Skip to content

Bump the uv group across 1 directory with 3 updates#44

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/uv/uv-ceb6485938
Open

Bump the uv group across 1 directory with 3 updates#44
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/uv/uv-ceb6485938

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps the uv group with 3 updates in the / directory: pytest, ray and requests.

Updates pytest from 8.4.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Updates ray from 2.54.0 to 2.55.0

Release notes

Sourced from ray's releases.

Ray-2.55.0

Ray Data

🎉 New Features

  • Add DataSourceV2 API with scanner/reader framework, file listing, and file partitioning (#61220, #61615, #61997)
  • Support GPU shuffle with rapidsmpf 26.2 (#61371, #62062)
  • Add Kafka datasink, migrate to confluent-kafka, support datetime offsets (#60307, #61284, #60909)
  • Add Turbopuffer datasink (#58910)
  • Add 2-phase commit checkpointing with trie recovery and load method (#61821, #60951)
  • Queue-based autoscaling policy integrated with task consumers (#59548, #60851)
  • Enable autoscaling for GPU stages (#61130)
  • Expressions: add random(), uuid(), cast, and map namespace support (#59656, #60695, #59879)
  • Add support for Arrow native fixed-shape tensor type (#56284)
  • Support writing tensors to tfrecords (#60859)
  • Add pathlib.Path support to read_* functions (#61126)
  • Add cudf as a batch_format (#61329)
  • Allow ActorPoolStrategy for read_datasource() via compute parameter (#59633)
  • Introduce ExecutionCache for streamlined caching (#60996)
  • Support strict=False mode for StreamingRepartition (#60295)
  • Port changes from lance-ray into Ray Data (#60497)
  • Enable PyArrow compute-to-expression conversion for predicate pushdown (#61617)
  • Add vLLM metrics export and Data LLM Grafana dashboard (#60385)
  • Include logical memory in resource manager scheduling decisions (#60774)
  • Add monotonically increasing ID support (#59290)

💫 Enhancements

  • Performance: cache _map_task args, heap-based actor ranking, actor pool map improvements (#61996, #62114, #61591)
  • Optimize concat tables and PyArrow schema hashing (#61315, #62108)
  • Reduce default DownstreamCapacityBackpressurePolicy threshold to 50% (#61890)
  • Improve reproducibility for random APIs (#59662)
  • Clamp batch size to fall within C++ 32-bit int range (#62242)
  • Account for external consumer object store usage in resource manager budget (#62117)
  • Make get_parquet_dataset configurable in number of fragments to scan (#61670)
  • Consolidate schema inference and make all preprocessors implement SerializablePreprocessorBase (#61213, #61341)
  • Disable hanging issue detection by default (#62405)
  • Make execution callback dataflow explicit to prevent state leakage (#61405)
  • Log DataContext in JSON format at execution start for traceability (#61150, #61428)
  • Autoscaler: configurable traceback, Prometheus gauges, relaxed constraints (#62210, #62209, #61917, #61385)
  • Add metrics for task scheduling time, output backpressure, and logical memory (#61192, #61007, #61436)
  • Prevent operators from dominating entire shared object store budget (#61605)
  • Eliminate generators to avoid intermediate state pinning (#60598)
  • Default log encoding to UTF-8 on Windows (#61143)
  • Remove legacy BlockList, locality_with_output, old callback API, PyArrow 9.0 checks (#60575, #61044, #62055, #61483)
  • Upgrade to pyiceberg 0.11.0; cap pandas to <3 (#61062, #60406)
  • Refactor logical operators to frozen dataclasses (#61059, #61308, #61348, #61349, #61351, #61364, #61481)
  • Prevent aggregator head node scheduling (#61288)
  • Add error for local:// paths with a zero-resource head node (#60709)

🔨 Fixes

... (truncated)

Commits

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the uv group across 1 directory with 3 updates
38aa643 
Bumps the uv group with 3 updates in the / directory: [pytest](https://github.com/pytest-dev/pytest), [ray](https://github.com/ray-project/ray) and [requests](https://github.com/psf/requests).


Updates `pytest` from 8.4.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.2...9.0.3)

Updates `ray` from 2.54.0 to 2.55.0
- [Release notes](https://github.com/ray-project/ray/releases)
- [Commits](ray-project/ray@ray-2.54.0...ray-2.55.0)

Updates `requests` from 2.32.5 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: ray
  dependency-version: 2.55.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies python:uv Pull requests that update python:uv code labels Apr 24, 2026
@dependabot dependabot Bot mentioned this pull request Apr 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants