Skip to content

Bump the pip group across 1 directory with 6 updates#63

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-sdk/pip-b313c4debb
Open

Bump the pip group across 1 directory with 6 updates#63
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-sdk/pip-b313c4debb

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 10, 2026

Bumps the pip group with 6 updates in the /python-sdk directory:

Package From To
torch 2.1.2 2.8.0
langchain 0.1.0 0.3.0.dev1
langchain-community 0.0.10 0.3.27
scikit-learn 1.4.0 1.5.0
tqdm 4.66.1 4.66.3
sentry-sdk 1.39.2 1.45.1

Updates torch from 2.1.2 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Updates langchain from 0.1.0 to 0.3.0.dev1

Release notes

Sourced from langchain's releases.

langchain-openrouter==0.2.3

Changes since langchain-openrouter==0.2.2

release(openrouter): 0.2.3 (#37146) fix(openrouter): merge fragmented reasoning_details in streaming (#36401)

langchain-openrouter==0.2.2

Changes since langchain-openrouter==0.2.1

release(openrouter): 0.2.2 (#37139) feat(openrouter): session_id and trace fields (#37137) chore(docs): update x handle references (#37081) chore(model-profiles): refresh model profile data (#37074) chore(model-profiles): refresh model profile data (#37051) chore(model-profiles): refresh model profile data (#37015) chore(model-profiles): refresh model profile data (#37005) hotfix: bump min core versions (#36996) feat(core): add content-block-centric streaming (v2) (#36834) ci(infra): add pytest-xdist to partner test groups (#36988) hotfix(ci): remove nobenchmark flag (#36959) chore(partners): standardize integration test invocation (#36958) chore(model-profiles): refresh model profile data (#36911) chore(model-profiles): refresh model profile data (#36864) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.7.22 to 0.7.31 in /libs/partners/openrouter (#36782) chore(model-profiles): refresh model profile data (#36749) chore(model-profiles): refresh model profile data (#36720) chore(model-profiles): refresh model profile data (#36668) chore(model-profiles): refresh model profile data (#36630) chore(model-profiles): refresh model profile data (#36596) chore: add comment explaining pygments>=2.20.0 (#36570) chore(model-profiles): refresh model profile data (#36554) chore(model-profiles): refresh model profile data (#36539) chore(model-profiles): refresh model profile data (#36482) fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500) chore(model-profiles): refresh model profile data (#36423) chore(model-profiles): refresh model profile data (#36390) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) chore(model-profiles): refresh model profile data (#36368)

langchain-openrouter==0.2.1

Changes since langchain-openrouter==0.2.0

release(openrouter): 0.2.1 (#36348) fix(openrouter): pass attribution headers via httpx default_headers (#36347) chore(model-profiles): refresh model profile data (#36267) chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openrouter (#36247)

langchain-openrouter==0.2.0

Changes since langchain-openrouter==0.1.0

... (truncated)

Commits

Updates langchain-community from 0.0.10 to 0.3.27

Release notes

Sourced from langchain-community's releases.

libs/community/v0.3.27

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain-community@libs/community/v0.3.26...libs/community/v0.3.27

libs/community/v0.3.26

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain-community@libs/community/v0.3.25...libs/community/v0.3.26

libs/community/v0.3.25

What's Changed

New Contributors

... (truncated)

Commits

Updates scikit-learn from 1.4.0 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

... (truncated)

Commits

Updates tqdm from 4.66.1 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

tqdm v4.66.2 stable

  • pandas: add DataFrame.progress_map (#1549)
  • notebook: fix HTML padding (#1506)
  • keras: fix resuming training when verbose>=2 (#1508)
  • fix format_num negative fractions missing leading zero (#1548)
  • fix Python 3.12 DeprecationWarning on import (#1519)
  • linting: use f-strings (#1549)
  • update tests (#1549)
  • CI: bump actions (#1549)
Commits

Updates sentry-sdk from 1.39.2 to 1.45.1

Release notes

Sourced from sentry-sdk's releases.

1.45.1

This is a security backport release.

Changelog

Sourced from sentry-sdk's changelog.

1.45.1

This is a security backport release.

1.45.0

This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.

Various fixes & improvements

  • Allow to upsert monitors (#2929) by @​sentrivana

    It's now possible to provide monitor_config to the monitor decorator/context manager directly:

    from sentry_sdk.crons import monitor
All keys except schedule are optional
monitor_config = {
"schedule": {"type": "crontab", "value": "0 0 * * *"},
"timezone": "Europe/Vienna",
"checkin_margin": 10,
"max_runtime": 10,
"failure_issue_threshold": 5,
"recovery_threshold": 5,
}
@​monitor(monitor_slug='<monitor-slug>', monitor_config=monitor_config)
def tell_the_world():
print('My scheduled task...')

    Check out the cron docs for details.

  • Add Django signals_denylist to filter signals that are attached to by signals_spans (#2758) by @​lieryan

    If you want to exclude some Django signals from performance tracking, you can use the new signals_denylist Django option:

    import django.db.models.signals
import sentry_sdk
sentry_sdk.init(
...
integrations=[
DjangoIntegration(

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 6 updates
0e9dda1 
Bumps the pip group with 6 updates in the /python-sdk directory:

| Package | From | To |
| --- | --- | --- |
| [torch](https://github.com/pytorch/pytorch) | `2.1.2` | `2.8.0` |
| [langchain](https://github.com/langchain-ai/langchain) | `0.1.0` | `0.3.0.dev1` |
| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.0.10` | `0.3.27` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.4.0` | `1.5.0` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `1.39.2` | `1.45.1` |



Updates `torch` from 2.1.2 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.1.2...v2.8.0)

Updates `langchain` from 0.1.0 to 0.3.0.dev1
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-box==0.1.0...langchain==0.3.0.dev1)

Updates `langchain-community` from 0.0.10 to 0.3.27
- [Release notes](https://github.com/langchain-ai/langchain-community/releases)
- [Commits](https://github.com/langchain-ai/langchain-community/commits/libs/community/v0.3.27)

Updates `scikit-learn` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.4.0...1.5.0)

Updates `tqdm` from 4.66.1 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.66.1...v4.66.3)

Updates `sentry-sdk` from 1.39.2 to 1.45.1
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/1.45.1/CHANGELOG.md)
- [Commits](getsentry/sentry-python@1.39.2...1.45.1)

---
updated-dependencies:
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain
  dependency-version: 0.3.0.dev1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain-community
  dependency-version: 0.3.27
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tqdm
  dependency-version: 4.66.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: sentry-sdk
  dependency-version: 1.45.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 10, 2026
@snyk-io
Copy link
Copy Markdown

snyk-io Bot commented May 10, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants