Skip to content

chore(deps): bump the minor-and-patch group with 5 updates#165

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/uv/minor-and-patch-59357410b8
Open

chore(deps): bump the minor-and-patch group with 5 updates#165
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/uv/minor-and-patch-59357410b8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 5 updates:

Package From To
bleach 6.3.0 6.4.0
newrelic 13.1.0 13.1.1
python-multipart 0.0.31 0.0.32
datamodel-code-generator 0.59.1 0.60.0
ruff 0.15.15 0.15.16

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

  • Dropped support for pypy 3.10. (#764)

Security fixes

  • Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

    Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

    For example::

    import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

    outputs::

    'Click'

    See the advisory for details.

  • Fix GHSA-gj48-438w-jh9v.

    Fix issue where URI sanitization wasn't happening in formaction attributes.

    See the advisory for details.

Bug fixes

  • Add support for pypy 3.11. (#764)

  • Drop version max in tinycss2 pin. (#772)

    This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits
  • f0355a7 fix: fix last release date in CHANGES
  • ae4e8a2 chore: bleach 6.4.0 and final release
  • 970df58 fix: uri-sanitization in formaction attributes
  • 7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
  • 913ab75 fix: reduce redundancy in workflow jobs
  • 218c15a fix: rework pip caching
  • 4f0b097 fix: fix tox platform restrictions
  • e95a79d chore: update pytest
  • 91539d4 Bump actions/cache from 5.0.3 to 5.0.4
  • cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
  • Additional commits viewable in compare view

Updates newrelic from 13.1.0 to 13.1.1

Release notes

Sourced from newrelic's releases.

v13.1.1

Notes

This release of the Python agent adds additional model information to LangChain Chain LLM events, and fixes a bug in LangGraph streaming instrumentation.

Install the agent using easy_install/pip/distribute via the Python Package Index, using conda via the Conda-Forge Package Index, or download it directly from the New Relic download site.

Improved Features

  • Add additional model information to LangChain Chain LLM events

    • Add request.model and response.model attributes to LLM events produced by LangChain Chains.
    • This information is pulled on a best effort basis and may not always be available.

Bugs

  • Fix TypeError in LangGraph streaming instrumentation

    • Previously, when using a subset of streaming APIs in LangGraph, the agent would encounter a TypeError due to the use of weakref.WeakMethod by LangGraph. This has been fixed, and the agent should now work correctly with those LangGraph streaming methods.

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

Commits
  • 04d7e1e Fix WeakMethod Crash in LangGraph (#1755)
  • 67cce6f Merge pull request #1748 from newrelic/fix-langchain-chain-models
  • cd81a1a Merge branch 'main' into fix-langchain-chain-models
  • c972036 Bump the github_actions group with 3 updates (#1754)
  • fbf4258 Merge branch 'main' into fix-langchain-chain-models
  • 4e896ef Simplify sklearn tests for new version (#1753)
  • 56c873a Rename various symbols
  • 91d7456 Use callback to handle response model
  • 638a468 Reintroduce request/response model attrs on lanchain chains
  • 60205ae Remove request/response model for separate PR
  • Additional commits viewable in compare view

Updates python-multipart from 0.0.31 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

  • Speed up partial-boundary scanning for CR/LF-dense part data #300.
Commits

Updates datamodel-code-generator from 0.59.1 to 0.60.0

Release notes

Sourced from datamodel-code-generator's releases.

0.60.0

Breaking Changes

  • Avro record field defaults are no longer emitted as generated Python defaults. Avro defaults describe reader behavior, not Python model construction defaults, so generated Avro model fields now stay required even when the Avro schema has default. This also applies to Avro schemas embedded in AsyncAPI multi-format schemas. (#3256)
  • XML Schema datatype mappings were corrected. xs:decimal now generates Decimal instead of float; xs:dateTime defaults to standard-library datetime because XML Schema allows values without a timezone; xs:dateTimeStamp remains AwareDatetime; xs:duration and xs:yearMonthDuration now generate str, while xs:dayTimeDuration still generates timedelta. (#3248)
  • GraphQL input fields with schema defaults are now generated as optional fields with defaults. For example, non-null list inputs declared with = [] can now be omitted when constructing the generated model. (#3255)
  • Protobuf bytes defaults are now generated as bytes literals instead of strings, including escaped byte sequences. (#3252)
  • XML Schema default and fixed values are parsed according to their XSD lexical types. This affects list defaults, union defaults, non-finite float values, temporal defaults, boolean defaults with XML Schema whitespace, and fixed decimal values. (#3258, #3260, #3261, #3263, #3267, #3268)

Notes

  • --output-datetime-class is respected for XML Schema xs:dateTime and xs:dateTimeStamp when explicitly provided. Without the option, the XML Schema defaults above are used. (#3266)
  • Enum member defaults remain opt-in through --set-default-enum-member. The default behavior is not changed to force enum member references. (#3264)
  • JSON Schema and OpenAPI const values are not treated as generated Python defaults unless the schema also defines a default. XML Schema fixed keeps its XSD value-constraint behavior. (#3268)

What's Changed

Full Changelog: koxudaxi/datamodel-code-generator@0.59.1...0.60.0

Changelog

Sourced from datamodel-code-generator's changelog.

0.60.0 - 2026-06-04

Breaking Changes

  • Avro record field defaults are no longer emitted as generated Python defaults. Avro defaults describe reader behavior, not Python model construction defaults, so generated Avro model fields now stay required even when the Avro schema has default. This also applies to Avro schemas embedded in AsyncAPI multi-format schemas. (#3256)
  • XML Schema datatype mappings were corrected. xs:decimal now generates Decimal instead of float; xs:dateTime defaults to standard-library datetime because XML Schema allows values without a timezone; xs:dateTimeStamp remains AwareDatetime; xs:duration and xs:yearMonthDuration now generate str, while xs:dayTimeDuration still generates timedelta. (#3248)
  • GraphQL input fields with schema defaults are now generated as optional fields with defaults. For example, non-null list inputs declared with = [] can now be omitted when constructing the generated model. (#3255)
  • Protobuf bytes defaults are now generated as bytes literals instead of strings, including escaped byte sequences. (#3252)
  • XML Schema default and fixed values are parsed according to their XSD lexical types. This affects list defaults, union defaults, non-finite float values, temporal defaults, boolean defaults with XML Schema whitespace, and fixed decimal values. (#3258, #3260, #3261, #3263, #3267, #3268)

Notes

  • --output-datetime-class is respected for XML Schema xs:dateTime and xs:dateTimeStamp when explicitly provided. Without the option, the XML Schema defaults above are used. (#3266)
  • Enum member defaults remain opt-in through --set-default-enum-member. The default behavior is not changed to force enum member references. (#3264)
  • JSON Schema and OpenAPI const values are not treated as generated Python defaults unless the schema also defines a default. XML Schema fixed keeps its XSD value-constraint behavior. (#3268)

What's Changed

Full Changelog: koxudaxi/datamodel-code-generator@0.59.1...0.60.0

Commits

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-and-patch group with 5 updates
ed45f9e 
Bumps the minor-and-patch group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |
| [newrelic](https://github.com/newrelic/newrelic-python-agent) | `13.1.0` | `13.1.1` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.31` | `0.0.32` |
| [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) | `0.59.1` | `0.60.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.15` | `0.15.16` |


Updates `bleach` from 6.3.0 to 6.4.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](mozilla/bleach@v6.3.0...v6.4.0)

Updates `newrelic` from 13.1.0 to 13.1.1
- [Release notes](https://github.com/newrelic/newrelic-python-agent/releases)
- [Commits](newrelic/newrelic-python-agent@v13.1.0...v13.1.1)

Updates `python-multipart` from 0.0.31 to 0.0.32
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.31...0.0.32)

Updates `datamodel-code-generator` from 0.59.1 to 0.60.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.59.1...0.60.0)

Updates `ruff` from 0.15.15 to 0.15.16
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.15...0.15.16)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: newrelic
  dependency-version: 13.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: python-multipart
  dependency-version: 0.0.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: datamodel-code-generator
  dependency-version: 0.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type/dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants