Skip to content

deps(uv): bump the uv-minor-patch group across 1 directory with 38 updates#1225

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-minor-patch-61feb40bb6
Open

deps(uv): bump the uv-minor-patch group across 1 directory with 38 updates#1225
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-minor-patch-61feb40bb6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv-minor-patch group with 38 updates in the / directory:

Package From To
anyio 4.13.0 4.14.1
certifi 2026.5.20 2026.6.17
click 8.4.1 8.4.2
fastapi 0.136.3 0.139.0
greenlet 3.5.1 3.5.3
matplotlib 3.10.9 3.11.0
numpy 2.4.6 2.5.1
pypdf 6.13.3 6.14.2
regex 2026.5.9 2026.6.28
scipy 1.17.1 1.18.0
sqlalchemy 2.0.50 2.0.51
typing-extensions 4.15.0 4.16.0
uvicorn 0.49.0 0.50.2
redis 8.0.0 8.0.1
sentence-transformers 5.5.1 5.6.0
mutagen 1.47.0 1.48.1
pillow-heif 1.3.0 1.4.0
streamlit 1.58.0 1.59.0
hypothesis 6.155.3 6.156.1
httpx2 2.3.0 2.5.0
maturin 1.14.0 1.14.1
pytest 9.0.3 9.1.1
ruff 0.15.17 0.15.20
ast-serialize 0.3.0 0.6.0
cbor2 6.0.1 6.1.3
cyclonedx-python-lib 11.7.0 11.11.0
distlib 0.4.0 0.4.3
filelock 3.29.0 3.29.5
httpcore2 2.3.0 2.5.0
librt 0.11.0 0.12.0
lxml 6.1.0 6.1.1
narwhals 2.20.0 2.23.0
platformdirs 4.9.6 4.10.0
pyopenssl 26.2.0 26.3.0
python-discovery 1.3.0 1.4.3
stevedore 5.7.0 5.9.0
tzlocal 5.3.1 5.4.4
virtualenv 21.3.1 21.5.2

Updates anyio from 4.13.0 to 4.14.1

Release notes

Sourced from anyio's releases.

4.14.1

  • Fixed teardown of higher-scoped async fixtures failing on asyncio with RuntimeError: Attempted to exit cancel scope in a different task than it was entered in when an async test raise an outcome exception (e.g., pytest.skip(), pytest.xfail(), or pytest.fail()) (#1179; PR by @​EmmanuelNiyonshuti)
  • Fixed CapacityLimiter.total_tokens rejecting a value of 0 when the limiter was instantiated outside of an event loop, contradicting the documented behavior of allowing 0 total tokens (#1183; PR by @​nyxst4ck)

4.14.0

  • Added support for Python 3.15

  • Added an asynchronous implementation of the itertools module (#998; PR by @​11kkw)

  • Added the local_port parameter to connect_tcp() to allow binding to a specific local port before connecting (#1067; PR by @​nullwiz)

  • Added support for custom capacity limiters in async path and file I/O functions and classes

  • Added the create_task() task group method for easier asyncio migration (returns a TaskHandle) (#1098)

  • Changed TaskGroup.start_soon() to return a TaskHandle

  • Added an option for TaskGroup.start() to return a TaskHandle (which then contains the start value in the start_value property)

  • Added the cancel() convenience method to TaskGroup as a shortcut for cancelling the task group's cancel scope

  • Improved the error message when a known backend is not installed to suggest the install command (#1115; PR by @​EmmanuelNiyonshuti)

  • Improved anyio.Path to preserve subclass types by returning Self in methods that return path objects (#1130; PR by @​EmmanuelNiyonshuti)

  • Changed the parameter type annotation in anyio.Path.write_bytes() to accept any ReadableBuffer, thus allowing it to accept bytearray and memoryview to match pathlib.Path.write_bytes() (#1135; PR by @​SAY-5)

  • Changed several type annotations to only accept callables returning coroutine-like objects instead of arbitrary awaitables:

    • TaskGroup.start_soon()
    • TaskGroup.start()
    • anyio.from_thread.run()

    This reverts an earlier change from v3.7.0 which was made in error. (#1153)

  • Changed anyio.run to support callables returning arbitrary awaitables at runtime on all backends. Previously, this only worked on asyncio (#1171; PR by @​gschaffner)

  • Changed several classes (and their subclasses) to have __slots__ (with __weakref__):

    • anyio.CancelScope
    • anyio.CapacityLimiter
    • anyio.Condition
    • anyio.Event
    • anyio.Lock
    • anyio.ResourceGuard
    • anyio.Semaphore
  • Fixed cancellation exception escaping a cancel scope when triggered via check_cancelled() in a worker thread (#1113)

  • Fixed TaskGroup raising AttributeError instead of a clear error when entered more than once (#1109; PR by @​bahtya)

... (truncated)

Commits
  • 149b9e9 Bumped up the version
  • 377518c Bump actions/checkout from 6 to 7 in the github-actions group (#1186)
  • b42a2f5 [pre-commit.ci] pre-commit autoupdate (#1185)
  • 3ceb6ff Allow 0 tokens in a CapacityLimiter instantiated outside an event loop (#1183)
  • e10d1db Add missing await to open_file() in file I/O concurrency example (#1182)
  • 1dbc3b6 OutcomeException should not discard test runner_task (#1180)
  • ffe9133 Bumped up the version
  • f8b9f01 Fixed asyncio lock waiter deadlocks after cancellation (#1145)
  • d517ee1 [pre-commit.ci] pre-commit autoupdate (#1176)
  • 550b68e Make anyio.run support Awaitable at runtime on all backends (#1171)
  • Additional commits viewable in compare view

Updates certifi from 2026.5.20 to 2026.6.17

Commits

Updates click from 8.4.1 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582
Changelog

Sourced from click's changelog.

Version 8.4.2

Released 2026-06-24

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. {pr}3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. {issue}2331 {issue}1884 {issue}3125 {pr}3582
Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates fastapi from 0.136.3 to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

0.138.1

Refactors

  • ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

... (truncated)

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates greenlet from 3.5.1 to 3.5.3

Changelog

Sourced from greenlet's changelog.

3.5.3 (2026-06-26)

  • Fix a crash on free-threaded builds when multiple greenlets were holding a critical section on an object and the GIL for the thread was dropped. See issue 513 <https://github.com/python-greenlet/greenlet/issues/513>_. Thanks to ddorian.

3.5.2 (2026-06-17)

  • The minimum supported version of Python 3.15 is now 3.15b2.
  • Fix some garbage-collection related crashes on free-threaded Python 3.15. Thanks to Kumar Aditya in PR [#511](https://github.com/python-greenlet/greenlet/issues/511) <https://github.com/python-greenlet/greenlet/pull/511>_.
  • Improve garbage collection of greenlets. This mostly applies to Python 3.15. Thanks to Kumar Aditya in PR [#512](https://github.com/python-greenlet/greenlet/issues/512) <https://github.com/python-greenlet/greenlet/pull/512>_.
Commits
  • 6ee8c2c Preparing release 3.5.3
  • 6ec0bbb Merge pull request #514 from python-greenlet/issue513-preserve-crit-section
  • c03a7e6 Py3.13+: Preserve thread state critical_section to prevent crash on free-thre...
  • bc10829 Speed up manylinux test runs by only running the core checks; only start many...
  • c2db75d Back to development: 3.5.3
  • 0b64e9c Preparing release 3.5.2
  • 3e28d27 Add change note for #512 [skip ci]
  • 6563c5e Merge pull request #512 from kumaraditya303/ft-mem
  • ab6eff6 add ignore for win 3.10
  • 41f5349 revert back to fails_leakcheck_on_py314_or_less
  • Additional commits viewable in compare view

Updates matplotlib from 3.10.9 to 3.11.0

Release notes

Sourced from matplotlib's releases.

REL: v3.11.0

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. See the release notes for more information.

REL: v3.11.0rc2

This is the second release candidate for the meso release 3.11.0.

This release candidate fixes some problems with downstream packages, removes some missed deprecations, and corrects some additional minor bugs.

REL: v3.11.0rc1

After an extended development stretch, we are pleased to announce the first release candidate of Matplotlib 3.11.0.

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner. Due to the update to the font rendering stack, we cannot guarantee that text will be bit-for-bit perfect with previous releases, so if you are using Matplotlib for testing, it may be necessary to introduce/raise a tolerance within your tests.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. Final release notes are still being curated, but you may browse the list of new features, API changes, and all issues/pull requests on the milestone.

As a note for downstream packagers, the font libraries have only been tested against the versions bundled with the wheels. It may be possible to expand the range of requirements, or that a requirement is too broad. Please report any issues you have building against external dependencies.

Commits
  • 69c7534 REL: v3.11.0
  • b7d912b DOC: Set 3.11 as preferred stable release
  • 7c3d502 Update Security Policy for 3.11
  • 964e73d DOC: Prepare GitHub stats for 3.11 final
  • bfa2633 Bump font manager version to final release
  • d0603b2 Merge pull request #31873 from meeseeksmachine/auto-backport-of-pr-31706-on-v...
  • edf5ebc Backport PR #31706: Fix clabel manual index
  • c0e80b7 Merge pull request #31872 from meeseeksmachine/auto-backport-of-pr-31868-on-v...
  • 2a14854 Backport PR #31868: DOC: Move errorbar examples to the statistics sections
  • ea43d96 Merge pull request #31871 from meeseeksmachine/auto-backport-of-pr-31870-on-v...
  • Additional commits viewable in compare view

Updates numpy from 2.4.6 to 2.5.1

Release notes

Sourced from numpy's releases.

v2.5.1 (July 4, 2026)

NumPy 2.5.1 Release Notes

The NumPy 2.5.1 is a patch release that fixes bugs discovered after the 2.5.0 release. The most noticeable is the fix is to the numpy datetime cython API which should allow downstream to support NumPy versions older than 2.5. Preparation for Python 3.15 continues along with typing improvements.

This release supports Python versions 3.12-3.14

Changes

  • The minimum supported GCC version has been updated from 9.3.0 to 10.3.0

    (gh-31843)

Contributors

A total of 10 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Adhyan Gupta +
  • Ankit Ahlawat
  • Charles Harris
  • Iason Krommydas
  • Joren Hammudoglu
  • Kumar Aditya
  • Nathan Goldbaum
  • Sebastian Berg
  • Ties Jan Hefting +
  • Vineet Kumar

Pull requests merged

A total of 20 pull requests were merged for this release.

  • #31707: MAINT: Prepare 2.5.x for further development
  • #31721: CI: fix new cython-lint errors (#31711)
  • #31723: MAINT: Update meson to match main
  • #31729: TST: use setup-sde instead of curl to get SDE binaries (#31727)
  • #31829: BUG: Relax finfo to be easier accessible for all user dtypes...
  • #31831: TYP: Fix flatiter.__next__ return type for object_ and...
  • #31832: BUG: avoid deadlocks using NpyString API (#31682)
  • #31833: BUG: fix out array leak in reduceat and accumulate when dtype...
  • #31835: BUG: fix numpy datetime cython APIs to be compatible with older...
  • #31836: TYP: Fix incorrect dtype inference of asarray([]) (#31732)
  • #31837: TYP: Fix np.ma.masked_array 2.5.0 regression
  • #31838: FIX: Refactor error handling in array_setstate to prevent typecode...
  • #31839: TST: xfail multithreaded BLAS test more generously
  • #31840: MAINT: Rename subroutine for crackfortran tests

... (truncated)

Commits
  • 5e1d03f Merge pull request #31863 from charris/prepare-2.5.1
  • ad0b66b REL: Prepare for the NumPy 2.5.1 release.
  • 9df8516 Merge pull request #31858 from charris/backport-31688
  • 4dee265 Merge pull request #31857 from charris/backport-31775
  • dc8d553 Merge pull request #31856 from charris/backport-31846
  • 67cb4a8 fix:Signed integer overflow in datetime.c (#31688)
  • baa2589 TST: Clean up imports, formatting, and assertions
  • 2fe5ba4 TEST: Refactor tests to use np.testing.assert_raises_regex per review
  • bb46581 MAINT: Remove deprecated Python recursion fix
  • 8f34214 MAINT: Move SeedSequence recursion guard to C-layer and add tests
  • Additional commits viewable in compare view

Updates pypdf from 6.13.3 to 6.14.2

Release notes

Sourced from pypdf's releases.

Version 6.14.2, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.1, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.0, 2026-06-22

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.14.2, 2026-06-23

Security (SEC)

  • Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (#3892)

Full Changelog

Version 6.14.1, 2026-06-23

Security (SEC)

  • Detect end of stream during inline image end marker detection (#3891)

Full Changelog

Version 6.14.0, 2026-06-22

Security (SEC)

  • Apply general limit for requested image size (#3888)
  • Speed up recovery when reading broken cross-reference table (#3887)

New Features (ENH)

  • Check whether image is displayed on a given page (#3738)

Robustness (ROB)

  • Several fixes

Full Changelog

Commits
  • 2266ee8 REL: 6.14.2
  • 5a33a46 SEC: Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (...
  • 1ee4e58 REL: 6.14.1
  • ec3b145 SEC: Detect end of stream during inline image end marker detection (#3891)
  • c6cd82e ROB: Tolerate malformed inline image settings in _read_inline_image (#3889)
  • 0ae42ba ROB: Tolerate malformed page label entries in get_label_from_nums (#3884)
  • 50617b5 ROB: Tolerate malformed Tm operand count in extract_text (#3877)
  • 86e5a82 MAINT: Improve readability (#3874)
  • 83cb25f DEV: Fix sample files commit
  • 06588ec REL: 6.14.0
  • Additional commits viewable in compare view

Updates regex from 2026.5.9 to 2026.6.28

Changelog

Sourced from regex's changelog.

Version: 2026.7.10

Clarified that the POSIX flag makes it look for only the longest overall match.

Git issue 606: regex's compiled-pattern cache eviction is not free-threading-safe

Version: 2026.6.28

Git issue 604: regex fails on free-threading python because setlocale is not thread-safe

Version: 2026.5.9

Reverse matching with full unicode casefolding could lead to out-of-range string indexes.

Version: 2026.4.4

A fix for older Python versions before free-threading was  supported.

Version: 2026.4.3

More fixes for free-threading.

Version: 2026.3.32

Fixed segfault.

Version: 2026.3.31

Fixed bug again.

Version: 2026.3.30

Fixed bug.

Version: 2026.3.28

Fixed version.

Version: 2026.3.27

Various fixes, including ones to improve free-threading support.

Version: 2026.2.28

Replaced atomic operations with mutex on pattern object for free-threaded Python.

Version: 2026.2.26

PR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.

... (truncated)

Commits
  • b18daa6 Git issue 604: regex fails on free-threading python because setlocale is not ...
  • See full diff in compare view

Updates scipy from 1.17.1 to 1.18.0

Release notes

Sourced from scipy's releases.

SciPy 1.18.0 Release Notes

SciPy 1.18.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.18.x branch, and on adding new features on the main branch.

This release requires Python 3.12-3.14 and NumPy 2.0.0 or greater.

Highlights of this release

  • SciPy now supports three different build modes for BLAS and LAPACK LP64/ILP64 support, and machinery is provided for downstream cython_lapack consumers to gracefully handle LP64/ILP64 backend builds. ILP64 support has been substantially improved across the SciPy library.
  • Remaining Fortran to C translations have been completed---an experimental Fortran-free build option is now available to developers for testing purposes. Developer feedback is welcome on Fortran-free builds.
  • scipy.signal.whittaker_henderson now provides access to Whittaker-Henderson smoothing of a discrete signal.
  • A large number of scipy.stats functions now support lazy arrays and JAX JIT. Array API support has been improved substantially in SciPy, with at least 21 functions gaining new support in this release. 16 scipy.stats functions have also gained support for MArray input.

New features

scipy.fft improvements

  • SciPy's internal FFT backend has switched from pocketfft to its successor package ducc0.fft, which features several incremental improvements. The most significant of those from SciPy's perspective is probably that storage requirements for internally cached plans have been significantly reduced for most long 1D transforms. Plans that require more storage than 1MB will no longer be cached; this mainly affects huge 1D transforms of prime and near-prime sizes.

scipy.interpolate improvements

... (truncated)

Commits
  • 54ef542 REL: 1.18.0 release commit
  • a45e463 Merge pull request #25395 from tylerjereddy/treddy_prep_1.18.0_final
  • ee2442e TYP, MAINT, TST: PR 25395 revisions
  • 3225154 DOC: PR 25395 revisions
  • 14c7bd7 TYP: Fix mypy errors with pytest==9.1.0 (#25410)
  • 71522e9 DOC: revise SciPy 1.18.0 release notes
  • 92f8482 MAINT: fix errors from pytest 9.1 (#25378)
  • 7b27bf4 TST, MAINT: modernize spatial tests for pytest 10 (#25376)
  • d05b640 Merge pull request #25347 from tylerjereddy/treddy_version_bump_1.18.0rc3
  • e60fe8b REL: set to 1.18.0rc3 unreleased
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.50 to 2.0.51

Release notes

Sourced from sqlalchemy's releases.

2.0.51

Released: June 15, 2026

orm

  • [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

    References: #13207

  • [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

    References: #13356

engine

  • [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

    References: #9427

sql

  • [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

    References: #10827

... (truncated)

Commits

Updates typing-extensions from 4.15.0 to 4.16.0

Release notes

Sourced from typing-extensions's releases.

4.16.0

No changes since 4.16.0rc2.

Changes since 4.15.0:

  • Make typing_extensions.TypeAliasType's __module__ attribute writable. Backport of CPython PR #149172.
  • Fix setting of __required_keys__ and __optional_keys__ when inheriting keys with the same name.
  • Add support for AsyncIterator, io.Reader, io.Writer and os.PathLike protocols as bases for other protocols.
  • Fix incorrect behaviour on Python 3.9 and Python 3.10 that meant that calling isinstance with typing_extensions.Concatenate[...] or typing_extensions.Unpack[...] as the first argument could have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. This affected both CPython and PyPy implementations. Patch by Brian Schubert.
  • Fix __init_subclass__() behavior in the presence of multiple inheritance involving an @deprecated-decorated base class. Backport of CPython PR #138210 by Brian Schubert.
  • Raise TypeError when attempting to subclass typing_extensions.ParamSpec on Python 3.9. The typing implementation has always raised an error, and the typing_extensions implementation has raised an error on Python 3.10+ since typing_extensions v4.6.0. Patch by Brian Schubert.
  • Add the bound, covariant, contravariant, and infer_variance parameters to TypeVarTuple.
  • Officially support the bound, covariant, contravariant and infer_variance parameters to ParamSpec. Improve the validation of these parameters at runtime.
  • Rename typing_extensions.Sentinel to typing_extensions.sentinel, following the name that has been adopted for builtins.sentinel on Python 3.15. typing_extensions.Sentinel is retained as a soft-deprecated alias for backwards compatibility.
  • Add support for pickling sentinels.
  • Sentinels now preserve their identity when copied or deep-copied.
  • Deprecate passing name as a keyword argument or repr as a positional argument to the sentinel constructor.
  • The default repr of a sentinel X = sentinel("X") is now X rather than <X>.
  • Deprecate arbitrary attribute assignments to sentinels.
  • Deprecate subclassing sentinels.
  • Add support for Python 3.15.
  • Avoid a DeprecationWarning when deprecated is applied to a coroutine function on Python 3.14.0.

4.16.0rc2

Changes since 4.16.0rc1:

  • Avoid a DeprecationWarning when deprecated is applied to a coroutine function on Python 3.14.0.

Changes since 4.15.0:

  • Make typing_extensions.TypeAliasType's __module__ attribute writable. Backport of CPython PR #149172.
  • Fix setting of __required_keys__ and __optional_keys__ when inheriting keys with the same name.
  • Add support for AsyncIterator, io.Reader, io.Writer and os.PathLike protocols as bases for other protocols.
  • Fix incorrect behaviour on Python 3.9 and Python 3.10 that meant that calling isinstance with typing_extensions.Concatenate[...] or typing_extensions.Unpack[...] as the first argument could have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. This affected both CPython and PyPy implementations. Patch by Brian Schubert.
  • Fix __init_subclass__() behavior in the presence of multiple inheritance involving an @deprecated-d...

    Description has been truncated

…dates

Bumps the uv-minor-patch group with 38 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anyio](https://github.com/agronholm/anyio) | `4.13.0` | `4.14.1` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.5.20` | `2026.6.17` |
| [click](https://github.com/pallets/click) | `8.4.1` | `8.4.2` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.3` | `0.139.0` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.1` | `3.5.3` |
| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.9` | `3.11.0` |
| [numpy](https://github.com/numpy/numpy) | `2.4.6` | `2.5.1` |
| [pypdf](https://github.com/py-pdf/pypdf) | `6.13.3` | `6.14.2` |
| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.5.9` | `2026.6.28` |
| [scipy](https://github.com/scipy/scipy) | `1.17.1` | `1.18.0` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.50` | `2.0.51` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.15.0` | `4.16.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.49.0` | `0.50.2` |
| [redis](https://github.com/redis/redis-py) | `8.0.0` | `8.0.1` |
| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.5.1` | `5.6.0` |
| [mutagen](https://github.com/quodlibet/mutagen) | `1.47.0` | `1.48.1` |
| [pillow-heif](https://github.com/bigcat88/pillow_heif) | `1.3.0` | `1.4.0` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.58.0` | `1.59.0` |
| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.155.3` | `6.156.1` |
| [httpx2](https://github.com/pydantic/httpx2) | `2.3.0` | `2.5.0` |
| [maturin](https://github.com/pyo3/maturin) | `1.14.0` | `1.14.1` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.20` |
| [ast-serialize](https://github.com/mypyc/ast_serialize) | `0.3.0` | `0.6.0` |
| [cbor2](https://github.com/agronholm/cbor2) | `6.0.1` | `6.1.3` |
| [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) | `11.7.0` | `11.11.0` |
| [distlib](https://github.com/pypa/distlib) | `0.4.0` | `0.4.3` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.29.0` | `3.29.5` |
| [httpcore2](https://github.com/pydantic/httpx2) | `2.3.0` | `2.5.0` |
| [librt](https://github.com/mypyc/librt) | `0.11.0` | `0.12.0` |
| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |
| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.20.0` | `2.23.0` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.2.0` | `26.3.0` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.3.0` | `1.4.3` |
| [stevedore](https://docs.openstack.org/stevedore) | `5.7.0` | `5.9.0` |
| [tzlocal](https://github.com/regebro/tzlocal) | `5.3.1` | `5.4.4` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.3.1` | `21.5.2` |



Updates `anyio` from 4.13.0 to 4.14.1
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.13.0...4.14.1)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `click` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.1...8.4.2)

Updates `fastapi` from 0.136.3 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.3...0.139.0)

Updates `greenlet` from 3.5.1 to 3.5.3
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.5.1...3.5.3)

Updates `matplotlib` from 3.10.9 to 3.11.0
- [Release notes](https://github.com/matplotlib/matplotlib/releases)
- [Commits](matplotlib/matplotlib@v3.10.9...v3.11.0)

Updates `numpy` from 2.4.6 to 2.5.1
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.6...v2.5.1)

Updates `pypdf` from 6.13.3 to 6.14.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.13.3...6.14.2)

Updates `regex` from 2026.5.9 to 2026.6.28
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2026.5.9...2026.6.28)

Updates `scipy` from 1.17.1 to 1.18.0
- [Release notes](https://github.com/scipy/scipy/releases)
- [Commits](scipy/scipy@v1.17.1...v1.18.0)

Updates `sqlalchemy` from 2.0.50 to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `typing-extensions` from 4.15.0 to 4.16.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.15.0...4.16.0)

Updates `uvicorn` from 0.49.0 to 0.50.2
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.2)

Updates `redis` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v8.0.0...v8.0.1)

Updates `sentence-transformers` from 5.5.1 to 5.6.0
- [Release notes](https://github.com/huggingface/sentence-transformers/releases)
- [Commits](huggingface/sentence-transformers@v5.5.1...v5.6.0)

Updates `mutagen` from 1.47.0 to 1.48.1
- [Release notes](https://github.com/quodlibet/mutagen/releases)
- [Changelog](https://github.com/quodlibet/mutagen/blob/main/NEWS)
- [Commits](quodlibet/mutagen@release-1.47.0...release-1.48.1)

Updates `pillow-heif` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/bigcat88/pillow_heif/releases)
- [Changelog](https://github.com/bigcat88/pillow_heif/blob/master/CHANGELOG.md)
- [Commits](bigcat88/pillow_heif@v1.3.0...v1.4.0)

Updates `streamlit` from 1.58.0 to 1.59.0
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.58.0...1.59.0)

Updates `hypothesis` from 6.155.3 to 6.156.1
- [Release notes](https://github.com/HypothesisWorks/hypothesis/releases)
- [Commits](HypothesisWorks/hypothesis@v6.155.3...v6.156.1)

Updates `httpx2` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/pydantic/httpx2/releases)
- [Changelog](https://github.com/pydantic/httpx2/blob/main/src/httpx2/CHANGELOG.md)
- [Commits](pydantic/httpx2@v2.3.0...v2.5.0)

Updates `maturin` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/pyo3/maturin/releases)
- [Changelog](https://github.com/PyO3/maturin/blob/main/Changelog.md)
- [Commits](PyO3/maturin@v1.14.0...v1.14.1)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `ast-serialize` from 0.3.0 to 0.6.0
- [Commits](mypyc/ast_serialize@v0.3.0...v0.6.0)

Updates `cbor2` from 6.0.1 to 6.1.3
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@6.0.1...6.1.3)

Updates `cyclonedx-python-lib` from 11.7.0 to 11.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python-lib@v11.7.0...v11.11.0)

Updates `distlib` from 0.4.0 to 0.4.3
- [Release notes](https://github.com/pypa/distlib/releases)
- [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst)
- [Commits](pypa/distlib@0.4.0...0.4.3)

Updates `filelock` from 3.29.0 to 3.29.5
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.0...3.29.5)

Updates `httpcore2` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/pydantic/httpx2/releases)
- [Commits](pydantic/httpx2@v2.3.0...v2.5.0)

Updates `librt` from 0.11.0 to 0.12.0
- [Commits](mypyc/librt@v0.11.0...v0.12.0)

Updates `lxml` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.1.0...lxml-6.1.1)

Updates `narwhals` from 2.20.0 to 2.23.0
- [Release notes](https://github.com/narwhals-dev/narwhals/releases)
- [Commits](narwhals-dev/narwhals@v2.20.0...v2.23.0)

Updates `platformdirs` from 4.9.6 to 4.10.0
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.6...4.10.0)

Updates `pyopenssl` from 26.2.0 to 26.3.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.2.0...26.3.0)

Updates `python-discovery` from 1.3.0 to 1.4.3
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Changelog](https://github.com/tox-dev/python-discovery/blob/main/docs/changelog.rst)
- [Commits](tox-dev/python-discovery@1.3.0...1.4.3)

Updates `stevedore` from 5.7.0 to 5.9.0

Updates `tzlocal` from 5.3.1 to 5.4.4
- [Changelog](https://github.com/regebro/tzlocal/blob/master/CHANGES.txt)
- [Commits](regebro/tzlocal@5.3.1...5.4.4)

Updates `virtualenv` from 21.3.1 to 21.5.2
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.3.1...21.5.2)

---
updated-dependencies:
- dependency-name: anyio
  dependency-version: 4.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: greenlet
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: matplotlib
  dependency-version: 3.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: numpy
  dependency-version: 2.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: pypdf
  dependency-version: 6.14.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: regex
  dependency-version: 2026.6.28
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: scipy
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: typing-extensions
  dependency-version: 4.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: uvicorn
  dependency-version: 0.50.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: redis
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: sentence-transformers
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: mutagen
  dependency-version: 1.48.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: pillow-heif
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: streamlit
  dependency-version: 1.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: hypothesis
  dependency-version: 6.156.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: httpx2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: maturin
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: ast-serialize
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: cbor2
  dependency-version: 6.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: cyclonedx-python-lib
  dependency-version: 11.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: distlib
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: filelock
  dependency-version: 3.29.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: httpcore2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: librt
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-minor-patch
- dependency-name: narwhals
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: platformdirs
  dependency-version: 4.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: pyopenssl
  dependency-version: 26.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: python-discovery
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: stevedore
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: tzlocal
  dependency-version: 5.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
- dependency-name: virtualenv
  dependency-version: 21.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants