Skip to content

chore: bump the all group across 1 directory with 4 updates#1111

Merged
Aureliolo merged 1 commit intomainfrom
dependabot/uv/all-7558c1ea87
Apr 7, 2026
Merged

chore: bump the all group across 1 directory with 4 updates#1111
Aureliolo merged 1 commit intomainfrom
dependabot/uv/all-7558c1ea87

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2026

Bumps the all group with 4 updates in the / directory: faker, mem0ai, respx and zensical.

Updates faker from 40.12.0 to 40.13.0

Release notes

Sourced from faker's releases.

Release v40.13.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v40.13.0 - 2026-04-06

Commits

Updates mem0ai from 1.0.10 to 1.0.11

Release notes

Sourced from mem0ai's releases.

v1.0.11

Mem0 Python SDK (v1.0.11)

New Features & Updates:

  • SDK: Added multilingual parameter to project update (#4314)

Bug Fixes:

  • LLMs: Fixed Groq model configuration (#4700)
  • Core: Prevented thread and memory leaks from PostHog telemetry (#4535)
  • Vector Stores: Used DatetimeRange for datetime string values in Qdrant range filters (#4659)
  • Configs: Added missing ConfigDict to vector store configs (Elasticsearch, MongoDB, Neptune, OpenSearch, PGVector, Supabase, Valkey) (#4656)
Changelog

Sourced from mem0ai's changelog.

title: "Product Updates" description: "Latest releases, bug fixes, and improvements for the Mem0 Python and TypeScript SDKs." mode: "wide"

New Features & Updates:

  • SDK: Added multilingual parameter to project update (#4314)

Bug Fixes:

  • LLMs: Fixed Groq model configuration (#4700)
  • Core: Prevented thread and memory leaks from PostHog telemetry (#4535)
  • Vector Stores: Used DatetimeRange for datetime string values in Qdrant range filters (#4659)
  • Configs: Added missing ConfigDict to vector store configs (Elasticsearch, MongoDB, Neptune, OpenSearch, PGVector, Supabase, Valkey) (#4656)

New Features & Updates:

  • LLMs: Added MiniMax provider support for AWS Bedrock (#4609)

Bug Fixes:

  • Configs: Migrated CassandraConfig and AzureMySQLConfig to pydantic v2 ConfigDict (#4646)
  • LLMs: Forward response_format to OpenAI-compatible API for DeepSeek (#4635)
  • LLMs: Forward response_format to OpenAI-compatible API for vLLM (#4608)
  • Vector Stores: Only list authorized collections when listing MongoDB collections (#3888)
  • Core: Reset graph database in Memory.reset() (#4185)
  • Core: Make AsyncMemory.from_config a regular classmethod (#4183)

New Features & Updates:

  • LLMs: Added reasoning_effort parameter support for reasoning models (#4461)

Bug Fixes:

  • Core: Preserved original actor_id during memory update (#4570)
  • Core: Set updated_at on creation and preserve pre-existing created_at (#4499)
  • Core: Centralized entity cleanup and skip malformed LLM relation dicts (#4515)
  • Core: Removed README.md from wheel shared-data (#4052)
  • Vector Stores: Handled vector=None in Milvus and Qdrant update methods (#4568)
  • Vector Stores: Rebuilt FAISS index on vector deletion (#4178)

... (truncated)

Commits
  • 144627c fix(docs): change the position of the openclaw to agnet plugin and fix the in...
  • 6984958 chore: sat release (#4702)
  • b13748c feat: add import and event commands, refactor CLI, remove baseUrl config, upd...
  • 4642a1d feat(cli): validate API key upfront via ping and unify telemetry identity res...
  • 686d5e9 fix: openclaw plugin and fix the login section there (#4696)
  • c55447c [fix] groq model (#4700)
  • ee67602 feat(cli): add PostHog telemetry and source tracking to Python & Node CLIs (#...
  • 0daa5d7 fix(ci): handle npm prerelease publish across Node.js CD workflows (#4690)
  • cfb3f58 fix: adding login and fixing the plugin to follow the openclaw plugin standar...
  • 66230b3 docs: update integration docs with new SVG icons and links (#4684)
  • Additional commits viewable in compare view

Updates respx from 0.22.0 to 0.23.0

Release notes

Sourced from respx's releases.

Version 0.23.0

0.23.0 (7th April 2026)

Fixed

  • Fix data pattern with list value (#264)
  • Fix and enhance incorrect documentations about iterable side effects (#287)
  • Fix documentation typo, thanks @​markhobson (#298)
  • Fix support for multiple slashes // in URL path by not using urljoin when prepending path, thanks @​lewiscollard and @​Skeen (#302)
  • Type Route.respond json as Any to align with HTTPX, thanks @​JacobHayes (#284)
  • Properly handle ANY in MuitiItems patterns (#289)

CI

Changelog

Sourced from respx's changelog.

[0.23.0] - 2026-04-07

Fixed

  • Fix data pattern with list value (#264)
  • Fix and enhance incorrect documentations about iterable side effects (#287)
  • Fix documentation typo, thanks @​markhobson (#298)
  • Fix support for multiple slashes // in URL path by not using urljoin when prepending path, thanks @​lewiscollard and @​Skeen (#302)
  • Type Route.respond json as Any to align with HTTPX, thanks @​JacobHayes (#284)
  • Properly handle ANY in MuitiItems patterns (#289)

CI

Commits

Updates zensical from 0.0.31 to 0.0.32

Release notes

Sourced from zensical's releases.

0.0.32

Summary

This version fixes a bug where Markdown files used as snippets were included into auto-generated navigation, and a bug with prefix stripping when the site URL contains a path component. Additionally, the Pygments dependency was updated to mitigate a vulnerability.

Changelog

Bug fixes

  • ca5d2d5 zensical-serve – strip base URL prefix as URL segment, not string (#499)
  • 3a2358a – update to latest Pygments to mitigate vulnerability (#485)
  • 92b5622 zensical – only collect markdown pages in docs directory (#490)
Commits
  • ce00f38 chore: release v0.0.32
  • ca5d2d5 fix: strip base URL prefix as URL segment, not string (#499)
  • 3a2358a fix: update to latest Pygments to mitigate vulnerability (#485)
  • 92b5622 fix: only collect markdown pages in docs directory (#490)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the all group across 1 directory with 4 updates
5c2b1e1 
Bumps the all group with 4 updates in the / directory: [faker](https://github.com/joke2k/faker), [mem0ai](https://github.com/mem0ai/mem0), [respx](https://github.com/lundberg/respx) and [zensical](https://github.com/zensical/zensical).


Updates `faker` from 40.12.0 to 40.13.0
- [Release notes](https://github.com/joke2k/faker/releases)
- [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.md)
- [Commits](joke2k/faker@v40.12.0...v40.13.0)

Updates `mem0ai` from 1.0.10 to 1.0.11
- [Release notes](https://github.com/mem0ai/mem0/releases)
- [Changelog](https://github.com/mem0ai/mem0/blob/main/docs/changelog.mdx)
- [Commits](mem0ai/mem0@v1.0.10...v1.0.11)

Updates `respx` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/lundberg/respx/releases)
- [Changelog](https://github.com/lundberg/respx/blob/master/CHANGELOG.md)
- [Commits](lundberg/respx@0.22.0...0.23.0)

Updates `zensical` from 0.0.31 to 0.0.32
- [Release notes](https://github.com/zensical/zensical/releases)
- [Commits](zensical/zensical@v0.0.31...v0.0.32)

---
updated-dependencies:
- dependency-name: faker
  dependency-version: 40.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mem0ai
  dependency-version: 1.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: respx
  dependency-version: 0.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: zensical
  dependency-version: 0.0.32
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file type:chore Maintenance, cleanup, dependency updates labels Apr 7, 2026
@dependabot dependabot bot requested a review from Aureliolo as a code owner April 7, 2026 15:30
@dependabot dependabot bot had a problem deploying to cloudflare-preview April 7, 2026 15:31 Failure
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5c2b1e1.
Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

PackageVersionLicenseIssue Type
respx0.23.0NullUnknown License
Allowed Licenses: MIT, MIT-0, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, PSF-2.0, Unlicense, 0BSD, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Python-2.0, Python-2.0.1, LicenseRef-scancode-free-unknown, LicenseRef-scancode-protobuf, LicenseRef-scancode-google-patent-license-golang, ZPL-2.1, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, BlueOak-1.0.0, OFL-1.1
Excluded from license check: pkg:pypi/mem0ai@1.0.9, pkg:pypi/numpy@2.4.4, pkg:pypi/qdrant-client@1.17.1, pkg:pypi/posthog@7.9.12, pkg:pypi/aiohttp@3.13.5, pkg:pypi/cyclonedx-python-lib@11.7.0, pkg:pypi/fsspec@2026.3.0, pkg:pypi/griffelib@2.0.2, pkg:pypi/grpcio@1.80.0, pkg:pypi/charset-normalizer@3.4.6, pkg:pypi/wrapt@2.1.2, pkg:npm/@img/sharp-wasm32@0.33.5, pkg:npm/@img/sharp-win32-ia32@0.33.5, pkg:npm/@img/sharp-win32-x64@0.33.5, pkg:golang/github.com/golangci/golangci-lint/v2@2.11.3, pkg:golang/github.com/denis-tingaikin/go-header@0.5.0, pkg:golang/github.com/ldez/structtags@0.6.1, pkg:golang/github.com/leonklingele/grouper@1.1.2, pkg:golang/github.com/xen0n/gosmopolitan@1.3.0, pkg:golang/github.com/alfatraining/structtag@1.0.0, pkg:golang/github.com/fatih/structtag@1.2.0, pkg:npm/json-schema-typed@8.0.2, pkg:npm/victory-vendor@37.3.6, pkg:pypi/scikit-learn@1.8.0, pkg:pypi/torch@2.11.0, pkg:pypi/cuda-bindings@13.2.0, pkg:pypi/cuda-pathfinder@1.5.0, pkg:pypi/cuda-toolkit@13.0.2, pkg:pypi/nvidia-cublas@13.1.0.3, pkg:pypi/nvidia-cuda-cupti@13.0.85, pkg:pypi/nvidia-cuda-nvrtc@13.0.88, pkg:pypi/nvidia-cuda-runtime@13.0.96, pkg:pypi/nvidia-cudnn-cu13@9.19.0.56, pkg:pypi/nvidia-cufft@12.0.0.61, pkg:pypi/nvidia-cufile@1.15.1.6, pkg:pypi/nvidia-curand@10.4.0.35, pkg:pypi/nvidia-cusolver@12.0.4.66, pkg:pypi/nvidia-cusparse@12.6.3.3, pkg:pypi/nvidia-cusparselt-cu13@0.8.0, pkg:pypi/nvidia-nccl-cu13@2.28.9, pkg:pypi/nvidia-nvjitlink@13.0.88, pkg:pypi/nvidia-nvshmem-cu13@3.4.5, pkg:pypi/nvidia-nvtx@13.0.85

OpenSSF Scorecard

PackageVersionScoreDetails
pip/faker 40.13.0 🟢 4.9
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/mem0ai 1.0.11 UnknownUnknown
pip/respx 0.23.0 UnknownUnknown
pip/zensical 0.0.32 UnknownUnknown

Scanned Files

  • uv.lock

@Aureliolo Aureliolo merged commit f702464 into main Apr 7, 2026
24 of 25 checks passed
@Aureliolo Aureliolo deleted the dependabot/uv/all-7558c1ea87 branch April 7, 2026 15:37
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview April 7, 2026 15:37 — with GitHub Actions Inactive
@Aureliolo Aureliolo mentioned this pull request Apr 7, 2026
Merged
Aureliolo added a commit that referenced this pull request Apr 7, 2026
@Aureliolo @github-actions
chore(main): release 0.6.4 (#1110)
bd0929e 
🤖 I have created a release *beep* *boop*
---


##
[0.6.4](v0.6.3...v0.6.4)
(2026-04-07)


### Features

* analytics and metrics runtime pipeline
([#226](#226),
[#225](#225),
[#227](#227),
[#224](#224))
([#1127](#1127))
([ec57641](ec57641))
* engine intelligence -- quality signals, health monitoring, trajectory
scoring, coordination metrics
([#1099](#1099))
([aac2029](aac2029)),
closes [#697](#697)
[#707](#707)
[#705](#705)
[#703](#703)
* enterprise-grade auth -- HttpOnly cookie sessions, CSRF, lockout,
session limits
([#1102](#1102))
([d3022c7](d3022c7)),
closes [#1068](#1068)
* implement core tool categories and granular sub-constraints
([#1101](#1101))
([0611b53](0611b53)),
closes [#1034](#1034)
[#220](#220)
* memory evolution -- GraphRAG/consistency research +
SelfEditingMemoryStrategy
([#1036](#1036),
[#208](#208))
([#1129](#1129))
([a9acda3](a9acda3))
* security hardening -- sandbox, risk override, SSRF self-heal, DAST fix
([#1100](#1100))
([31e7273](31e7273)),
closes [#1098](#1098)
[#696](#696)
[#222](#222)
[#671](#671)


### Bug Fixes

* harden agent identity versioning post-review
([#1128](#1128))
([8eb2859](8eb2859)),
closes [#1076](#1076)


### Documentation

* engine architecture research
([#688](#688)
[#690](#690)
[#848](#848)
[#687](#687))
([#1114](#1114))
([59b31f9](59b31f9))


### Maintenance

* add .claudeignore and split CLAUDE.md for token optimization
([#1112](#1112))
([b0fbd18](b0fbd18))
* bump github.com/sigstore/protobuf-specs from 0.5.0 to 0.5.1 in /cli in
the all group
([#1106](#1106))
([73089c9](73089c9))
* bump jsdom from 29.0.1 to 29.0.2 in /site in the all group
([#1107](#1107))
([8e99dce](8e99dce))
* bump jsdom from 29.0.1 to 29.0.2 in /web in the all group
([#1108](#1108))
([ce8c749](ce8c749))
* bump python from `fb83750` to `6869258` in /docker/backend in the all
group ([#1104](#1104))
([4911726](4911726))
* bump python from `fb83750` to `6869258` in /docker/web in the all
group ([#1103](#1103))
([87bdf09](87bdf09))
* bump the all group across 1 directory with 4 updates
([#1111](#1111))
([f702464](f702464))
* bump the all group in /docker/sandbox with 2 updates
([#1105](#1105))
([05a91ca](05a91ca))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aureliolo Aureliolo Awaiting requested review from Aureliolo Aureliolo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file type:chore Maintenance, cleanup, dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aureliolo