e Document session state isolation across mount boundaries (#3801)
  • 6592aaa fix: accept both client_id and identifier_uri as Azure audience (#3797)
  • 9f0d8d3 chore(deps): bump the uv group across 2 directories with 1 update (#3795)
  • 556fd8f Harden client tool result error handling (#3778)
  • e064ba6 chore: Update SDK documentation (#3791)
  • a3c5cc1 chore: Update SDK documentation (#3757)
  • f5be772 fix: bump ty to >=0.0.29 and suppress new false positives (#3790)
  • f14456d docs: document forward_resource parameter on OAuthProxy (#3788)
  • 2b9d3ee fix: use identifier_uri as audience for Azure token validation (#3787)
  • Additional commits viewable in compare view

Updates anthropic from 0.89.0 to 0.94.1

Release notes

Sourced from anthropic's releases.

v0.94.1

0.94.1 (2026-04-13)

Full Changelog: v0.94.0...v0.94.1

Bug Fixes

  • streaming: add missing events (c6a06d8)

v0.94.0

0.94.0 (2026-04-10)

Full Changelog: v0.93.0...v0.94.0

Features

Bug Fixes

  • ensure file data are only sent as 1 parameter (837b25b)

Documentation

v0.93.0

0.93.0 (2026-04-09)

Full Changelog: v0.92.0...v0.93.0

Features

  • api: Add beta advisor tool (4297dca)

v0.92.0

0.92.0 (2026-04-08)

Full Changelog: v0.91.0...v0.92.0

Features

  • api: add support for Claude Managed Agents (5b879a7)

v0.91.0

0.91.0 (2026-04-07)

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.94.1 (2026-04-13)

Full Changelog: v0.94.0...v0.94.1

Bug Fixes

  • streaming: add missing events (c6a06d8)

0.94.0 (2026-04-10)

Full Changelog: v0.93.0...v0.94.0

Features

Bug Fixes

  • ensure file data are only sent as 1 parameter (837b25b)

Documentation

0.93.0 (2026-04-09)

Full Changelog: v0.92.0...v0.93.0

Features

  • api: Add beta advisor tool (4297dca)

0.92.0 (2026-04-08)

Full Changelog: v0.91.0...v0.92.0

Features

  • api: add support for Claude Managed Agents (5b879a7)

0.91.0 (2026-04-07)

Full Changelog: v0.90.0...v0.91.0

Features

... (truncated)

Commits

Updates pydantic from 2.12.5 to 2.13.0

Release notes

Sourced from pydantic's releases.

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

What's Changed

Packaging

New Features

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

v2.13.0b3 (2026-03-31)

GitHub release

What's Changed

New Features

Changes

... (truncated)

Commits

Updates ruff from 0.15.9 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Commits
  • 252f761 Bump 0.15.10 (#24519)
  • 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
  • f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
  • 16c4090 docs: fix JSON typo in settings example (#24517)
  • 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
  • 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
  • d8bc700 LSP: Add support for custom extensions (#24463)
  • a45f96d [ty] stop special-casing str constructor (#24514)
  • 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
  • e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
  • Additional commits viewable in compare view

Updates mypy from 1.20.0 to 1.20.1

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

  • Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
  • Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
  • Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
  • Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
  • Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
  • Fix regression for catching empty tuple in except (Shantanu, PR 21153)
  • Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
  • Fix narrowing with chained comparison (Shantanu, PR 21150)
  • Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
  • Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
  • --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • Aaron Wieczorek
  • Adam Turner
  • Ali Hamdan
  • asce
  • BobTheBuidler
  • Brent Westbrook
  • Brian Schubert
  • bzoracler
  • Chris Burroughs
  • Christoph Tyralla
  • Colin Watson
  • Donghoon Nam
  • E. M. Bray
  • Emma Smith
  • Ethan Sarp
  • George Ogden
  • getzze
  • grayjk
  • Gregor Riepl
  • Ivan Levkivskyi
  • James Hilliard
  • James Le Cuirot
  • Jeremy Nimmer
  • Joren Hammudoglu
  • Kai (Kazuya Ito)
  • kaushal trivedi
  • Kevin Kannammalil
  • Lukas Geiger
  • Łukasz Langa
  • Marc Mueller
  • Michael R. Crusoe
  • michaelm-openai

... (truncated)

Commits

Updates plotly from 6.6.0 to 6.7.0

Release notes

Sourced from plotly's releases.

v6.7.0

Added

  • Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

  • Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
    • numpy with a version less than 1.22 is no longer supported.
  • Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

  • Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
    • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
    • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
    • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]
Changelog

Sourced from plotly's changelog.

[6.7.0] - 2026-04-09

Added

  • Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

  • Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
    • numpy with a version less than 1.22 is no longer supported.
  • Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

  • Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
    • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
    • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
    • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]
Commits
  • 1a2065a Add missing attributions
  • 8422e17 Add missing octothorpes
  • fa9116f Update Jupyter Lab extension files
  • c771ad5 Version changes for v6.7.0
  • 067b954 Merge pull request #5565 from plotly/cam/update-plotly.js-v3.5.0
  • 1b7de49 Update Jupyter support files
  • d605d3e chore: Update plotly.js to v3.5.0
  • 600f865 Merge pull request #5541 from plotly/migrate-to-gh-actions
  • 10c7c56 Merge pull request #5518 from mosh3eb/fix/broken-license-link-readme
  • ea813dd Merge branch 'main' into fix/broken-license-link-readme
  • Additional commits viewable in compare view

Updates selenium from 4.41.0 to 4.43.0

Release notes

Sourced from selenium's releases.

Selenium 4.43.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

Full Changelog: SeleniumHQ/selenium@selenium-4.42.0...selenium-4.43.0

Selenium 4.42.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits
  • dd0f534 [build] Prepare for release of selenium-4.43.0 (#17329)
  • 52a38c6 fix(release): add rust:update command to version reset workflow
  • 7cee048 fix(pypirc): remove setup_pypirc method and update nightly credentials handling
  • 8382015 fix(credentials): add support for nightly PyPI credentials
  • 63e8662 Update mirror info (Thu Apr 9 18:16:15 UTC 2026)
  • 5615f64 fix(version): update selenium-manager to 0.4.43-nightly
  • 9887116 fix(release): specify path for downloading release packages
  • e2d089c fix(dependencies): update selenium-webdriver to 4.43.0.nightly
  • c68d3de Reverting changes done for 4.42.0 release
  • cb536ad Bumping versions to nightly
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python labels Apr 13, 2026
@dependabot
deps(python): bump the python-minor group with 7 updates
e553a4f 
Bumps the python-minor group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.2.0` | `3.2.3` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.89.0` | `0.94.1` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.9` | `0.15.10` |
| [mypy](https://github.com/python/mypy) | `1.20.0` | `1.20.1` |
| [plotly](https://github.com/plotly/plotly.py) | `6.6.0` | `6.7.0` |
| [selenium](https://github.com/SeleniumHQ/Selenium) | `4.41.0` | `4.43.0` |


Updates `fastmcp` from 3.2.0 to 3.2.3
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.2.0...v3.2.3)

Updates `anthropic` from 0.89.0 to 0.94.1
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.89.0...v0.94.1)

Updates `pydantic` from 2.12.5 to 2.13.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.0)

Updates `ruff` from 0.15.9 to 0.15.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.9...0.15.10)

Updates `mypy` from 1.20.0 to 1.20.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.0...v1.20.1)

Updates `plotly` from 6.6.0 to 6.7.0
- [Release notes](https://github.com/plotly/plotly.py/releases)
- [Changelog](https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md)
- [Commits](plotly/plotly.py@v6.6.0...v6.7.0)

Updates `selenium` from 4.41.0 to 4.43.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.43.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: anthropic
  dependency-version: 0.94.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pydantic
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: ruff
  dependency-version: 0.15.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: mypy
  dependency-version: 1.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: plotly
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: selenium
  dependency-version: 4.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/python-minor-7617e11d41 branch from db7a09a to e553a4f Compare April 14, 2026 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants