Skip to content

MAINT: Bump the minor-and-patch group with 7 updates#2078

Merged
romanlutz merged 1 commit into
mainfrom
dependabot/uv/minor-and-patch-68a792978f
Jun 24, 2026
Merged

MAINT: Bump the minor-and-patch group with 7 updates#2078
romanlutz merged 1 commit into
mainfrom
dependabot/uv/minor-and-patch-68a792978f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 7 updates:

Package From To
fastapi 0.137.1 0.138.0
pypdf 6.13.3 6.14.2
griffe 2.0.2 2.1.0
jupytext 1.19.3 1.19.4
ty 0.0.49 0.0.53
pytest 9.1.0 9.1.1
ruff 0.15.17 0.15.19

Updates fastapi from 0.137.1 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

0.137.2

Features

  • ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

Internal

... (truncated)

Commits

Updates pypdf from 6.13.3 to 6.14.2

Release notes

Sourced from pypdf's releases.

Version 6.14.2, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.1, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.0, 2026-06-22

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.14.2, 2026-06-23

Security (SEC)

  • Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (#3892)

Full Changelog

Version 6.14.1, 2026-06-23

Security (SEC)

  • Detect end of stream during inline image end marker detection (#3891)

Full Changelog

Version 6.14.0, 2026-06-22

Security (SEC)

  • Apply general limit for requested image size (#3888)
  • Speed up recovery when reading broken cross-reference table (#3887)

New Features (ENH)

  • Check whether image is displayed on a given page (#3738)

Robustness (ROB)

  • Several fixes

Full Changelog

Commits
  • 2266ee8 REL: 6.14.2
  • 5a33a46 SEC: Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (...
  • 1ee4e58 REL: 6.14.1
  • ec3b145 SEC: Detect end of stream during inline image end marker detection (#3891)
  • c6cd82e ROB: Tolerate malformed inline image settings in _read_inline_image (#3889)
  • 0ae42ba ROB: Tolerate malformed page label entries in get_label_from_nums (#3884)
  • 50617b5 ROB: Tolerate malformed Tm operand count in extract_text (#3877)
  • 86e5a82 MAINT: Improve readability (#3874)
  • 83cb25f DEV: Fix sample files commit
  • 06588ec REL: 6.14.0
  • Additional commits viewable in compare view

Updates griffe from 2.0.2 to 2.1.0

Release notes

Sourced from griffe's releases.

2.1.0

2.1.0 - 2026-06-19

Compare with 2.0.2

Build

  • Add tests to source distributions for griffecli and griffelib packages. Issue-452

Features

Bug Fixes

  • Rename tests module to avoid exclusion by packagers (5b3e392 by Timothée Mazzucotelli). Issue-461
  • Don't try merging overload annotations into non-function objects (1b6b053 by Timothée Mazzucotelli). Issue-451
Changelog

Sourced from griffe's changelog.

2.1.0 - 2026-06-19

Compare with 2.0.2

Build

  • Add tests to source distributions for griffecli and griffelib packages. Issue-452

Features

Bug Fixes

  • Rename tests module to avoid exclusion by packagers (5b3e392 by Timothée Mazzucotelli). Issue-461
  • Don't try merging overload annotations into non-function objects (1b6b053 by Timothée Mazzucotelli). Issue-451
Commits
  • 6913290 chore: Prepare release 2.1.0
  • 20457fe tests: Split test suite in two (CLI/lib)
  • 5b3e392 fix: Rename tests module to avoid exclusion by packagers
  • 5dc97b7 chore: Docs, space trimming
  • 82526e4 feat: Add logging format for Azure Devops
  • ead0127 fix: bump jsonschema minimum to 4.18
  • 702b33c ci: fix typing
  • 1b6b053 fix: Don't try merging overload annotations into non-function objects
  • 97106e4 style: Format
  • See full diff in compare view

Updates jupytext from 1.19.3 to 1.19.4

Release notes

Sourced from jupytext's releases.

Version 1.19.4

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Changelog

Sourced from jupytext's changelog.

1.19.4 (2026-06-21)

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Commits
  • 95cd281 Fix: quarto example
  • 8ef90bb Move Jupytext to a Jupytext organization
  • 7cfe21d Update the jupytext.org website (#1561)
  • 590ce61 build(deps): bump undici
  • 61e7163 Add custom_language_magics option to support user-defined language magics i...
  • 1d464eb Fix: use comment-tag to update the existing PR comment (#1560)
  • 7a65533 Fix CI: Build the extension with a dedicated pixi environment (#1558)
  • cbf24f8 docs: add changelog entries for #1539, #1540, and #1541
  • 7e433c5 ci: set persist-credentials: false on all workflow checkouts
  • 2d09640 build(deps): bump the jupytext-extension-dependencies group across 2 director...
  • Additional commits viewable in compare view

Updates ty from 0.0.49 to 0.0.53

Release notes

Sourced from ty's releases.

0.0.52

Release Notes

Released on 2026-06-22.

Bug fixes

  • Avoid shadowing hints for attribute assignments (#26164)
  • Fix dict.pop overloads to accept arbitrary keys with defaults (#26241)
  • Normalize recursive TypeOf across multiple union arms (#26230)
  • Normalize recursive TypeOf growth during cycle recovery (#26163)
  • Normalize recursive protocol growth during cycle recovery (#26246)
  • Preserve generic alias identity during cycle recovery (#26166)
  • Recover from dynamic class code generator cycles (#26167)

LSP server

  • Add a go-to destination for Divergent (#26162)
  • Publish diagnostics for all open files after a single file is saved (#25929)
  • Render Markdown for reStructuredText fields in docstrings on hover (#25903)

CLI

  • Make error-on-warning the default (#26157)

Diagnostics

  • Make rendering of fix diffs more concise (#26161)

Performance

  • Avoid allocating disabled error context trees (#26191)
  • Avoid lookup maps for small place tables (#26177)
  • Avoid moving boxed use-def map builders (#26211)
  • Avoid transient AST ID merge map (#26185)
  • Batch signature typevar freshness scans (#26196)
  • Box large semantic index builders (#26186)
  • Build frozen definition maps directly (#26188)
  • Compact use-def binding interner keys (#26193)
  • Consume condition flow snapshots (#26189)
  • Lazily allocate reachability caches (#26194)
  • Remove redundant use-def state shrinking (#26206)
  • Reuse the first union bindings buffer (#26225)
  • Short-circuit terminal narrowing constraints (#26215)
  • Solve simple constraint conjunctions directly (#25879)
  • Store cycle-detector cache entries inline (#26183)
  • Stream indexed AST construction (#26184)
  • Suppress discarded TypedDict diagnostics (#26250)
  • Use SmallVec for CycleDetector::seen (#26181)
  • Use a SmallVec for seen type aliases (#26187)

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.53

Released on 2026-06-23.

Bug fixes

  • Avoid bypassing lazy constraints for Divergent (#26288)
  • Avoid recursion when projecting narrowing constraints (#26276)
  • Fix ParamSpec callable signature extraction for callable instances (#26279)
  • Make multi-arm TypeOf cycle recovery monotonic (#26275)

LSP server

  • Document all special forms in ty_extensions (#26263)

Performance

  • Avoid cloning fallback condition flow snapshots (#26203)
  • Avoid constructing discarded speculative diagnostics (#26251)
  • Avoid path lookups when sorting same-file diagnostics (#26257)
  • Cache is_never_satisfied results (#26261)
  • Defer applying type context to simple standalone expressions (#26252)

Core type checking

  • Infer types for names bound in match patterns (#25940)
  • Preserve regular kind for callable instances (#26253)
  • Simplify intersections of invariant generic types with Any specializations (#26127)

Contributors

0.0.52

Released on 2026-06-22.

Bug fixes

  • Avoid shadowing hints for attribute assignments (#26164)
  • Fix dict.pop overloads to accept arbitrary keys with defaults (#26241)
  • Normalize recursive TypeOf across multiple union arms (#26230)
  • Normalize recursive TypeOf growth during cycle recovery (#26163)
  • Normalize recursive protocol growth during cycle recovery (#26246)
  • Preserve generic alias identity during cycle recovery (#26166)

... (truncated)

Commits

Updates pytest from 9.1.0 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.17 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

Install ruff 0.15.19

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

0.15.18

Released on 2026-06-18.

Preview features

... (truncated)

Commits
  • 7f04365 Bump version to 0.15.19 (#26291)
  • a30ba16 [ty] Infer definite equality comparison results (#26290)
  • bcd2028 [ty] Avoid recursion when projecting narrowing constraints (#26276)
  • c0e083e [ty] Avoid bypassing lazy constraints for Divergent (#26288)
  • fb13596 Record configured crates.io packages (#26281)
  • 85da759 [ty] Fix ParamSpec callable signature extraction for callable instances (#26279)
  • 4c98a81 [ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)
  • 7b84361 [ty] Preserve regular kind for callable instances (#26253)
  • 93c8c59 [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • bc9bb05 [ty] Infer types for names bound in match patterns (#25940)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
MAINT: Bump the minor-and-patch group with 7 updates
1db3872 
Bumps the minor-and-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.137.1` | `0.138.0` |
| [pypdf](https://github.com/py-pdf/pypdf) | `6.13.3` | `6.14.2` |
| [griffe](https://github.com/mkdocstrings/griffe) | `2.0.2` | `2.1.0` |
| [jupytext](https://github.com/jupytext/jupytext) | `1.19.3` | `1.19.4` |
| [ty](https://github.com/astral-sh/ty) | `0.0.49` | `0.0.53` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.1.0` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.19` |


Updates `fastapi` from 0.137.1 to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.137.1...0.138.0)

Updates `pypdf` from 6.13.3 to 6.14.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.13.3...6.14.2)

Updates `griffe` from 2.0.2 to 2.1.0
- [Release notes](https://github.com/mkdocstrings/griffe/releases)
- [Changelog](https://github.com/mkdocstrings/griffe/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/griffe@2.0.2...2.1.0)

Updates `jupytext` from 1.19.3 to 1.19.4
- [Release notes](https://github.com/jupytext/jupytext/releases)
- [Changelog](https://github.com/jupytext/jupytext/blob/main/CHANGELOG.md)
- [Commits](jupytext/jupytext@v1.19.3...v1.19.4)

Updates `ty` from 0.0.49 to 0.0.53
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ty/commits)

Updates `pytest` from 9.1.0 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

Updates `ruff` from 0.15.17 to 0.15.19
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.19)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pypdf
  dependency-version: 6.14.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: griffe
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: jupytext
  dependency-version: 1.19.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ty
  dependency-version: 0.0.53
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ruff
  dependency-version: 0.15.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 24, 2026
@romanlutz romanlutz added this pull request to the merge queue Jun 24, 2026
Merged via the queue into main with commit 97f65f3 Jun 24, 2026
47 checks passed
@romanlutz romanlutz deleted the dependabot/uv/minor-and-patch-68a792978f branch June 24, 2026 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romanlutz romanlutz romanlutz approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@romanlutz