Skip to content

build(deps): bump the pip group across 1 directory with 9 updates#1227

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-3d0c44777e
Open

build(deps): bump the pip group across 1 directory with 9 updates#1227
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-3d0c44777e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 17, 2026

Bumps the pip group with 9 updates in the / directory:

Package From To
google-cloud-aiplatform 1.64.0 1.133.0
authlib 1.5.2 1.6.9
cryptography 45.0.2 46.0.5
filelock 3.18.0 3.20.3
mcp 1.9.0 1.23.0
protobuf 5.29.4 5.29.6
pyasn1 0.6.1 0.6.3
python-multipart 0.0.20 0.0.22
urllib3 2.4.0 2.6.3

Updates google-cloud-aiplatform from 1.64.0 to 1.133.0

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.133.0

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

... (truncated)

Changelog

Sourced from google-cloud-aiplatform's changelog.

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)
  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

  • Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
  • GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

... (truncated)

Commits
  • 78f2bdd chore(main): release 1.133.0 (#6211)
  • c8c0f0f fix: Add None check for agent_info in evals.py
  • 9952b97 chore: rollback
  • 83f4076 fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 937d5af Copybara import of the project:
  • aaaf902 chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs
  • 8c876ef fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 5448f06 fix: Require uri or staging bucket configuration for saving model to Vertex E...
  • 65717fa feat: GenAI SDK client(memory): Add enable_third_person_memories
  • be2eaaa fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config
  • Additional commits viewable in compare view

Updates authlib from 1.5.2 to 1.6.9

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

  • Add EdDSA to default jwt instance.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

v1.6.6

What's Changed

New Contributors

Full Changelog: authlib/authlib@v1.6.5...v1.6.6

v1.6.5

What's Changed

New Contributors

Full Changelog: authlib/authlib@v1.6.4...v1.6.5

v1.6.4

What's Changed

... (truncated)

Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.7.0

Unreleased

  • Add support for OpenID Connect RP-Initiated Logout 1.0 <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>_. See :ref:specs/rpinitiated for details. :issue:500
  • Per RFC 6749 Section 3.3, the scope parameter is now optional at both authorization and token endpoints. client.get_allowed_scope() is called to determine the default scope when omitted. :issue:845
  • Stop support for Python 3.9, start support Python 3.14. :pr:850
  • Allow AuthorizationServerMetadata.validate() to compose with RFC extension classes.
  • Fix expires_at=0 being incorrectly treated as None. :issue:530
  • Allow ResourceProtector decorator to be used without parentheses. :issue:604
  • Implement RFC9700 PKCE downgrade countermeasure.
  • Set User-Agent header when fetching server metadata and JWKs. :issue:704
  • RFC7523 accepts the issuer URL as a valid audience. :issue:730

Upgrade Guide: :ref:joserfc_upgrade.

Version 1.6.6

Released on Dec 12, 2025

  • get_jwt_config takes a client parameter, :pr:844.
  • Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 Client, :pr:778.
  • Use expires_in in OAuth2Token when expires_at is unparsable, :pr:842.
  • Always track state in session for OAuth client integrations.

Version 1.6.5

Released on Oct 2, 2025

  • RFC7591 generate_client_info and generate_client_secret take a request parameter.
  • Add size limitation when decode JWS/JWE to prevent DoS.
  • Add size limitation for DEF JWE zip algorithm.

Version 1.6.4

... (truncated)

Commits
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • 5be3c51 fix(jose): add ES256K into default jwt algorithms
  • 48b345f fix(jose): remove deprecated algorithm from default registry
  • a5d4b2d fix(jose): do not use header's jwk automatically
  • a769f34 chore: release 1.6.8
  • 84f3fa2 fix: add EdDSA to default jwt algorithms
  • 38e872a chore: release 1.6.7
  • b87c32e fix: remove "none" algorithm from default jwt instance
  • Additional commits viewable in compare view

Updates cryptography from 45.0.2 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:


46.0.4 - 2026-01-27

  • Dropped support for win_arm64 wheels_.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15


* Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:


46.0.2 - 2025-09-30

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16


* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:


46.0.0 - 2025-09-16

  • BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.

... (truncated)

Commits

Updates filelock from 3.18.0 to 3.20.3

Release notes

Sourced from filelock's releases.

3.20.3

What's Changed

Full Changelog: tox-dev/filelock@3.20.2...3.20.3

3.20.2

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

3.20.1

What's Changed

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

3.20.0

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.19.1...3.20.0

3.19.1

What's Changed

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

3.25.2 (2026-03-11)

  • 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

3.25.1 (2026-03-09)

  • [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
  • 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
  • [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
  • 📝 docs(logo): add branded project logo :pr:507

3.25.0 (2026-03-01)

  • ✨ feat(async): add AsyncReadWriteLock :pr:506
  • Standardize .github files to .yaml suffix
  • build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
  • build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add security policy
  • Add permissions to check workflow :pr:500
  • [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

3.24.3 (2026-02-19)

  • 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
  • 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

3.24.2 (2026-02-16)

  • 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
  • 🐛 fix(test): resolve flaky write non-starvation test :pr:490
  • 📝 docs: restructure using Diataxis framework :pr:489

3.24.1 (2026-02-15)

... (truncated)

Commits

Updates mcp from 1.9.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates protobuf from 5.29.4 to 5.29.6

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

Bazel

Compiler

C++

... (truncated)

Commits

Updates pyasn1 from 0.6.1 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
  • Fixed OverflowError from oversized BER length field.
  • Fixed DeprecationWarning stacklevel for deprecated attributes.
  • Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

  • Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
  • Added support for Python 3.14.
  • Added SECURITY.md policy.
  • Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

Revision 0.6.2, released 16-01-2026

Commits
  • af65c3b Prepare release 0.6.3
  • 5a49bd1 Merge commit from fork
  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
  • d7cb42d Fix OverflowError from oversized BER length field (#100)
  • e7356f8 Prepare release 0.6.2
  • 3908f14 Merge commit from fork
  • 0a7e067 Add support for Python 3.14 (#97)
  • 33656e9 Create Security Policy
  • fa62307 fix for issue #91: unit tests failing due to missing code (#92)
  • Additional commits viewable in compare view

Updates python-multipart from 0.0.20 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Version 0.0.22

What's Changed

  • Drop directory path from filename in File 9433f4b.

Full Changelog: Kludex/python-multipart@0.0.21...0.0.22

...

Description has been truncated

@dependabot
build(deps): bump the pip group across 1 directory with 9 updates
92d651d 
Bumps the pip group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.64.0` | `1.133.0` |
| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.9` |
| [cryptography](https://github.com/pyca/cryptography) | `45.0.2` | `46.0.5` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.18.0` | `3.20.3` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.9.0` | `1.23.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |
| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.22` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |



Updates `google-cloud-aiplatform` from 1.64.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.64.0...v1.133.0)

Updates `authlib` from 1.5.2 to 1.6.9
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.5.2...v1.6.9)

Updates `cryptography` from 45.0.2 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@45.0.2...46.0.5)

Updates `filelock` from 3.18.0 to 3.20.3
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.18.0...3.20.3)

Updates `mcp` from 1.9.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.9.0...v1.23.0)

Updates `protobuf` from 5.29.4 to 5.29.6
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `pyasn1` from 0.6.1 to 0.6.3
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.6.1...v0.6.3)

Updates `python-multipart` from 0.0.20 to 0.0.22
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.20...0.0.22)

Updates `urllib3` from 2.4.0 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.4.0...2.6.3)

---
updated-dependencies:
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
  dependency-group: pip
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
  dependency-group: pip
- dependency-name: filelock
  dependency-version: 3.20.3
  dependency-type: indirect
  dependency-group: pip
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: indirect
  dependency-group: pip
- dependency-name: protobuf
  dependency-version: 5.29.6
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
  dependency-group: pip
- dependency-name: python-multipart
  dependency-version: 0.0.22
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 17, 2026
@dependabot dependabot Bot mentioned this pull request Mar 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants