Skip to content

Bump the uv group across 9 directories with 7 updates#2161

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-5f109d56d2
Open

Bump the uv group across 9 directories with 7 updates#2161
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-5f109d56d2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 4 updates in the / directory: python-socketio, joserfc, nltk and ujson.
Bumps the uv group with 5 updates in the /backend directory:

Package From To
python-socketio 5.9.0 5.16.2
azure-identity 1.16.0 1.16.1
nltk 3.9.4 3.10.0
ujson 5.12.1 5.13.0
soupsieve 2.8.3 2.8.4

Bumps the uv group with 3 updates in the /platform-service directory: nltk, ujson and soupsieve.
Bumps the uv group with 3 updates in the /unstract/connectors directory: nltk, ujson and soupsieve.
Bumps the uv group with 3 updates in the /unstract/filesystem directory: nltk, ujson and soupsieve.
Bumps the uv group with 3 updates in the /unstract/sdk1 directory: nltk, ujson and soupsieve.
Bumps the uv group with 3 updates in the /unstract/tool-registry directory: nltk, ujson and soupsieve.
Bumps the uv group with 2 updates in the /unstract/workflow-execution directory: nltk and soupsieve.
Bumps the uv group with 4 updates in the /workers directory: python-socketio, nltk, ujson and soupsieve.

Updates python-socketio from 5.16.1 to 5.16.2

Release notes

Sourced from python-socketio's releases.

Release 5.16.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.16.3 - 2026-06-15

  • Catch all exceptions in redis and rabbitmq client managers #1581 (commit)

Release 5.16.2 - 2026-05-21

Release 5.16.1 - 2026-02-06

  • Use configured JSON module in managers #1549 (commit)
  • Admin UI fixes: remove duplicate tasks, report transport upgrades (commit)
  • Switch to Furo documentation template (commit)
  • Add Python free-threading to CI #1554 (commit)

Release 5.16.0 - 2025-12-24

  • Address deprecation warnings (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 5.15.1 - 2025-12-16

  • Restore support multiple arguments via pubsub emits #1540 (commit)

Release 5.15.0 - 2025-11-22

Release 5.14.3 - 2025-10-29

  • Support Python's native ConnectionRefusedError exception to reject a connection #1515 (commit)
  • Push binary data to the aiopika client manager #1514 (commit)

Release 5.14.2 - 2025-10-15

  • Restore binary message support in message queue setups #1509 (commit)
  • Fix formatting of client connection error #1507 (commit)
  • Add 3.14 and pypy-3.11 CI tasks (commit)
  • Improve documentation of the BaseManager.get_participants() method (commit)

Release 5.14.1 - 2025-10-02

... (truncated)

Commits
  • 6e2b717 Release 5.16.2
  • cb65829 update python-engineio version
  • ca140fe prevent unnecessary resource allocation (#1574)
  • b29beef tox configuration
  • e898130 Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog
  • 05c32f5 Bump qs and body-parser in /examples/server/javascript (#1572) #nolog
  • 287dc67 Bump qs and body-parser in /examples/client/javascript (#1571) #nolog
  • 664dc27 add zizmor to ci (#1570)
  • 14c6236 Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog
  • 29b2e5c Bump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nolog
  • Additional commits viewable in compare view

Updates joserfc from 1.6.5 to 1.6.8

Release notes

Sourced from joserfc's releases.

1.6.8

  • Reject empty OctKey.

Full Changelog: authlib/joserfc@1.6.7...1.6.8

1.6.7

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.6.8

Released on May 27, 2026

  • Reject empty OctKey.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.
Commits
  • ea1d9e3 chore: release 1.6.8
  • 86d0091 Reject empty oct key material and empty HMAC keys at sign/verify entry
  • 1e5b94d chore: release 1.6.7
  • 75d9f95 fix(typing): use cast for type hints
  • 6d24037 Merge pull request #98 from jonathangreen/algorithms-accept-collection
  • 102a7a7 fix(typing): accept any Collection for algorithms, not just list
  • 8b869e8 chore: release 1.6.6
  • 00d599b chore: update actions
  • 9186561 Merge pull request #97 from authlib/fix-b64
  • 4d4ea2e fix(jws): validate payload size for b64=false
  • Additional commits viewable in compare view

Updates nltk from 3.9.4 to 3.10.0

Release notes

Sourced from nltk's releases.

v3.10.0-rc1

What's Changed

... (truncated)

Changelog

Sourced from nltk's changelog.

Version 3.10.0 2026-06-11

  • Enforce the stricter nltk.pathsec security policy by default
  • Document the new security model and migration guidance
  • Harden resource loading against path traversal and SSRF/DNS-rebinding
  • Harden downloader path handling and block XML entity expansion
  • Close remaining corpus-reader security edge cases
  • Replace unsafe exec() usage in the utility CLI
  • Warn on unpickling user-provided pickles
  • Add HuggingFace datasets integration (nltk.huggingface)
  • Align TnT with Brants (2000) specifications
  • Fix PorterStemmer irregular-form lowercasing in NLTK mode
  • Fix TransitionParser sparse index dtype for scikit-learn 1.9
  • Fix TextCat tie handling
  • Fix WordNet object comparisons for incompatible types
  • Cache WordNet max depth lazily for lch_similarity()
  • Fix CCG variable direction, substitution, and type-raising bugs
  • Fix Jaro similarity for single-character and empty-string cases
  • Improve CI and release-maintenance workflows

Thanks to the following contributors to 3.10.0: 13rac1, alvations, bowiechen, devesh-2002, ekaf, elias-ba, haosenwang1018, HyperPS, ihitamandal, jancallewaert, jhnwnstd, JuanIMartinezB, Lemm1, LinZiyuu, Mr-Neutr0n, PastelStorm, scruge1, Syzygy2048, ylwango613, yzhaoinuw

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)

... (truncated)

Commits
  • bd49f90 allow escaped brackets in Tree.fromstring (#3694)
  • 27b8ad6 don't crash chomsky_normal_form on terminals with siblings (#3693)
  • 52227d2 Use os.name for Windows path handling (#3605)
  • 06c0e2c Avoid RIBES zero division on empty inputs (#3604)
  • a167389 Treat missing unzip output as stale (#3607)
  • c94c967 Fix EOF empty document bug in IEER corpus reader (#3648)
  • 94a259c Enforce restrictive primitive type checking in pathsec wrappers (#3692)
  • 5ac475d fix(security): isolate Stanford Java options and clean temp files (#3683)
  • 986f26e ci(deps): bump the github-actions group with 3 updates (#3691)
  • f26b375 fix(security): prevent pickle RCE in TransitionParser model loading (CWE-502)...
  • Additional commits viewable in compare view

Updates python-engineio from 4.13.1 to 4.13.3

Release notes

Sourced from python-engineio's releases.

Release 4.13.3

See CHANGES.md for release notes.

Release 4.13.2

See CHANGES.md for release notes.

Changelog

Sourced from python-engineio's changelog.

python-engineio change log

Release 4.13.3 - 2026-06-20

  • Make sure client disconnects when write loop exits #455 (commit)
  • Address flaky unit test #444 (commit)
  • Stop using codecov service, since it has been failing for a long time (commit)

Release 4.13.2 - 2026-05-21

Release 4.13.1 - 2026-02-06

  • Document that a process can have only one custom JSON module (commit)
  • Switch to Furo documentation template (commit)

Release 4.13.0 - 2025-12-24

  • Apply escaping rules when parsing cookie values (commit)
  • Several minor improvements to the aiohttp integration #419 (commit) (thanks PaulWasTaken!)
  • Clarify logging behavior in documentation #421 (commit) (thanks ZipFile!)
  • Address deprecation warnings #422 (commit)
  • Add 3.14 and pypy-3.11 CI builds (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 4.12.3 - 2025-09-28

  • Reset client queue upon disconnection #414 (commit)
  • Support ['*'] in addition to '*' in the cors_allowed_origins option #410 (commit) (thanks Wu Clan!)

Release 4.12.2 - 2025-06-04

  • Support new monkey-patched gevent Queue class in the client #403 (commit)
  • Better support of the ASGI spec when interpreting WebSocket events #405 (commit) (thanks Eric Zhang!)

Release 4.12.1 - 2025-05-11

  • Accept empty binary values in the async server #404 (commit)
  • Add SPDX license identifier #401 (commit) (thanks Marc Mueller!)

Release 4.12.0 - 2025-04-12

  • Optimize packet parsing to avoid unnecessary calls to JSON parser #399 (commit)
  • Pass environ as a second argument to callable option cors_allowed_origins #398 (commit) (thanks wft-swas!)

Release 4.11.2 - 2024-12-29

  • Fix incorrect disconnection reason reported when browser page is closed (commit)

... (truncated)

Commits
  • a53d58c Release 4.13.3
  • 9e72608 Remove failing coverage.py service
  • 7517473 Make sure client disconnects when write loop exists (Fixes #454) (#455)
  • 6902ffc Bump ws, engine.io and engine.io-client in /examples/client/javascript (#453)...
  • 883c8f4 Bump tornado from 6.5.5 to 6.5.7 in /examples/server/tornado (#451)
  • 0d6654e Bump aiohttp from 3.14.0 to 3.14.1 in /examples/server/aiohttp (#450) #nolog
  • 588a4db Bump qs and express in /examples/server/javascript (#447) #nolog
  • 28ed709 Bump aiohttp from 3.13.4 to 3.14.0 in /examples/server/aiohttp (#446) #nolog
  • d5ef0e4 Bump qs and express in /examples/client/javascript (#445) #nolog
  • ed46b24 Bump ws, engine.io and engine.io-client in /examples/client/javascript (#442)...
  • Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Changed

Fixed

  • Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @​bwoodsend
  • Replace generated version.h with macro (#735) @​hugovk
Commits
  • 1a23a68 Create manylinux2014 wheels (#745)
  • bd943e8 Build separate manylinux2014 + modern wheels
  • 87ae2df Create manylinux2014 wheels
  • 209371e Verify expected number of dists (#743)
  • 6392258 Also check SHA of wheels in case manylinux version changes
  • a00edea Verify expected number of dists
  • e24aeb7 Fix utf-8 test for graalpy
  • 9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
  • 0bbf9a3 Add support for Python 3.15 (#742)
  • 90ddea2 Replace pre-commit with prek to fix deprecation warning
  • Additional commits viewable in compare view

Updates python-socketio from 5.9.0 to 5.16.2

Release notes

Sourced from python-socketio's releases.

Release 5.16.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.16.3 - 2026-06-15

  • Catch all exceptions in redis and rabbitmq client managers #1581 (commit)

Release 5.16.2 - 2026-05-21

Release 5.16.1 - 2026-02-06

  • Use configured JSON module in managers #1549 (commit)
  • Admin UI fixes: remove duplicate tasks, report transport upgrades (commit)
  • Switch to Furo documentation template (commit)
  • Add Python free-threading to CI #1554 (commit)

Release 5.16.0 - 2025-12-24

  • Address deprecation warnings (commit)
  • Drop Python 3.8 and 3.9 from CI builds (commit)

Release 5.15.1 - 2025-12-16

  • Restore support multiple arguments via pubsub emits #1540 (commit)

Release 5.15.0 - 2025-11-22

Release 5.14.3 - 2025-10-29

  • Support Python's native ConnectionRefusedError exception to reject a connection #1515 (commit)
  • Push binary data to the aiopika client manager #1514 (commit)

Release 5.14.2 - 2025-10-15

  • Restore binary message support in message queue setups #1509 (commit)
  • Fix formatting of client connection error #1507 (commit)
  • Add 3.14 and pypy-3.11 CI tasks (commit)
  • Improve documentation of the BaseManager.get_participants() method (commit)

Release 5.14.1 - 2025-10-02

... (truncated)

Commits
  • 6e2b717 Release 5.16.2
  • cb65829 update python-engineio version
  • ca140fe prevent unnecessary resource allocation (#1574)
  • b29beef tox configuration
  • e898130 Bump ujson from 5.4.0 to 5.12.1 in /examples/server/sanic (#1573) #nolog
  • 05c32f5 Bump qs and body-parser in /examples/server/javascript (#1572) #nolog
  • 287dc67 Bump qs and body-parser in /examples/client/javascript (#1571) #nolog
  • 664dc27 add zizmor to ci (#1570)
  • 14c6236 Bump django in /examples/server/wsgi/django_socketio (#1566) #nolog
  • 29b2e5c Bump aiohttp from 3.13.3 to 3.13.4 in /examples/server/aiohttp (#1565) #nolog
  • Additional commits viewable in compare view

Updates azure-identity from 1.16.0 to 1.16.1

Commits

Updates nltk from 3.9.4 to 3.10.0

Release notes

Sourced from nltk's releases.

v3.10.0-rc1

What's Changed

Bumps the uv group with 4 updates in the / directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [joserfc](https://github.com/authlib/joserfc), [nltk](https://github.com/nltk/nltk) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the uv group with 5 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [python-socketio](https://github.com/miguelgrinberg/python-socketio) | `5.9.0` | `5.16.2` |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.16.0` | `1.16.1` |
| [nltk](https://github.com/nltk/nltk) | `3.9.4` | `3.10.0` |
| [ujson](https://github.com/ultrajson/ultrajson) | `5.12.1` | `5.13.0` |
| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |

Bumps the uv group with 3 updates in the /platform-service directory: [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 3 updates in the /unstract/connectors directory: [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 3 updates in the /unstract/filesystem directory: [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 3 updates in the /unstract/sdk1 directory: [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 3 updates in the /unstract/tool-registry directory: [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 2 updates in the /unstract/workflow-execution directory: [nltk](https://github.com/nltk/nltk) and [soupsieve](https://github.com/facelessuser/soupsieve).
Bumps the uv group with 4 updates in the /workers directory: [python-socketio](https://github.com/miguelgrinberg/python-socketio), [nltk](https://github.com/nltk/nltk), [ujson](https://github.com/ultrajson/ultrajson) and [soupsieve](https://github.com/facelessuser/soupsieve).


Updates `python-socketio` from 5.16.1 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `joserfc` from 1.6.5 to 1.6.8
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.6.8)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `python-socketio` from 5.9.0 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `azure-identity` from 1.16.0 to 1.16.1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.16.0...azure-identity_1.16.1)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.8 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.6 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.8 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.6 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `soupsieve` from 2.6 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `python-socketio` from 5.16.1 to 5.16.2
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.16.1...v5.16.2)

Updates `nltk` from 3.9.4 to 3.10.0
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.4...v3.10.0)

Updates `python-engineio` from 4.13.1 to 4.13.3
- [Release notes](https://github.com/miguelgrinberg/python-engineio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-engineio@v4.13.1...v4.13.3)

Updates `ujson` from 5.12.1 to 5.13.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.12.1...5.13.0)

Updates `soupsieve` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

---
updated-dependencies:
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: joserfc
  dependency-version: 1.6.8
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: azure-identity
  dependency-version: 1.16.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-socketio
  dependency-version: 5.16.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.10.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-engineio
  dependency-version: 4.13.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.13.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@sonarqubecloud

Copy link
Copy Markdown

@greptile-apps

greptile-apps Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR updates Python dependency pins across the monorepo. The main changes are:

  • New Socket.IO and Engine.IO versions for backend and workers log events.
  • NLTK, ujson, and soupsieve bumps across multiple lockfiles.
  • Backend azure-identity update.
  • Protobuf, grpc, OpenTelemetry, and Weaviate resolver changes in selected lockfiles.
  • Higher protobuf requirement for unstract-flags.

Confidence Score: 4/5

The workers lockfile needs to be regenerated for the changed unstract-flags protobuf requirement.

  • Most dependency updates have no confirmed direct break in the inspected call paths.
  • The workers lockfile still reflects the old editable-package protobuf constraint.
  • That stale lock can install a dependency set that does not match the changed source package.

workers/uv.lock

Important Files Changed

Filename Overview
backend/pyproject.toml Updates backend direct pins for python-socketio and azure-identity.
backend/uv.lock Refreshes backend locked versions for Socket.IO, Engine.IO, NLTK, ujson, soupsieve, and azure-identity.
unstract/flags/pyproject.toml Raises the protobuf runtime requirement for the flags package.
workers/pyproject.toml Raises the workers Socket.IO lower bound for log event emission.
workers/uv.lock Refreshes several worker dependencies but leaves the editable unstract-flags protobuf metadata stale.
platform-service/uv.lock Updates NLTK, ujson, soupsieve, protobuf, grpc, OpenTelemetry, and Weaviate-related locked packages.

Comments Outside Diff (1)

  1. workers/uv.lock, line 4783 (link)

    P1 Workers Lock Uses Old Constraint

    unstract/flags/pyproject.toml now requires protobuf>=7.35.1, but this workers lockfile still records the editable unstract-flags package as protobuf>=4.25.0 and resolves protobuf to 4.25.8. A locked workers install can therefore use a dependency set that no longer matches the source package, while the next re-lock will change the environment again.

    Prompt To Fix With AI
    This is a comment left during a code review.
    Path: workers/uv.lock
    Line: 4783
    
    Comment:
    **Workers Lock Uses Old Constraint**
    
    `unstract/flags/pyproject.toml` now requires `protobuf>=7.35.1`, but this workers lockfile still records the editable `unstract-flags` package as `protobuf>=4.25.0` and resolves `protobuf` to `4.25.8`. A locked workers install can therefore use a dependency set that no longer matches the source package, while the next re-lock will change the environment again.
    
    How can I resolve this? If you propose a fix, please make it concise.

    Fix in Claude Code

Fix All in Claude Code

Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
workers/uv.lock:4783
**Workers Lock Uses Old Constraint**

`unstract/flags/pyproject.toml` now requires `protobuf>=7.35.1`, but this workers lockfile still records the editable `unstract-flags` package as `protobuf>=4.25.0` and resolves `protobuf` to `4.25.8`. A locked workers install can therefore use a dependency set that no longer matches the source package, while the next re-lock will change the environment again.

Reviews (1): Last reviewed commit: "Bump the uv group across 9 directories w..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant