Skip to content

chore(deps): bump the dependencies group across 1 directory with 8 updates#76

Merged
Joilence merged 1 commit into
mainfrom
dependabot/uv/dependencies-6ff80a6df3
Jun 10, 2026
Merged

chore(deps): bump the dependencies group across 1 directory with 8 updates#76
Joilence merged 1 commit into
mainfrom
dependabot/uv/dependencies-6ff80a6df3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 8 updates in the / directory:

Package From To
anthropic 0.104.1 0.107.1
fastmcp 3.3.1 3.4.2
openai 2.38.0 2.41.0
pip 26.1.1 26.1.2
ty 0.0.39 0.0.44
ruff 0.15.14 0.15.16
pytest-asyncio 1.3.0 1.4.0
litellm 1.86.0 1.88.0

Updates anthropic from 0.104.1 to 0.107.1

Release notes

Sourced from anthropic's releases.

v0.107.1

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

  • foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

v0.107.0

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

  • api: small updates to Managed Agents types (72923f9)

v0.106.0

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

  • api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

  • client: make Foundry client copy() and with_options() work (94146ac)
  • transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

  • internal: fix artifact url (a6ed0c4)
  • internal: fix branch names (3b03370)
  • internal: update private repo name (7dbcb05)

Documentation

  • point security reports to Anthropic's HackerOne program (#10) (80f2c97)

v0.105.2

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

  • foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

  • api: small updates to Managed Agents types (72923f9)

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

  • api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

  • client: make Foundry client copy() and with_options() work (94146ac)
  • transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

  • internal: fix artifact url (a6ed0c4)
  • internal: fix branch names (3b03370)
  • internal: update private repo name (7dbcb05)

Documentation

  • point security reports to Anthropic's HackerOne program (#10) (80f2c97)

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

0.105.1 (2026-05-29)

Full Changelog: v0.105.0...v0.105.1

... (truncated)

Commits
  • 260e687 release: 0.107.1
  • 49c5395 fix(foundry): send x-api-key header for API-key auth (#62)
  • 4ceca72 release: 0.107.0
  • 3a6f9d9 feat(api): small updates to Managed Agents types
  • 6a70c9f release: 0.106.0
  • 8fa41c8 codegen metadata
  • 1f55325 Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (#18)
  • a94498c fix(client): make Foundry client copy() and with_options() work
  • 907d849 chore(internal): fix artifact url
  • 9676a5d docs: point security reports to Anthropic's HackerOne program (#10)
  • Additional commits viewable in compare view

Updates fastmcp from 3.3.1 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

Security 🔒

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

v3.4.0: Remote Control

FastMCP 3.4 is about reaching servers that live somewhere else. The headline is fastmcp-remote, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on — making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to.

fastmcp-remote

Some MCP hosts still insist on launching a local stdio command, even when the server you want is already running over HTTP. FastMCP could already proxy a remote URL through fastmcp run, but that pulls in the full server-runner surface. fastmcp-remote is the small, single-purpose version: one URL in, one local stdio proxy out.

{
  "mcpServers": {
    "linear": {
      "command": "uvx",
      "args": ["fastmcp-remote", "https://mcp.linear.app/mcp"]
    }
  }
}

OAuth is enabled automatically for HTTPS servers, with support for explicit bearer tokens and custom headers when you need them. The implementation stays on FastMCP primitives — Client, OAuth, create_proxy, and stdio — and credits the original npm mcp-remote project for the command shape.

... (truncated)

Commits

Updates openai from 2.38.0 to 2.41.0

Release notes

Sourced from openai's releases.

v2.41.0

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)

v2.40.0

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

  • api: Add Amazon Bedrock Responses support

Bug Fixes

  • api: allow setting bedrock api keys on the client directly (4d5bfde)

v2.39.0

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

  • api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)
Changelog

Sourced from openai's changelog.

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

  • api: Add Amazon Bedrock Responses support

Bug Fixes

  • api: allow setting bedrock api keys on the client directly (4d5bfde)

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

  • api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)
Commits
  • 2d955a1 Merge pull request #3359 from openai/release-please--branches--main--changes-...
  • 519cd02 release: 2.41.0
  • 87e46c2 feat(api): responses.moderation and chat_completions.moderation
  • a28a3f6 Merge pull request #3352 from openai/release-please--branches--main--changes-...
  • db6ccaf Update CHANGELOG.md
  • 2264f70 release: 2.40.0
  • 4d5bfde fix(api): allow setting bedrock api keys on the client directly
  • ccef143 Merge pull request #3326 from openai/codex/bedrock-responses-review
  • a50ff0a Fix Bedrock with_options overrides
  • fdf4901 codegen metadata
  • Additional commits viewable in compare view

Updates pip from 26.1.1 to 26.1.2

Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

  • Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
  • Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
  • Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)
Commits
  • 31d7d16 Bump for release
  • 79f348c Update AUTHORS.txt
  • 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
  • 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
  • 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
  • fa7854f Use is_within_directory for entry point check
  • d01b46c NEWS ENTRY
  • 7ff8bdd Fix is_within_directory for doubled-slash roots
  • 7ea3466 NEWS ENTRY
  • 85673ea Fix Accept-Encoding to gzip, deflate
  • Additional commits viewable in compare view

Updates ty from 0.0.39 to 0.0.44

Release notes

Sourced from ty's releases.

0.0.44

Release Notes

Released on 2026-06-04.

Bug fixes

  • Avoid treating sys.implementation.version like sys.version_info (#25608)
  • Fix anchor point for override diagnostics (#25621)

LSP server

  • Show type alias value on hover (#25381)

Performance

  • Add caching for pattern match narrowing (#25613)
  • Compact retained definition and expression identities (#25606)
  • Reuse expression cache for TypedDict union inference (#25643)
  • Upgrade Salsa (#25545)

Core type checking

  • Enable narrowing for unions of TypedDict (#25188)

Contributors

Install ty 0.0.44

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.ps1 | iex"

Download ty 0.0.44

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.44

Released on 2026-06-04.

Bug fixes

  • Avoid treating sys.implementation.version like sys.version_info (#25608)
  • Fix anchor point for override diagnostics (#25621)

LSP server

  • Show type alias value on hover (#25381)

Performance

  • Add caching for pattern match narrowing (#25613)
  • Compact retained definition and expression identities (#25606)
  • Reuse expression cache for TypedDict union inference (#25643)
  • Upgrade Salsa (#25545)

Core type checking

  • Enable narrowing for unions of TypedDict (#25188)

Contributors

0.0.43

Released on 2026-06-03.

Bug fixes

  • Don't inject Unknown from non-callable elements of intersection call (#25538)
  • Don't needlessly disambiguate the same type alias (#25563)
  • Fix variance inference for nested type aliases (#25567)
  • Ignore rejected member annotations for synthesized bindings (#25427)
  • Normalize dynamic class literals in cycle recovery (#25558)
  • Register file roots for first-party search paths (#25522)
  • Treat union-bound typevars like unions for possibly-missing-attribute (#25561)

LSP server

  • Suppress importable completions that are already in scope (#25479)

... (truncated)

Commits

Updates ruff from 0.15.14 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

0.15.15

... (truncated)

Commits

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates litellm from 1.86.0 to 1.88.0

Release notes

Sourced from litellm's releases.

v1.88.0

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.88.0

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.88.0/cosign.pub \
  ghcr.io/berriai/litellm:v1.88.0

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

... (truncated)

Commits
  • bde16ff test(proxy): patch utils.get_server_root_path in passthrough auth tests
  • 3d00874 fix(proxy): match passthrough registry routes bare-to-bare with SERVER_ROOT_PATH
  • 67428bd Merge pull request #29639 from BerriAI/litellm_ghsa_q775_defaults_rc188
  • c5d214c fix(key_generate): harden GHSA-q775 session-token exemption against default_k...
  • c2a0a6a Merge pull request #29637 from BerriAI/litellm_cherrypick_1_88_0_rc3
  • 26e9689 fix(key_generate): exempt UI/CLI session tokens from the budget ceiling for t...
  • 0aea62b Merge pull request #29632 from BerriAI/litellm_cherrypick_1_88_0_rc2
  • ed04563 fix: passthrough endpoints duplicate logs (#29598)
  • 2110b41 fix(vertex): strip output_config.effort for Vertex Claude models that reject ...
  • 8373712 fix(key_generate): allow team members to create keys on org-scoped teams (#29...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group across 1 directory with 8 up…
5fd8ee9 
…dates

Bumps the dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.104.1` | `0.107.1` |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.3.1` | `3.4.2` |
| [openai](https://github.com/openai/openai-python) | `2.38.0` | `2.41.0` |
| [pip](https://github.com/pypa/pip) | `26.1.1` | `26.1.2` |
| [ty](https://github.com/astral-sh/ty) | `0.0.39` | `0.0.44` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.14` | `0.15.16` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |
| [litellm](https://github.com/BerriAI/litellm) | `1.86.0` | `1.88.0` |



Updates `anthropic` from 0.104.1 to 0.107.1
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.104.1...v0.107.1)

Updates `fastmcp` from 3.3.1 to 3.4.2
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.3.1...v3.4.2)

Updates `openai` from 2.38.0 to 2.41.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.38.0...v2.41.0)

Updates `pip` from 26.1.1 to 26.1.2
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.1.1...26.1.2)

Updates `ty` from 0.0.39 to 0.0.44
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.39...0.0.44)

Updates `ruff` from 0.15.14 to 0.15.16
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.16)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `litellm` from 1.86.0 to 1.88.0
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](BerriAI/litellm@v1.86.0...v1.88.0)

---
updated-dependencies:
- dependency-name: anthropic
  dependency-version: 0.107.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: fastmcp
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: openai
  dependency-version: 2.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pip
  dependency-version: 26.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: ty
  dependency-version: 0.0.44
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: litellm
  dependency-version: 1.88.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from Joilence as a code owner June 8, 2026 07:09
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 10 package(s) with unknown licenses.
See the Details below.

License Issues

uv.lock

PackageVersionLicenseIssue Type
anthropic0.107.1NullUnknown License
fastmcp3.4.2NullUnknown License
fastmcp-slim3.4.2NullUnknown License
joserfc1.7.0NullUnknown License
litellm1.88.0NullUnknown License
openai2.41.0NullUnknown License
pip26.1.2NullUnknown License
pytest-asyncio1.4.0NullUnknown License
ruff0.15.16NullUnknown License
starlette1.2.1NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/anthropic 0.107.1 UnknownUnknown
pip/fastmcp 3.4.2 UnknownUnknown
pip/fastmcp-slim 3.4.2 UnknownUnknown
pip/joserfc 1.7.0 UnknownUnknown
pip/litellm 1.88.0 UnknownUnknown
pip/openai 2.41.0 UnknownUnknown
pip/pip 26.1.2 UnknownUnknown
pip/pytest-asyncio 1.4.0 UnknownUnknown
pip/ruff 0.15.16 UnknownUnknown
pip/starlette 1.2.1 UnknownUnknown
pip/ty 0.0.44 UnknownUnknown

Scanned Files

  • uv.lock

@Joilence Joilence merged commit 5edd87e into main Jun 10, 2026
3 checks passed
@Joilence Joilence deleted the dependabot/uv/dependencies-6ff80a6df3 branch June 10, 2026 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Joilence Joilence Awaiting requested review from Joilence Joilence is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Joilence