Skip to content

chore(deps): bump the uv group across 3 directories with 12 updates#2486

Open
dependabot[bot] wants to merge 2 commits intodevelopfrom
dependabot/uv/climate-advisor/service/uv-8c28c56969
Open

chore(deps): bump the uv group across 3 directories with 12 updates#2486
dependabot[bot] wants to merge 2 commits intodevelopfrom
dependabot/uv/climate-advisor/service/uv-8c28c56969

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the uv group with 12 updates in the /climate-advisor/service directory:

Package From To
cryptography 46.0.3 46.0.7
langchain-core 1.2.7 1.2.28
langgraph 1.0.6 1.0.10rc1
langsmith 0.4.58 0.6.3
mcp 1.20.0 1.23.0
orjson 3.11.4 3.11.6
pytest 9.0.2 9.0.3
python-multipart 0.0.21 0.0.22
requests 2.32.5 2.33.0
starlette 0.48.0 0.49.1
urllib3 2.5.0 2.6.3
uv 0.9.7 0.11.6

Bumps the uv group with 1 update in the /global-api directory: pytest.
Bumps the uv group with 1 update in the /hiap-meed directory: pytest.

Updates cryptography from 46.0.3 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:


46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:


46.0.4 - 2026-01-27

  • Dropped support for win_arm64 wheels_.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

Commits

Updates langchain-core from 1.2.7 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

langchain-core==1.2.22

Changes since langchain-core==1.2.21

... (truncated)

Commits

Updates langgraph from 1.0.6 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

  • release: Candidate (#6947)
  • Merge commit from fork
  • chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
  • chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

  • release: langgraph + prebuilt (#6875)
  • fix: sequential interrupt handling w/ functional API (#6863)
  • chore: state_updated_at sort by (#6857)
  • chore: bump orjson (#6852)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
  • chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
  • chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
  • chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
  • chore: server runtime type (#6774)
  • refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph-prebuilt==1.0.9

Changes since prebuilt==1.0.8

  • release: prebuilt 1.0.9 and langgraph 1.1.5 (#7401)
  • feat: enhance runtime w/ more execution information (#7363)
  • fix: tool node injection bug (#7391)
  • release(langgraph): 1.1.4 (#7356)
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 in /libs/prebuilt (#7354)
  • chore(deps): bump langchain-core from 1.2.20 to 1.2.22 in /libs/prebuilt in the minor-and-patch group (#7289)
  • chore(deps): bump requests from 2.32.5 to 2.33.0 in /libs/prebuilt (#7281)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (#7247)
  • release(checkpoint-postgres): 3.0.5 (#7221)
  • release(langgraph): 1.1.3 (#7215)
  • chore(deps): bump the all-dependencies group in /libs/sdk-py with 2 updates (#7197)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (#7196)
  • chore(deps): bump orjson from 3.11.5 to 3.11.6 in /libs/prebuilt (#7145)
  • release(langgraph): 1.1.2 (#7135)
  • release(langgraph): 1.1.1 (#7120)
  • release(langgraph): 1.1 (#7102)
  • chore(deps): bump the all-dependencies group across 1 directory with 3 updates (#7072)
  • chore(deps): bump the all-dependencies group across 1 directory with 4 updates (#7073)
  • release(langgraph) 1.0.10 (#6967)
  • release(checkpoint): 0.4.1 (#6966)
  • chore: add serde events (#6954)
  • chore: update defaults (#6953)
  • release: rc2 (#6949)

... (truncated)

Commits
  • a04ec5d release: Candidate (#6947)
  • 50df7d4 Merge commit from fork
  • c4a4a46 chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • f178eb8 fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...
  • 48167d7 chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (#6920)
  • 806878a chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...
  • 8087e6a docs(sdk-py): update auth docstrings to default-deny pattern (#6933)
  • 8fbdb14 release(sdk-py): 0.3.9 (#6932)
  • 5093802 chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...
  • b89ef60 feat(sdk-py): add extract parameter to threads.search() (#6880)
  • Additional commits viewable in compare view

Updates langsmith from 0.4.58 to 0.6.3

Release notes

Sourced from langsmith's releases.

v0.6.1

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.6.0...v0.6.1

v0.6.0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.2...v0.6.0

v0.6.0rc0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.6.0rc0

v0.5.2

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.5.2

... (truncated)

Commits

Updates mcp from 1.20.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates orjson from 3.11.4 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.
Commits

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

Commits

Updates python-multipart from 0.0.21 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Version 0.0.22

What's Changed

  • Drop directory path from filename in File 9433f4b.

Full Changelog: Kludex/python-multipart@0.0.21...0.0.22

Changelog

Sourced from python-multipart's changelog.

0.0.22 (2026-01-25)

  • Drop directory path from filename in File 9433f4b.
Commits

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates starlette from 0.48.0 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.
Commits

Updates urllib3 from 2.5.0 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Reque...

Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 14, 2026
@dependabot dependabot bot mentioned this pull request Apr 14, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026
edited
Loading

Test Results

85 tests  ±0   85 ✅ ±0   2s ⏱️ ±0s
 1 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit 40f2293. ± Comparison against base commit f07d0ed.

♻️ This comment has been updated with latest results.

@dependabot dependabot bot force-pushed the dependabot/uv/climate-advisor/service/uv-8c28c56969 branch from 02da876 to 378e952 Compare April 14, 2026 08:19
@dependabot
chore(deps): bump the uv group across 3 directories with 12 updates
40f2293 
Bumps the uv group with 12 updates in the /climate-advisor/service directory:

| Package | From | To |
| --- | --- | --- |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.7` |
| [langchain-core](https://github.com/langchain-ai/langchain) | `1.2.7` | `1.2.28` |
| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.6` | `1.0.10rc1` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.58` | `0.6.3` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.20.0` | `1.23.0` |
| [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.6` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.21` | `0.0.22` |
| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |
| [starlette](https://github.com/Kludex/starlette) | `0.48.0` | `0.49.1` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |
| [uv](https://github.com/astral-sh/uv) | `0.9.7` | `0.11.6` |

Bumps the uv group with 1 update in the /global-api directory: [pytest](https://github.com/pytest-dev/pytest).
Bumps the uv group with 1 update in the /hiap-meed directory: [pytest](https://github.com/pytest-dev/pytest).


Updates `cryptography` from 46.0.3 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.3...46.0.7)

Updates `langchain-core` from 1.2.7 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.7...langchain-core==1.2.28)

Updates `langgraph` from 1.0.6 to 1.0.10rc1
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@1.0.6...1.0.10rc1)

Updates `langsmith` from 0.4.58 to 0.6.3
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](https://github.com/langchain-ai/langsmith-sdk/commits)

Updates `mcp` from 1.20.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.20.0...v1.23.0)

Updates `orjson` from 3.11.4 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.4...3.11.6)

Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

Updates `python-multipart` from 0.0.21 to 0.0.22
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.21...0.0.22)

Updates `requests` from 2.32.5 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

Updates `starlette` from 0.48.0 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.48.0...0.49.1)

Updates `urllib3` from 2.5.0 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

Updates `uv` from 0.9.7 to 0.11.6
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.9.7...0.11.6)

Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langgraph
  dependency-version: 1.0.10rc1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.6.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: python-multipart
  dependency-version: 0.0.22
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: uv
  dependency-version: 0.11.6
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/climate-advisor/service/uv-8c28c56969 branch from 378e952 to 40f2293 Compare April 14, 2026 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piotrnowakowski