Skip to content

deps(python): Bump the python-minor group with 6 updates#9611

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-ea30f07e18
Open

deps(python): Bump the python-minor group with 6 updates#9611
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-ea30f07e18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor group with 6 updates:

Package From To
fastapi 0.138.2 0.139.0
fastmcp 3.4.2 3.4.3
numpy 2.5.0 2.5.1
anthropic 0.113.0 0.116.0
pillow 12.2.0 12.3.0
lets-plot 4.10.1 4.11.0

Updates fastapi from 0.138.2 to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates fastmcp from 3.4.2 to 3.4.3

Release notes

Sourced from fastmcp's releases.

v3.4.3: The Fast and the Secure-ious

FastMCP 3.4.3 closes out a month of SSRF and OAuth hardening: NAT64, 6to4, Teredo, and ISATAP transition addresses can no longer smuggle private IPv4 targets past the SSRF allow-list, Streamable HTTP now validates Host and Origin before session handling to block DNS rebinding against localhost-bound servers, and OAuth redirect validation rejects unsafe schemes and unregistered DCR redirect URIs. Alongside the security work, this release also fixes proxy session teardown races, discriminator-tag handling in JSON schema conversion, and several smaller reliability issues.

What's Changed

Enhancements ✨

Security 🔒

Fixes 🐞

Docs 📚

Dependencies 📦

Other Changes 🦾

... (truncated)

Changelog

Sourced from fastmcp's changelog.


title: "Changelog" icon: "list-check" rss: true tag: NEW

v3.4.3: The Fast and the Secure-ious

FastMCP 3.4.3 closes out a month of SSRF and OAuth hardening: NAT64, 6to4, Teredo, and ISATAP transition addresses can no longer smuggle private IPv4 targets past the SSRF allow-list, Streamable HTTP now validates Host and Origin before session handling to block DNS rebinding against localhost-bound servers, and OAuth redirect validation rejects unsafe schemes and unregistered DCR redirect URIs. Alongside the security work, this release also fixes proxy session teardown races, discriminator-tag handling in JSON schema conversion, and several smaller reliability issues.

Enhancements ✨

  • Dedupe discriminator-required helper across schema converters by @​jlowin in #4362
  • Add real Monty sandbox e2e coverage for CodeMode call_tool by @​AlexlaGuardia in #4274
  • Switch prettier hook to rbubley/mirrors-prettier by @​jlowin in #4366
  • feat(remote): add --verify flag for TLS certificate verification by @​jlowin in #4369

Security 🔒

Fixes 🐞

  • fix: caching middleware TypeError on cache miss due to mismatched call_next parameter by @​gmenziesint in #4301
  • Fix: async rate limiting middleware get_client_id callbacks by @​Chotom in #4319
  • Recognize all GitHub issue-link forms in require-issue-link workflow by @​jlowin in #4359
  • fix: preserve required discriminator tags by @​he-yufeng in #4297
  • fix(proxy): shield stateful proxy disconnect during session teardown by @​jlowin in #4363
  • fix(fs): isolate same-named package imports across providers by @​jlowin in #4361
  • fix: StatefulProxyClient.clear() no longer causes KeyError on session teardown by @​tcconnally in #4328
  • fix: guard recursive refs in json_schema_to_type by @​Epochex in #4312
  • Forward IdP auth errors to MCP client instead of showing HTML error page by @​bobbyjames839 in #4293
  • fix(resources): round-trip path values with reserved characters in URI templates by @​jlowin in #4368
  • fix: bracket IPv6 hosts in server startup log URL by @​jlowin in #4372
  • fix: bound default OIDC discovery timeout and expose it on provider wrappers by @​jlowin in #4374
  • fix: validate task tool arguments against declared types by @​jlowin in #4373
  • fix(tools): honor serialize_by_alias in tool result serialization by @​jlowin in #4391
  • Fix/cimd flow issue by @​twjackysu in #4206
  • Reject empty env var keys by @​CodingFeng101 in #4410
  • fix: correct replace_type docstring parameter descriptions by @​hiSandog in #4375
  • Fix ty 0.0.55 diagnostics and prefab-ui protocol version drift by @​jlowin in #4428
  • [codex] Fix OpenAPI resource template requests by @​jlowin in #4407

Docs 📚

  • fix: RST docstrings in fastmcp.types render raw on gofastmcp.com by @​jlowin in #4367

... (truncated)

Commits
  • 1eedd1f Docs: add v3.4.2 and v3.4.3 changelog entries (#4430)
  • 3b1afe6 chore(deps): bump joserfc from 1.6.7 to 1.6.8 in the uv group across 1 direct...
  • 874425a chore: Update SDK documentation (#4427)
  • 691766b [codex] Fix OpenAPI resource template requests (#4407)
  • 47907e0 Fix ty 0.0.55 diagnostics and prefab-ui protocol version drift (#4428)
  • c1b0396 Block IPv6 transition SSRF bypasses (#4426)
  • 522ed5b fix: correct replace_type docstring parameter descriptions (#4375)
  • 67527c1 Block unsafe OAuth redirect schemes (#4419)
  • 57a2799 Protect streamable HTTP from DNS rebinding (#4405)
  • cccb529 Fix DCR redirect URI validation (#4408)
  • Additional commits viewable in compare view

Updates numpy from 2.5.0 to 2.5.1

Release notes

Sourced from numpy's releases.

v2.5.1 (July 4, 2026)

NumPy 2.5.1 Release Notes

The NumPy 2.5.1 is a patch release that fixes bugs discovered after the 2.5.0 release. The most noticeable is the fix is to the numpy datetime cython API which should allow downstream to support NumPy versions older than 2.5. Preparation for Python 3.15 continues along with typing improvements.

This release supports Python versions 3.12-3.14

Changes

  • The minimum supported GCC version has been updated from 9.3.0 to 10.3.0

    (gh-31843)

Contributors

A total of 10 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Adhyan Gupta +
  • Ankit Ahlawat
  • Charles Harris
  • Iason Krommydas
  • Joren Hammudoglu
  • Kumar Aditya
  • Nathan Goldbaum
  • Sebastian Berg
  • Ties Jan Hefting +
  • Vineet Kumar

Pull requests merged

A total of 20 pull requests were merged for this release.

  • #31707: MAINT: Prepare 2.5.x for further development
  • #31721: CI: fix new cython-lint errors (#31711)
  • #31723: MAINT: Update meson to match main
  • #31729: TST: use setup-sde instead of curl to get SDE binaries (#31727)
  • #31829: BUG: Relax finfo to be easier accessible for all user dtypes...
  • #31831: TYP: Fix flatiter.__next__ return type for object_ and...
  • #31832: BUG: avoid deadlocks using NpyString API (#31682)
  • #31833: BUG: fix out array leak in reduceat and accumulate when dtype...
  • #31835: BUG: fix numpy datetime cython APIs to be compatible with older...
  • #31836: TYP: Fix incorrect dtype inference of asarray([]) (#31732)
  • #31837: TYP: Fix np.ma.masked_array 2.5.0 regression
  • #31838: FIX: Refactor error handling in array_setstate to prevent typecode...
  • #31839: TST: xfail multithreaded BLAS test more generously
  • #31840: MAINT: Rename subroutine for crackfortran tests

... (truncated)

Commits
  • 5e1d03f Merge pull request #31863 from charris/prepare-2.5.1
  • ad0b66b REL: Prepare for the NumPy 2.5.1 release.
  • 9df8516 Merge pull request #31858 from charris/backport-31688
  • 4dee265 Merge pull request #31857 from charris/backport-31775
  • dc8d553 Merge pull request #31856 from charris/backport-31846
  • 67cb4a8 fix:Signed integer overflow in datetime.c (#31688)
  • baa2589 TST: Clean up imports, formatting, and assertions
  • 2fe5ba4 TEST: Refactor tests to use np.testing.assert_raises_regex per review
  • bb46581 MAINT: Remove deprecated Python recursion fix
  • 8f34214 MAINT: Move SeedSequence recursion guard to C-layer and add tests
  • Additional commits viewable in compare view

Updates anthropic from 0.113.0 to 0.116.0

Release notes

Sourced from anthropic's releases.

v0.116.0

0.116.0 (2026-07-02)

Full Changelog: v0.115.1...v0.116.0

Features

  • api: add agent-memory-2026-07-22 beta header (e181d5c)

v0.115.1

0.115.1 (2026-07-01)

Full Changelog: v0.115.0...v0.115.1

Chores

  • api: remove some nonfunctional types from the SDKs (5e7c431)

v0.115.0

0.115.0 (2026-06-30)

Full Changelog: v0.114.0...v0.115.0

Features

  • api: add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (8c23f7e)

v0.114.0

0.114.0 (2026-06-30)

Full Changelog: v0.113.0...v0.114.0

Features

  • api: add support for claude-sonnet-5 (b893033)

Bug Fixes

  • agent_toolset: allow absolute paths that resolve inside workdir (#121) (0105529)
Changelog

Sourced from anthropic's changelog.

0.116.0 (2026-07-02)

Full Changelog: v0.115.1...v0.116.0

Features

  • api: add agent-memory-2026-07-22 beta header (e181d5c)

0.115.1 (2026-07-01)

Full Changelog: v0.115.0...v0.115.1

Chores

  • api: remove some nonfunctional types from the SDKs (5e7c431)

0.115.0 (2026-06-30)

Full Changelog: v0.114.0...v0.115.0

Features

  • api: add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (8c23f7e)

0.114.0 (2026-06-30)

Full Changelog: v0.113.0...v0.114.0

Features

  • api: add support for claude-sonnet-5 (b893033)

Bug Fixes

  • agent_toolset: allow absolute paths that resolve inside workdir (#121) (0105529)
Commits
  • d2f6543 release: 0.116.0
  • 4253c06 feat(api): add agent-memory-2026-07-22 beta header
  • 5e98d72 release: 0.115.1
  • 5385af6 chore(api): remove some nonfunctional types from the SDKs
  • e4283c3 release: 0.115.0
  • d1a933e feat(api): add support for Managed Agents event delta streaming, agent overri...
  • 53582ad codegen metadata
  • 6e9f197 release: 0.114.0
  • ab10964 feat(api): add support for claude-sonnet-5
  • 8a004a2 fix(agent_toolset): allow absolute paths that resolve inside workdir (#121)
  • See full diff in compare view

Updates pillow from 12.2.0 to 12.3.0

Release notes

Sourced from pillow's releases.

12.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.3.0.html

Removals

Documentation

Dependencies

Testing

... (truncated)

Commits
  • bb1d8e8 12.3.0 version bump
  • e63fc48 Add release notes for SBOM and performance improvements (#9747)
  • 13b701b Add release notes for #9679
  • 5564ca7 List methods
  • a0920fd Speed up ImageChops operations (#9738)
  • 07e9a6c Speed up Image.filter() (#9736)
  • a94578c Speed up Image.getchannel(), Image.merge(), Image.putalpha() and `Image...
  • 53e02c4 Speed up Image.fill(), Image.linear_gradient() and `Image.radial_gradient...
  • af03747 Speed up Image.resample() (#9739)
  • 5c9ca56 Speed up alpha_composite, matrix, negative, quantize (#9740)
  • Additional commits viewable in compare view

Updates lets-plot from 4.10.1 to 4.11.0

Release notes

Sourced from lets-plot's releases.

v4.11.0

[4.11.0] - 2026-06-30

Added

  • theme(): new tooltip_merge and tooltip_max_count parameters to combine the general tooltips of multiple targets into a single tooltip.

    See: example notebook.

  • Text halos improve readability on varied backgrounds. New halo_width and halo_color parameters are supported in geom_text()/geom_text_repel() and by labels in corr_plot().

    See: example notebook.

Fixed

  • Incorrect hjust/vjust/angle justification of vertical-axis tick labels (theme(axis_text_y=element_text(...)))
  • Rotated vertical-axis tick labels could be wrongly dropped or kept by overlap-based break filtering
  • Misaligned or mismatched axis tick labels when some breaks are dropped after layout

v4.11.0rc1

No release notes provided.

Changelog

Sourced from lets-plot's changelog.

[4.11.0] - 2026-06-30

Added

  • theme(): new tooltip_merge and tooltip_max_count parameters to combine the general tooltips of multiple targets into a single tooltip.

    See: example notebook.

  • Text halos improve readability on varied backgrounds. New halo_width and halo_color parameters are supported in geom_text()/geom_text_repel() and by labels in corr_plot().

    See: example notebook.

Fixed

  • Incorrect hjust/vjust/angle justification of vertical-axis tick labels (theme(axis_text_y=element_text(...)))
  • Rotated vertical-axis tick labels could be wrongly dropped or kept by overlap-based break filtering
  • Misaligned or mismatched axis tick labels when some breaks are dropped after layout

[4.10.3] - 2026-06-10

Changed

  • Upgrade WeisJ/jsvg to 2.1.0

[4.10.2] - 2026-06-10

Changed

  • Upgrade kotlinx-datetime to 0.7.1.
Commits
  • 98f2704 Updated version v4.11.0
  • fcd0f3c Update (c)
  • 1696219 Drop 'What's new' from README.md
  • 640a5ff Update future_changes.md
  • e62f64a Updated version v4.11.1.dev1
  • 18edb4f Updated version v4.11.0rc1
  • 18bbf25 Fix vjust/hjust for vertical axis labels
  • c86084e Refactor axis breaks filtering. Fix potential issues
  • 1c81abe Remove mentions on Kotlin 2.3.20 support
  • 63a6f6d Add text halo support via halo_color and halo_width parameters
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-minor group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.138.2` | `0.139.0` |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.4.2` | `3.4.3` |
| [numpy](https://github.com/numpy/numpy) | `2.5.0` | `2.5.1` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.113.0` | `0.116.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` |
| [lets-plot](https://github.com/JetBrains/lets-plot) | `4.10.1` | `4.11.0` |


Updates `fastapi` from 0.138.2 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.2...0.139.0)

Updates `fastmcp` from 3.4.2 to 3.4.3
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.4.2...v3.4.3)

Updates `numpy` from 2.5.0 to 2.5.1
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.5.0...v2.5.1)

Updates `anthropic` from 0.113.0 to 0.116.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.113.0...v0.116.0)

Updates `pillow` from 12.2.0 to 12.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.2.0...12.3.0)

Updates `lets-plot` from 4.10.1 to 4.11.0
- [Release notes](https://github.com/JetBrains/lets-plot/releases)
- [Changelog](https://github.com/JetBrains/lets-plot/blob/master/CHANGELOG.md)
- [Commits](JetBrains/lets-plot@v4.10.1...v4.11.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: fastmcp
  dependency-version: 3.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: numpy
  dependency-version: 2.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: anthropic
  dependency-version: 0.116.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pillow
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: lets-plot
  dependency-version: 4.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants