Skip to content

Bump the python-packages group in /api with 10 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/api/python-packages-6df0a8d720
Open

Bump the python-packages group in /api with 10 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/api/python-packages-6df0a8d720

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown

Bumps the python-packages group in /api with 10 updates:

Package From To
bleach 6.3.0 6.4.0
croniter 6.2.2 6.2.3
gevent 26.4.0 26.5.0
gmpy2 2.3.0 2.3.1
python-socketio 5.16.1 5.16.3
aliyun-log-python-sdk 0.9.44 0.9.47
resend 2.27.0 2.32.2
graphon 0.4.0 0.6.0
json-repair 0.59.4 0.61.1
tenacity 9.1.2 9.1.4

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

  • Dropped support for pypy 3.10. (#764)

Security fixes

  • Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

    Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

    For example::

    import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

    outputs::

    'Click'

    See the advisory for details.

  • Fix GHSA-gj48-438w-jh9v.

    Fix issue where URI sanitization wasn't happening in formaction attributes.

    See the advisory for details.

Bug fixes

  • Add support for pypy 3.11. (#764)

  • Drop version max in tinycss2 pin. (#772)

    This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits
  • f0355a7 fix: fix last release date in CHANGES
  • ae4e8a2 chore: bleach 6.4.0 and final release
  • 970df58 fix: uri-sanitization in formaction attributes
  • 7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
  • 913ab75 fix: reduce redundancy in workflow jobs
  • 218c15a fix: rework pip caching
  • 4f0b097 fix: fix tox platform restrictions
  • e95a79d chore: update pytest
  • 91539d4 Bump actions/cache from 5.0.3 to 5.0.4
  • cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
  • Additional commits viewable in compare view

Updates croniter from 6.2.2 to 6.2.3

Changelog

Sourced from croniter's changelog.

6.2.3 (2026-07-02)

Features and Improvements

- Fix quadratic expansion of comma-separated range lists for a large speed-up on expressions with many ranges. [1d79fc6, [#231](https://github.com/pallets-eco/croniter/issues/231), @alhudz]

Bugfixes

- Reject a zero step (e.g. ``5-5/0``) in equal and reversed cron ranges instead of silently accepting it. [ab27767, [#232](https://github.com/pallets-eco/croniter/issues/232), @alhudz]
- Fix ``expand_from_start_time`` month low-bound off-by-one so stepped month ranges start on the correct month. [f329964, [#235](https://github.com/pallets-eco/croniter/issues/235), @alhudz]

Packaging

  • Fix zizmor-reported security findings in GitHub Actions workflows. [ed19f94, #230]
  • Bump pinned build and CI dependencies via dependabot.
  • Upgrade locked development and build dependencies (uv lock --upgrade).
Commits
  • 22b59e0 Prepare for release 6.2.3 (#236)
  • ab27767 reject zero step in equal and reversed cron ranges (#232)
  • f329964 fix expand_from_start_time month low bound off-by-one (#235)
  • 9810279 Bump the github-actions group with 2 updates (#233)
  • d051aaf Bump hatchling from 1.29.0 to 1.30.1 in the pip-dependencies group (#234)
  • 1d79fc6 fix quadratic expansion of comma-separated range lists (#231)
  • ed19f94 Fix zizmor-reported security findings in GitHub Actions workflows (#230)
  • 82657c3 Bump trove-classifiers in the pip-dependencies group (#229)
  • 8e13827 Bump the github-actions group with 2 updates (#228)
  • e55d70b Bump trove-classifiers in the pip-dependencies group across 1 directory (#225)
  • Additional commits viewable in compare view

Updates gevent from 26.4.0 to 26.5.0

Commits
  • 33c560c Preparing release 26.5.0
  • 7cebc52 ci.yml: add comments about likely problem with macOS 15/26
  • 6a9192e Add 315 to make-manylinux.
  • 65561dc Add change note.
  • a651598 test__threading is apparently initializing the hub on 3.15b1/ubuntu-latest/GH...
  • c2cda32 Disable some linux-specific pidfd tests because we don't use that.
  • 53371df We can't do coverage on 3.15b1, it doesn't have the binary tracer needed for ...
  • ed9160a Initial support for Python 3.15
  • 36e8203 Remove the CI badges from README.rst.
  • 21bf47d Disable appveyor, the windows github action runners were successful.
  • Additional commits viewable in compare view

Updates gmpy2 from 2.3.0 to 2.3.1

Release notes

Sourced from gmpy2's releases.

Release gmpy2 2.3.0a1

Version bump from 2.2.2a1 to 2.3.0a1.

Release gmpy2 2.2.2a1

Release 2.2.2 provide preliminary support for free-threaded Python. And many bug fixes.

Release gmpy2 2.2.0

Release of gmpy2 2.2.0 with support for Cpython 3.12 and 3.13.

Release gmpy2 2.2.0a2

Release of gmpy2 2.2.0a2.

Release gmpy2 2.2.0a1

First release of gmpy2 2.2.0a1 with support for CPython 3.12.

Release gmpy2 2.1.5

Final (?) release of the 2.1.x series. No code changes since 2.1.3. Fixes to build Apple Silicon binary builds are the only changes since 2.1.3.

Release gmpy2 2.1.3

Latest release with minor bug fixes and support for Python 3.11

Release gmpy2 2.1.2

Added binary wheels for Apple silicon.

Release gmpy2-2.1.0b6

Test release for 2.1.0b6 including binary wheels for multiple platforms.

Release gmpy2-2.1.0b5

Various bug fixes and tested with GMP 6.2.0, MPFR 4.1.0, and MPC 1.2.0rc1.

Release gmpy2 2.1.0 beta1

The first beta release of gmpy2 2.1.0.

Release gmpy2 2.1.0a4

This is bug fix for Cython and adds fmma() and fmms() from MPFR 4.

gmpy2 2.1.0 alpha 1

First public release of gmpy2 2.1.0 series.

Changelog

Sourced from gmpy2's changelog.

Changes in gmpy2 2.3.1

  • Fix ieee() for bit width > 128. (skirpichev)
  • Fix Fix mpc.__module__. (skirpichev)
  • Check for buffer overflows in format() dunders. (skirpichev)
  • Support CPython v3.15. (skirpichev)
  • Drop additional constraint for Jacobi symbol. (skirpichev)
Commits
  • 49b9de3 Merge pull request #703 from skirpichev/prepare-v2.3.1
  • 6998426 Merge pull request #705 from gmpy2/backport/gmpy2-2.3.x/pr-704
  • ba6b6af Update docs/history.rst
  • f6b138b Drop additional constraint for Jacobi symbol
  • 92af5e5 Support CPython v3.15
  • ff82187 Update cibuildwheel to v4.1.0
  • 27fd4c6 Check for buffer overflows of format strings in format() dunders
  • 79cda70 Fix few typos
  • 58d4a00 Bump sorenlouv/backport-github-action in the actions-deps group
  • 544494c Bump pypa/cibuildwheel from 3.4.0 to 3.4.1 in the actions-deps group
  • Additional commits viewable in compare view

Updates python-socketio from 5.16.1 to 5.16.3

Release notes

Sourced from python-socketio's releases.

Release 5.16.3

See CHANGES.md for release notes.

Release 5.16.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.16.3 - 2026-06-15

  • Catch all exceptions in redis and rabbitmq client managers #1581 (commit)

Release 5.16.2 - 2026-05-21

Release 5.16.1 - 2026-02-06

  • Use configured JSON module in managers #1549 (commit)
  • Admin UI fixes: remove duplicate tasks, report transport upgrades (commit)
  • Switch to Furo documentation template (commit)
  • Add Python free-threading to CI #1554 (commit)

Release 5.16.0 - 2025-12-24

  • Address deprecation warnings (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 5.15.1 - 2025-12-16

  • Restore support multiple arguments via pubsub emits #1540 (commit)

Release 5.15.0 - 2025-11-22

Release 5.14.3 - 2025-10-29

  • Support Python's native ConnectionRefusedError exception to reject a connection #1515 (commit)
  • Push binary data to the aiopika client manager #1514 (commit)

Release 5.14.2 - 2025-10-15

  • Restore binary message support in message queue setups #1509 (commit)
  • Fix formatting of client connection error #1507 (commit)
  • Add 3.14 and pypy-3.11 CI tasks (commit)
  • Improve documentation of the BaseManager.get_participants() method (commit)

Release 5.14.1 - 2025-10-02

... (truncated)

Commits
  • 36c550f Release 5.16.3
  • 80bb5c9 Catch all exceptionsin redis and rabbitmq managers (Fixes #1581)
  • 3f1d509 Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#1580) #nolog
  • c2918c1 Bump qs and express in /examples/server/javascript (#1579) #nolog
  • e19cb7d Bump qs and express in /examples/client/javascript (#1578) #nolog
  • f616fb1 Bump ws, engine.io, socket.io-adapter and socket.io-client (#1575) #nolog
  • 5f35b0b Bump ws, engine.io, socket.io-adapter and socket.io-client (#1576) #nolog
  • 995f080 Version 5.16.3.dev0
  • 6e2b717 Release 5.16.2
  • cb65829 update python-engineio version
  • Additional commits viewable in compare view

Updates aliyun-log-python-sdk from 0.9.44 to 0.9.47

Commits

Updates resend from 2.27.0 to 2.32.2

Release notes

Sourced from resend's releases.

v2.32.2

What's Changed

Full Changelog: resend/resend-python@v2.32.1...v2.32.2

v2.32.1

What's Changed

Full Changelog: resend/resend-python@v2.32.0...v2.32.1

v2.32.0

What's Changed

Full Changelog: resend/resend-python@v2.31.0...v2.32.0

v2.31.0

What's Changed

New Contributors

Full Changelog: resend/resend-python@v2.30.1...v2.31.0

v2.30.1

What's Changed

New Contributors

Full Changelog: resend/resend-python@v2.30.0...v2.30.1

... (truncated)

Commits
  • 6a60b28 fix: use Contacts.Imports nested class for consistent type namespacing (#223)
  • 7519910 fix: contact imports segments typing (#222)
  • 10b4758 feat: add contact imports endpoints (#220)
  • 4ae9fa4 chore: bump version to 2.31.0 (#221)
  • dcb6e62 feat: add email.scheduled and email.suppressed to WebhookEvent (#219)
  • 5d9ddf9 feat: missing query parameter for GET on a received email (#218)
  • ec2f336 Fix installing from sdist (setup.py imports the package, pulling typing_exten...
  • f382b90 chore(deps): update codecov/codecov-action action to v7 (#213)
  • dca464c chore(deps): update python docker tag to v3.14.6 (#215)
  • cb3726c fix: inbound attachment types (#211)
  • Additional commits viewable in compare view

Updates graphon from 0.4.0 to 0.6.0

Release notes

Sourced from graphon's releases.

v0.6.0

What's Changed

New Contributors

Full Changelog: langgenius/graphon@v0.5.3...v0.6.0

v0.5.3

What's Changed

Full Changelog: langgenius/graphon@v0.5.2...v0.5.3

v0.5.2

What's Changed

Full Changelog: langgenius/graphon@v0.5.1...v0.5.2

v0.5.1

What's Changed

New Contributors

Full Changelog: langgenius/graphon@v0.5.0...v0.5.1

... (truncated)

Commits
  • 6ccee63 chore(release): bump version to 0.6.0 (#196)
  • a7f1e3b fix(document-extractor): add PDF text fallback (#189)
  • 8882fa5 feat(model-runtime): thread request_metadata through to model runtimes (#191)
  • 5a49cc9 chore(deps): bump the uv group across 1 directory with 4 updates (#194)
  • 3073fc5 chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 in the github-actions ...
  • 21af613 feat(human-input)!: extract Dify logic from HITL node (#185)
  • b25461c chore: bump version to v0.5.3 (#192)
  • 71fd746 feat(llm): stream reasoning on a dedicated out-of-band event (#180)
  • 39d5d47 chore: bump version to v0.5.2 (#187)
  • 07b7482 refactor(llm)!: remove workflow_run_id and node_id from polling protocol (#184)
  • Additional commits viewable in compare view

Updates json-repair from 0.59.4 to 0.61.1

Release notes

Sourced from json-repair's releases.

Release 0.61.1

Added

  • Fix various performance issues that led to quadratic time complexity for very large json strings with a lot of commas and/or quotes

Support this project

json_repair is maintained as a side project and stays free for everyone.

If it saves you debugging time, helps you handle LLM-generated JSON, or is part of your production workflow, please consider:

Sponsorship helps justify the time spent fixing edge cases, improving performance, and keeping the library reliable.

Release 0.61.0

Added

  • Fix #202, unwrap double-serialized schema-guided nested JSON strings. In case the schema expects an object or an array and the json is a string, try to see if that string is serialized object or array. In case salvage mode is enabled, try to repair the serialized object or array.

Support this project

json_repair is maintained as a side project and stays free for everyone.

If it saves you debugging time, helps you handle LLM-generated JSON, or is part of your production workflow, please consider:

Sponsorship helps justify the time spent fixing edge cases, improving performance, and keeping the library reliable.

Release 0.60.1

Added

  • A potential infinite loop in schema resolution could cause an application using the library to crash if the schema was self referential

Support this project

json_repair is maintained as a side project and stays free for everyone.

If it saves you debugging time, helps you handle LLM-generated JSON, or is part of your production workflow, please consider:

Sponsorship helps justify the time spent fixing edge cases, improving performance, and keeping the library reliable.

Release 0.60.0

Added

  • Support for repairing string values that contain low smart quote spans like „... when the closing quote is emitted as ASCII " instead of Unicode ”. Issue #198

Support this project

... (truncated)

Commits
  • 6a8b72b Fix quadratic scan in unclosed object string repair
  • 20c4a2c update various libraries
  • 2921f3a Fix #202 unwrap double-serialized schema-guided nested JSON strings
  • 4d000b1 fix: normalize deep schema recursion errors
  • 09fae3a Update README to clarify once more the behavior of skip_json_loads
  • 63992e9 Fix circular schema ref handling
  • 7cd8391 Fix #198 support low smart quote spans in strings
  • 46be950 update ANGENTS guidance
  • 0015c74 Fix README example for #197
  • d7f2a3b Fix #195 keep balanced braces in strings
  • Additional commits viewable in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

New Contributors

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits
  • d4e868d Fix retry() annotations with async sleep= function (#555)
  • 24415eb support async sleep for sync fn (#551)
  • 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
  • 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
  • 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
  • ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
  • c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
  • e792bba ci: fix mypy (#546)
  • 0f55245 ci: remove reno requirements (#542)
  • 815c34f feat(wait): add wait_exception strategy (#541)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group in /api with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |
| [croniter](https://github.com/pallets-eco/croniter) | `6.2.2` | `6.2.3` |
| [gevent](https://github.com/gevent/gevent) | `26.4.0` | `26.5.0` |
| [gmpy2](https://github.com/gmpy2/gmpy2) | `2.3.0` | `2.3.1` |
| [python-socketio](https://github.com/miguelgrinberg/python-socketio) | `5.16.1` | `5.16.3` |
| [aliyun-log-python-sdk](https://github.com/aliyun/aliyun-log-python-sdk) | `0.9.44` | `0.9.47` |
| [resend](https://github.com/resendlabs/resend-python) | `2.27.0` | `2.32.2` |
| [graphon](https://github.com/langgenius/graphon) | `0.4.0` | `0.6.0` |
| [json-repair](https://github.com/mangiucugna/json_repair) | `0.59.4` | `0.61.1` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |


Updates `bleach` from 6.3.0 to 6.4.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](mozilla/bleach@v6.3.0...v6.4.0)

Updates `croniter` from 6.2.2 to 6.2.3
- [Release notes](https://github.com/pallets-eco/croniter/releases)
- [Changelog](https://github.com/pallets-eco/croniter/blob/main/CHANGELOG.rst)
- [Commits](pallets-eco/croniter@6.2.2...6.2.3)

Updates `gevent` from 26.4.0 to 26.5.0
- [Release notes](https://github.com/gevent/gevent/releases)
- [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst)
- [Commits](gevent/gevent@26.4.0...26.5.0)

Updates `gmpy2` from 2.3.0 to 2.3.1
- [Release notes](https://github.com/gmpy2/gmpy2/releases)
- [Changelog](https://github.com/gmpy2/gmpy2/blob/v2.3.1/docs/history.rst)
- [Commits](gmpy2/gmpy2@v2.3.0...v2.3.1)

Updates `python-socketio` from 5.16.1 to 5.16.3
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.3)

Updates `aliyun-log-python-sdk` from 0.9.44 to 0.9.47
- [Release notes](https://github.com/aliyun/aliyun-log-python-sdk/releases)
- [Changelog](https://github.com/aliyun/aliyun-log-python-sdk/blob/master/HISTORY.md)
- [Commits](https://github.com/aliyun/aliyun-log-python-sdk/commits)

Updates `resend` from 2.27.0 to 2.32.2
- [Release notes](https://github.com/resendlabs/resend-python/releases)
- [Commits](resend/resend-python@v2.27.0...v2.32.2)

Updates `graphon` from 0.4.0 to 0.6.0
- [Release notes](https://github.com/langgenius/graphon/releases)
- [Commits](langgenius/graphon@v0.4.0...v0.6.0)

Updates `json-repair` from 0.59.4 to 0.61.1
- [Release notes](https://github.com/mangiucugna/json_repair/releases)
- [Commits](mangiucugna/json_repair@v0.59.4...v0.61.1)

Updates `tenacity` from 9.1.2 to 9.1.4
- [Release notes](https://github.com/jd/tenacity/releases)
- [Commits](jd/tenacity@9.1.2...9.1.4)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: croniter
  dependency-version: 6.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: gevent
  dependency-version: 26.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: gmpy2
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: python-socketio
  dependency-version: 5.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: aliyun-log-python-sdk
  dependency-version: 0.9.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: resend
  dependency-version: 2.32.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: graphon
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: json-repair
  dependency-version: 0.61.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: tenacity
  dependency-version: 9.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Development

Successfully merging this pull request may close these issues.

0 participants