Skip to content

deps(py): bump the production-dependencies group with 6 updates#65

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/production-dependencies-13592eeb15
Closed

deps(py): bump the production-dependencies group with 6 updates#65
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/production-dependencies-13592eeb15

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps the production-dependencies group with 6 updates:

Package From To
click 8.3.1 8.3.2
opentelemetry-api 1.39.1 1.40.0
opentelemetry-sdk 1.39.1 1.40.0
requests 2.33.0 2.33.1
sentry-sdk 2.53.0 2.57.0
uvicorn 0.41.0 0.43.0

Updates click from 8.3.1 to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

  • Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152
  • Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224
  • Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140
  • Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139
  • Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225
Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

  • Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
  • Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
  • Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
  • Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139
  • Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225
Commits

Updates opentelemetry-api from 1.39.1 to 1.40.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.40.0/0.61b0 (2026-03-04)

  • opentelemetry-sdk: deprecate LoggingHandler in favor of opentelemetry-instrumentation-logging, see opentelemetry-instrumentation-logging documentation (#4919)
  • opentelemetry-sdk: Clarify log processor error handling expectations in documentation (#4915)
  • bump semantic-conventions to v1.40.0 (#4941)
  • Add stale PR GitHub Action (#4926)
  • opentelemetry-sdk: Drop unused Jaeger exporter environment variables (exporter removed in 1.22.0) (#4918)
  • opentelemetry-sdk: Clarify timeout units in environment variable documentation (#4906)
  • opentelemetry-exporter-otlp-proto-grpc: Fix re-initialization of gRPC channel on UNAVAILABLE error (#4825)
  • opentelemetry-exporter-prometheus: Fix duplicate HELP/TYPE declarations for metrics with different label sets (#4868)
  • Allow loading all resource detectors by setting OTEL_EXPERIMENTAL_RESOURCE_DETECTORS to * (#4819)
  • opentelemetry-sdk: Fix the type hint of the _metrics_data property to allow None (#4837).
  • Regenerate opentelemetry-proto code with v1.9.0 release (#4840)
  • Add python 3.14 support (#4798)
  • Silence events API warnings for internal users (#4847)
  • opentelemetry-sdk: make it possible to override the default processors in the SDK configurator (#4806)
  • Prevent possible endless recursion from happening in SimpleLogRecordProcessor.on_emit, (#4799) and (#4867).
  • Implement span start/end metrics (#4880)
  • Add environment variable carriers to API (#4609)
  • Add experimental composable rule based sampler (#4882)
  • Make ConcurrentMultiSpanProcessor fork safe (#4862)
  • opentelemetry-exporter-otlp-proto-http: fix retry logic and error handling for connection failures in trace, metric, and log exporters (#4709)
  • opentelemetry-sdk: avoid RuntimeError during iteration of view instrument match dictionary in MetricReaderStorage.collect() (#4891)
  • Implement experimental TracerConfigurator (#4861)
  • opentelemetry-sdk: Fix instrument creation race condition (#4913)
  • bump semantic-conventions to v1.39.0 (#4914)

... (truncated)

Commits

Updates opentelemetry-sdk from 1.39.1 to 1.40.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.40.0/0.61b0 (2026-03-04)

  • opentelemetry-sdk: deprecate LoggingHandler in favor of opentelemetry-instrumentation-logging, see opentelemetry-instrumentation-logging documentation (#4919)
  • opentelemetry-sdk: Clarify log processor error handling expectations in documentation (#4915)
  • bump semantic-conventions to v1.40.0 (#4941)
  • Add stale PR GitHub Action (#4926)
  • opentelemetry-sdk: Drop unused Jaeger exporter environment variables (exporter removed in 1.22.0) (#4918)
  • opentelemetry-sdk: Clarify timeout units in environment variable documentation (#4906)
  • opentelemetry-exporter-otlp-proto-grpc: Fix re-initialization of gRPC channel on UNAVAILABLE error (#4825)
  • opentelemetry-exporter-prometheus: Fix duplicate HELP/TYPE declarations for metrics with different label sets (#4868)
  • Allow loading all resource detectors by setting OTEL_EXPERIMENTAL_RESOURCE_DETECTORS to * (#4819)
  • opentelemetry-sdk: Fix the type hint of the _metrics_data property to allow None (#4837).
  • Regenerate opentelemetry-proto code with v1.9.0 release (#4840)
  • Add python 3.14 support (#4798)
  • Silence events API warnings for internal users (#4847)
  • opentelemetry-sdk: make it possible to override the default processors in the SDK configurator (#4806)
  • Prevent possible endless recursion from happening in SimpleLogRecordProcessor.on_emit, (#4799) and (#4867).
  • Implement span start/end metrics (#4880)
  • Add environment variable carriers to API (#4609)
  • Add experimental composable rule based sampler (#4882)
  • Make ConcurrentMultiSpanProcessor fork safe (#4862)
  • opentelemetry-exporter-otlp-proto-http: fix retry logic and error handling for connection failures in trace, metric, and log exporters (#4709)
  • opentelemetry-sdk: avoid RuntimeError during iteration of view instrument match dictionary in MetricReaderStorage.collect() (#4891)
  • Implement experimental TracerConfigurator (#4861)
  • opentelemetry-sdk: Fix instrument creation race condition (#4913)
  • bump semantic-conventions to v1.39.0 (#4914)

... (truncated)

Commits

Updates requests from 2.33.0 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)
Commits

Updates sentry-sdk from 2.53.0 to 2.57.0

Release notes

Sourced from sentry-sdk's releases.

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

... (truncated)

Commits
  • 9790785 Update CHANGELOG.md
  • 21f5dc3 release: 2.57.0
  • ae28669 fix(openai): Only wrap types with _iterator for streamed responses (#5917)
  • 2d91800 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 9c97dac build(deps): bump getsentry/craft from 2.25.0 to 2.25.2 (#5911)
  • 7516309 fix: Add cycle detection to exceptions_from_error (#5880)
  • 2604409 feat: Add experimental async transport (port of PR #4572) (#5646)
  • 49a5978 fix(ci): Update validate-pr action to remove draft enforcement (#5918)
  • b8a4945 ref(ai): Remove unused GEN_AI_PIPELINE operation constant (#5886)
  • e231708 ci: 🤖 Update test matrix with new releases (03/30) (#5912)
  • Additional commits viewable in compare view

Updates uvicorn from 0.41.0 to 0.43.0

Release notes

Sourced from uvicorn's releases.

Version 0.43.0

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)
Commits
  • 8d397c7 Version 0.43.0 (#2885)
  • 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
  • c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
  • 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
  • cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
  • 5211880 Drop cast in ASGI types (#2875)
  • 1cb8e74 Add websocket 500 fallback header test (#2874)
  • 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
  • 042ffeb ci: add zizmor (#2872)
  • c61f9d4 chore(deps): bump requests from 2.32.5 to 2.33.0 (#2871)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(py): bump the production-dependencies group with 6 updates
95a92f4 
Bumps the production-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |
| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [requests](https://github.com/psf/requests) | `2.33.0` | `2.33.1` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.53.0` | `2.57.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.43.0` |


Updates `click` from 8.3.1 to 8.3.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.3.1...8.3.2)

Updates `opentelemetry-api` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.39.1...v1.40.0)

Updates `opentelemetry-sdk` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.39.1...v1.40.0)

Updates `requests` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.0...v2.33.1)

Updates `sentry-sdk` from 2.53.0 to 2.57.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.53.0...2.57.0)

Updates `uvicorn` from 0.41.0 to 0.43.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.43.0)

---
updated-dependencies:
- dependency-name: click
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: opentelemetry-api
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: opentelemetry-sdk
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: uvicorn
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 6, 2026
@greptile-apps
Copy link
Copy Markdown

greptile-apps bot commented Apr 6, 2026

PR author is in the excluded authors list.

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 6, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​click@​8.3.1 ⏵ 8.3.296 +1100100100100

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 6, 2026

The group that created this PR has been removed from your configuration.

@dependabot dependabot bot closed this Apr 6, 2026
@dependabot dependabot bot deleted the dependabot/uv/production-dependencies-13592eeb15 branch April 6, 2026 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants