Skip to content

chore(deps): Bump the uv group across 2 directories with 4 updates#158

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/libs/filonov/uv-ce846b036e
Closed

chore(deps): Bump the uv group across 2 directories with 4 updates#158
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/libs/filonov/uv-ce846b036e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Copy link
Copy Markdown

Bumps the uv group with 1 update in the /libs/filonov directory: tornado.
Bumps the uv group with 3 updates in the /libs/media_similarity directory: langchain-core, orjson and ujson.

Updates tornado from 6.5.2 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits
  • 7d64650 Merge pull request #3586 from bdarnell/update-cibw
  • d05d59b build: Bump cibuildwheel to 3.4.0
  • c2f4673 Merge pull request #3585 from bdarnell/release-655
  • e5f1aa4 Release notes and version bump for v6.5.5
  • 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
  • 24a2d96 web: Validate characters in all cookie attributes.
  • 119a195 httputil: Add limits on multipart form data parsing
  • 63d4df4 Merge pull request #3564 from bdarnell/release-654
  • eadbf9a Release notes and version bump for 6.5.4
  • bbc2b14 Make sure that the in-operator on HTTPHeaders is case insensitive
  • Additional commits viewable in compare view

Updates langchain-core from 0.2.21 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

langchain-core==1.2.22

Changes since langchain-core==1.2.21

... (truncated)

Commits

Updates orjson from 3.11.3 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.
Commits

Updates ujson from 5.11.0 to 5.12.0

Release notes

Sourced from ujson's releases.

5.12.0

Added

Changed

Fixed

Commits
  • 4baeb95 Fix memory leak parsing large integers
  • 486bd45 Fix buffer overflow/infinite loop from indent handling
  • a465ed7 Add leak detection to tests
  • 32ebf66 Remove upper bound of setuptools for PyPy (#704)
  • 6bf41bd Remove upper bound of setuptools for PyPy
  • 4a4fd73 chore(deps): update github-actions
  • d708b05 Add security policy (#699)
  • 3d66f4d Add security policy
  • 8f23cce [pre-commit.ci] pre-commit autoupdate (#698)
  • 2696fc3 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the uv group with 1 update in the /libs/filonov directory: [tornado](https://github.com/tornadoweb/tornado).
Bumps the uv group with 3 updates in the /libs/media_similarity directory: [langchain-core](https://github.com/langchain-ai/langchain), [orjson](https://github.com/ijl/orjson) and [ujson](https://github.com/ultrajson/ultrajson).


Updates `tornado` from 6.5.2 to 6.5.5
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.2...v6.5.5)

Updates `langchain-core` from 0.2.21 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==0.2.21...langchain-core==1.2.28)

Updates `orjson` from 3.11.3 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.3...3.11.6)

Updates `ujson` from 5.11.0 to 5.12.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.0)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: indirect
  dependency-group: uv
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.12.0
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/uv/libs/filonov/uv-ce846b036e branch June 25, 2026 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant