Skip to content

build(deps): bump the python-deps group across 1 directory with 19 updates#17

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-deps-302620f4e8
Closed

build(deps): bump the python-deps group across 1 directory with 19 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-deps-302620f4e8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on fastapi, uvicorn, pydantic, httpx, qdrant-client, click, rich, typer, python-dotenv, pyyaml, numpy, prometheus-client, tenacity, psutil, huggingface-hub, pypdf, pytest, pytest-asyncio and pytest-cov to permit the latest version.
Updates fastapi from 0.115.0 to 0.135.2

Release notes

Sourced from fastapi's releases.

0.135.2

Upgrades

  • ⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @​svlandeg.

Docs

Translations

Internal

... (truncated)

Commits
  • 25a3697 🔖 Release version 0.135.2
  • ab125da 📝 Update release notes
  • 122b6d4 📝 Add missing last release notes dates (#15202)
  • 68ac0ab 📝 Update release notes
  • ea6e287 📝 Update docs for contributors and team members regarding translation PRs (#1...
  • d0a6f20 📝 Update release notes
  • fd9e192 💄 Fix code blocks in reference docs overflowing table width (#15094)
  • fce9460 📝 Update release notes
  • 0227991 🔨 Exclude spam comments from statistics in scripts/people.py (#15088)
  • cbd64b0 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn from 0.34.3 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

New Contributors

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

... (truncated)

Commits
  • 02bed6f Version 0.42.0 (#2852)
  • d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
  • 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
  • b3c69da Use bytearray for request body accumulation (#2845)
  • 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
  • d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
  • e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
  • 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
  • 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
  • Additional commits viewable in compare view

Updates pydantic from 2.10.6 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits
  • bd2d0dd Prepare release v2.12.5
  • 7d0302e Document security implications when using create_model()
  • e9ef980 Fix typo in Standard Library Types documentation
  • f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
  • a76c1aa Update documentation about JSON Schema
  • 8cbc72c Add documentation about custom __init__()
  • 99eba59 Add additional test for FieldInfo.get_default()
  • c710769 Special case MISSING sentinel in smart_deepcopy()
  • 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
  • c86515a Update parts of the model and revalidate_instances documentation
  • Additional commits viewable in compare view

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Commits

Updates qdrant-client from 1.16.1 to 1.17.1

Release notes

Sourced from qdrant-client's releases.

v1.17.1

Change Log

Features 🌊

Fixes 🔧

  • #1169 - do not modify date filters in local mode by @​jnMetaCode
  • #1168 - run server version check in a thread to avoid blocking async client by @​joein
  • #1157 - fix type hint error in grpc_uploader with older versions of protobuf by @​joein

Thanks to everyone who contributed to the current release! @​jnMetaCode @​Anush008 @​joein

v1.17.0

Change Log

Features 🚢

Fixes ⚙️

Thanks to everyone who contributed to the current release! @​cbcoutinho @​generall @​coszio @​joein

v1.16.2

Change Log

Deprecations ⏳

Fixes ⚙️

Thanks to everyone who contributed to the current release! @​holyMolyTolli @​joein

Commits
  • cd5eb25 bump version to v1.17.1
  • 1699d30 feat: Add support for custom headers (#1162)
  • a410b9d fix: do not modify payload filters in local mode in-place (#1169)
  • 7a01e54 new: run server version check in a thread, don't check bm25 availabil… (#1168)
  • cb4af4f deprecate: completely replace fastembed bm25 with qdrant core bm25 in hosted ...
  • 2763397 fix: fix type hint union with grpc enum with old protobuf (#1157)
  • e7101dc bump version to v1.17.0
  • e50eb17 Update models 1.17 (#1154)
  • 5234450 fix: apply score_threshold filtering after fusion queries in local mode (#1138)
  • 49fa101 bump version to 1.16.2
  • Additional commits viewable in compare view

Updates click from 8.1.7 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

  • Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
  • Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
  • Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
  • Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
  • When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
  • Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

  • Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

    • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
    • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
    • The default parameter can now be any type (bool, None, etc.)
    • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

  • Allow default to be set on Argument for nargs = -1. #2164 #3030

  • Show correct auto complete value for nargs option in combination with flag option #2813

  • Show correct auto complete value for nargs option in combination with flag option #2813

  • Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

  • Lazily import shutil. #3023

  • Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

  • Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

  • Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
  • Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
  • Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
  • Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
  • Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
  • When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

  • Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

    • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
    • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
    • The default parameter can now be any type (bool, None, etc.)
    • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

  • Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

  • Show correct auto complete value for nargs option in combination with flag option :issue:2813

  • Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

  • Lazily import shutil. :pr:3023

  • Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

  • Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

  • Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits
  • 1d038f2 release version 8.3.1
  • 03f3889 Fix Ruff UP038 warning (#3141)
  • 3867781 Fix Ruff UP038 warning
  • b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
  • 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
  • ea70da4 Don't test using a file in docs/ (#3102)
  • e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
  • a92c573 Fix test_edit to work with BSD sed (#3129)
  • bd131e1 Fix test_edit to work with BSD sed
  • 0b5c6b7 Add Best practices section (#3127)
  • Additional commits viewable in compare view

Updates rich from 13.7.0 to 14.3.3

Release notes

Sourced from rich's releases.

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

Added

Changed

... (truncated)

Changelog

Sourced from rich's changelog.

[14.3.3] - 2026-02-19

Fixed

[14.3.2] - 2026-02-01

Fixed

[14.3.1] - 2026-01-24

Fixed

[14.3.0] - 2026-01-24

Fixed

Added

Changed

[14.2.0] - 2025-10-09

Changed

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 26, 2026
@dependabot
build(deps): bump the python-deps group across 1 directory with 19 up…
0329a3d 
…dates

Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic), [httpx](https://github.com/encode/httpx), [qdrant-client](https://github.com/qdrant/qdrant-client), [click](https://github.com/pallets/click), [rich](https://github.com/Textualize/rich), [typer](https://github.com/fastapi/typer), [python-dotenv](https://github.com/theskumar/python-dotenv), [pyyaml](https://github.com/yaml/pyyaml), [numpy](https://github.com/numpy/numpy), [prometheus-client](https://github.com/prometheus/client_python), [tenacity](https://github.com/jd/tenacity), [psutil](https://github.com/giampaolo/psutil), [huggingface-hub](https://github.com/huggingface/huggingface_hub), [pypdf](https://github.com/py-pdf/pypdf), [pytest](https://github.com/pytest-dev/pytest), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version.

Updates `fastapi` from 0.115.0 to 0.135.2
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.0...0.135.2)

Updates `uvicorn` from 0.34.3 to 0.42.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.34.3...0.42.0)

Updates `pydantic` from 2.10.6 to 2.12.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.10.6...v2.12.5)

Updates `httpx` from 0.27.2 to 0.28.1
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.27.2...0.28.1)

Updates `qdrant-client` from 1.16.1 to 1.17.1
- [Release notes](https://github.com/qdrant/qdrant-client/releases)
- [Commits](qdrant/qdrant-client@v1.16.1...v1.17.1)

Updates `click` from 8.1.7 to 8.3.1
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.1.7...8.3.1)

Updates `rich` from 13.7.0 to 14.3.3
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v13.7.0...v14.3.3)

Updates `typer` from 0.9.0 to 0.24.1
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.9.0...0.24.1)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `pyyaml` from 6.0.1 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.1...6.0.3)

Updates `numpy` from 1.26.4 to 2.4.3
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.26.4...v2.4.3)

Updates `prometheus-client` from 0.19.0 to 0.24.1
- [Release notes](https://github.com/prometheus/client_python/releases)
- [Commits](prometheus/client_python@v0.19.0...v0.24.1)

Updates `tenacity` from 9.1.2 to 9.1.4
- [Release notes](https://github.com/jd/tenacity/releases)
- [Commits](jd/tenacity@9.1.2...9.1.4)

Updates `psutil` from 5.9.8 to 7.2.2
- [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst)
- [Commits](giampaolo/psutil@v5.9.8...v7.2.2)

Updates `huggingface-hub` from 0.36.2 to 1.8.0
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v0.36.2...v1.8.0)

Updates `pypdf` from 6.7.5 to 6.9.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.5...6.9.2)

Updates `pytest` to 9.0.2
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.0.0...9.0.2)

Updates `pytest-asyncio` to 1.3.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.23.0...v1.3.0)

Updates `pytest-cov` to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v5.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.135.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: uvicorn
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: pydantic
  dependency-version: 2.12.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: httpx
  dependency-version: 0.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: qdrant-client
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: click
  dependency-version: 8.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: rich
  dependency-version: 14.3.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-deps
- dependency-name: typer
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: numpy
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-deps
- dependency-name: prometheus-client
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: tenacity
  dependency-version: 9.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-deps
- dependency-name: huggingface-hub
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-deps
- dependency-name: pypdf
  dependency-version: 6.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: pytest
  dependency-version: 9.0.2
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: pytest-asyncio
  dependency-version: 1.3.0
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-deps-302620f4e8 branch from 2ce0e03 to 0329a3d Compare March 29, 2026 14:53
jgoy-labs added a commit that referenced this pull request Apr 12, 2026
@jgoy-labs
release: v0.9.0 — 69 bugs tancats (42 sprints + 27 HOMAD) + 201 tests…
8baa187 
… nous

Release consolidada v0.9.0 resultant de dues fases de treball:

## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs)
Coordinat per Uatu amb Claude Opus 4.6 en sessions independents:

- **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1)
- **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background)
- **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer
  - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla
    benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray
    link web, #20 SEC-004 MIME validation
  - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX
- **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py,
  tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n
  get_message() complet
- **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) +
  3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock,
  [MEM:N] token mismatch)

Auditoria global final APTE (Claude Opus 4.6 independent, 2026-04-02).

## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI)
3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test):

**Bloc 1 — Critics (5)**
- #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain
- #8 TOCTOU master key (os.open atomic)
- #10 DreamingCycle connection leak (6/6 funcions)
- #29 Phi-3.5 fora del cataleg
- Ollama GUI: ollama serve headless (no open -a Ollama al Dock)

**Bloc 2 — Mitjana (12)**
- #21 validate_string_input API v1
- #22 auth 21 endpoints + docs gated
- #17 MEM_SAVE injection strict (whitelist Unicode, blacklist)
- #32 history_floor context budget
- #15 Ollama breaker semantic (4xx no infra)
- #16 SessionManager RLock reentrant
- #19 MLX cache singleton double-checked locking
- #11 Bootstrap token renewal + retry backoff (1,5,30)
- #13 Qdrant pool flush + logger.warning
- #20 Module cycles consumer + startup summary
- #9 SQL MIN portable (Python min())
- #28 Installer --skip-model-download

**Bloc 3 — Baixa (11)**
- #3 HF_TOKEN warning silenciat
- #4 ANSI constants buides sense TTY
- #5 Qdrant didactic isatty guards
- #6 warnings position_ids + Some weights filtered
- #12 discover_modules early return
- #14 TQDM_DISABLE runtime servidor
- #18 encoding fallback utf-8 → cp1252 → latin-1
- #23 Ollama no silent fallback → HTTPException 404
- #26 _backend_model_exists best-effort + logger mitigant
- #27 _BACKEND_ALIASES backwards-compat
- #30 Info.plist LSUIElement=false verificats

Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents
amb Dev D intermedi per findings. Tot verificat al codi real.

## Pytest consolidat
**4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated,
test_root::test_enabled_modules, test_security::test_long_context_truncated,
4× test_memory_helper_async::TestGetMemoryApi), 0 regressions.

## Fitxers nous
- core/endpoints/chat_engines/ollama_helpers.py (Sprint 4)
- core/lifespan_modules.py (Sprint 4)
- installer/tray_monitor.py (Sprint 4)
- installer/installer_reinstall.py (Bloc 1 Bug 7)

## Stats
- 61 fitxers modificats (57 codi/knowledge/tests/installer/personality +
  README.md + 3 nous)
- +1870 / -674 linies

## Version bump
v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer)

## Post-release pendent
- Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes
- Notaritzacio Apple (re-firma si cal)
- Test manual DMG per Bug 30 (icona Dock) + smoke tests release
- Webs .org i .com ja desplegades per Uatu durant vacances

NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final
i push a GitHub release.
@dependabot @github

dependabot Bot commented on behalf of github Apr 12, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 12, 2026
@dependabot dependabot Bot deleted the dependabot/pip/python-deps-302620f4e8 branch April 12, 2026 11:26
jgoy-labs added a commit that referenced this pull request Apr 12, 2026
@jgoy-labs
release: v0.9.0 — 69 bugs tancats (42 sprints + 27 HOMAD) + 201 tests…
c0b89f8 
… nous

Release consolidada v0.9.0 resultant de dues fases de treball:

## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs)
Coordinat en sessions independents:

- **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1)
- **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background)
- **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer
  - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla
    benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray
    link web, #20 SEC-004 MIME validation
  - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX
- **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py,
  tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n
  get_message() complet
- **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) +
  3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock,
  [MEM:N] token mismatch)

Auditoria global final APTE (2026-04-02).

## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI)
3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test):

**Bloc 1 — Critics (5)**
- #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain
- #8 TOCTOU master key (os.open atomic)
- #10 DreamingCycle connection leak (6/6 funcions)
- #29 Phi-3.5 fora del cataleg
- Ollama GUI: ollama serve headless (no open -a Ollama al Dock)

**Bloc 2 — Mitjana (12)**
- #21 validate_string_input API v1
- #22 auth 21 endpoints + docs gated
- #17 MEM_SAVE injection strict (whitelist Unicode, blacklist)
- #32 history_floor context budget
- #15 Ollama breaker semantic (4xx no infra)
- #16 SessionManager RLock reentrant
- #19 MLX cache singleton double-checked locking
- #11 Bootstrap token renewal + retry backoff (1,5,30)
- #13 Qdrant pool flush + logger.warning
- #20 Module cycles consumer + startup summary
- #9 SQL MIN portable (Python min())
- #28 Installer --skip-model-download

**Bloc 3 — Baixa (11)**
- #3 HF_TOKEN warning silenciat
- #4 ANSI constants buides sense TTY
- #5 Qdrant didactic isatty guards
- #6 warnings position_ids + Some weights filtered
- #12 discover_modules early return
- #14 TQDM_DISABLE runtime servidor
- #18 encoding fallback utf-8 → cp1252 → latin-1
- #23 Ollama no silent fallback → HTTPException 404
- #26 _backend_model_exists best-effort + logger mitigant
- #27 _BACKEND_ALIASES backwards-compat
- #30 Info.plist LSUIElement=false verificats

Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents
amb Dev D intermedi per findings. Tot verificat al codi real.

## Pytest consolidat
**4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated,
test_root::test_enabled_modules, test_security::test_long_context_truncated,
4× test_memory_helper_async::TestGetMemoryApi), 0 regressions.

## Fitxers nous
- core/endpoints/chat_engines/ollama_helpers.py (Sprint 4)
- core/lifespan_modules.py (Sprint 4)
- installer/tray_monitor.py (Sprint 4)
- installer/installer_reinstall.py (Bloc 1 Bug 7)

## Stats
- 61 fitxers modificats (57 codi/knowledge/tests/installer/personality +
  README.md + 3 nous)
- +1870 / -674 linies

## Version bump
v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer)

## Post-release pendent
- Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes
- Notaritzacio Apple (re-firma si cal)
- Test manual DMG per Bug 30 (icona Dock) + smoke tests release
- Webs .org i .com ja desplegades durant vacances

NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final
i push a GitHub release.
jgoy-labs added a commit that referenced this pull request May 14, 2026
@jgoy-labs
fix(core+installer): apply pointwise assignment annotations (Onada 4.…
2ba150d 
…1 Cluster 7)

9 independent assignment/arg-type findings closed via minimal annotations
or casts (no behavioural change):

- installer/installer_catalog_data.py:450 — cast(str, value) after
  truthy guard (#1)
- core/config.py:115 — pre-declare found_path: Optional[Path] before
  if/else branch (#4)
- core/cli/client.py:46 — declare self._ssl_context: Optional[
  ssl.SSLContext] = None before populating in if-branch (#13)
- core/cli/output.py:33 — annotate module-level console: Any to bridge
  the dual-decl Console / FallbackConsole (#14)
- core/resources.py:110 — cast(Any, resource_path) so Path() accepts
  the importlib.resources Traversable that exposes __fspath__ (#17)
- core/resilience/circuit_breaker.py:76 — annotate __lock_loop:
  Optional[asyncio.AbstractEventLoop] = None (#18)
- core/dependencies.py:43-44 — annotate rate_limit_tracker /
  start_rate_limit_cleanup_task as Optional[Any] = None in the import
  fallback (#29, #30)
- core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str],
  list[int]]] = [] (#62)
jgoy-labs added a commit that referenced this pull request May 16, 2026
@jgoy-labs
release: v0.9.0 — 69 bugs tancats (42 sprints + 27 HOMAD) + 201 tests…
f4f1428 
… nous

Release consolidada v0.9.0 resultant de dues fases de treball:

## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs)
Coordinat en sessions independents:

- **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1)
- **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background)
- **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer
  - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla
    benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray
    link web, #20 SEC-004 MIME validation
  - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX
- **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py,
  tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n
  get_message() complet
- **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) +
  3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock,
  [MEM:N] token mismatch)

Auditoria global final APTE (2026-04-02).

## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI)
3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test):

**Bloc 1 — Critics (5)**
- #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain
- #8 TOCTOU master key (os.open atomic)
- #10 DreamingCycle connection leak (6/6 funcions)
- #29 Phi-3.5 fora del cataleg
- Ollama GUI: ollama serve headless (no open -a Ollama al Dock)

**Bloc 2 — Mitjana (12)**
- #21 validate_string_input API v1
- #22 auth 21 endpoints + docs gated
- #17 MEM_SAVE injection strict (whitelist Unicode, blacklist)
- #32 history_floor context budget
- #15 Ollama breaker semantic (4xx no infra)
- #16 SessionManager RLock reentrant
- #19 MLX cache singleton double-checked locking
- #11 Bootstrap token renewal + retry backoff (1,5,30)
- #13 Qdrant pool flush + logger.warning
- #20 Module cycles consumer + startup summary
- #9 SQL MIN portable (Python min())
- #28 Installer --skip-model-download

**Bloc 3 — Baixa (11)**
- #3 HF_TOKEN warning silenciat
- #4 ANSI constants buides sense TTY
- #5 Qdrant didactic isatty guards
- #6 warnings position_ids + Some weights filtered
- #12 discover_modules early return
- #14 TQDM_DISABLE runtime servidor
- #18 encoding fallback utf-8 → cp1252 → latin-1
- #23 Ollama no silent fallback → HTTPException 404
- #26 _backend_model_exists best-effort + logger mitigant
- #27 _BACKEND_ALIASES backwards-compat
- #30 Info.plist LSUIElement=false verificats

Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents
amb Dev D intermedi per findings. Tot verificat al codi real.

## Pytest consolidat
**4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated,
test_root::test_enabled_modules, test_security::test_long_context_truncated,
4× test_memory_helper_async::TestGetMemoryApi), 0 regressions.

## Fitxers nous
- core/endpoints/chat_engines/ollama_helpers.py (Sprint 4)
- core/lifespan_modules.py (Sprint 4)
- installer/tray_monitor.py (Sprint 4)
- installer/installer_reinstall.py (Bloc 1 Bug 7)

## Stats
- 61 fitxers modificats (57 codi/knowledge/tests/installer/personality +
  README.md + 3 nous)
- +1870 / -674 linies

## Version bump
v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer)

## Post-release pendent
- Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes
- Notaritzacio Apple (re-firma si cal)
- Test manual DMG per Bug 30 (icona Dock) + smoke tests release
- Webs .org i .com ja desplegades durant vacances

NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final
i push a GitHub release.
jgoy-labs added a commit that referenced this pull request May 16, 2026
@jgoy-labs
fix(core+installer): apply pointwise assignment annotations (Onada 4.…
771a7d1 
…1 Cluster 7)

9 independent assignment/arg-type findings closed via minimal annotations
or casts (no behavioural change):

- installer/installer_catalog_data.py:450 — cast(str, value) after
  truthy guard (#1)
- core/config.py:115 — pre-declare found_path: Optional[Path] before
  if/else branch (#4)
- core/cli/client.py:46 — declare self._ssl_context: Optional[
  ssl.SSLContext] = None before populating in if-branch (#13)
- core/cli/output.py:33 — annotate module-level console: Any to bridge
  the dual-decl Console / FallbackConsole (#14)
- core/resources.py:110 — cast(Any, resource_path) so Path() accepts
  the importlib.resources Traversable that exposes __fspath__ (#17)
- core/resilience/circuit_breaker.py:76 — annotate __lock_loop:
  Optional[asyncio.AbstractEventLoop] = None (#18)
- core/dependencies.py:43-44 — annotate rate_limit_tracker /
  start_rate_limit_cleanup_task as Optional[Any] = None in the import
  fallback (#29, #30)
- core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str],
  list[int]]] = [] (#62)
jgoy-labs added a commit that referenced this pull request May 16, 2026
@jgoy-labs
fix(core+installer): apply pointwise assignment annotations (Onada 4.…
c086507 
…1 Cluster 7)

9 independent assignment/arg-type findings closed via minimal annotations
or casts (no behavioural change):

- installer/installer_catalog_data.py:450 — cast(str, value) after
  truthy guard (#1)
- core/config.py:115 — pre-declare found_path: Optional[Path] before
  if/else branch (#4)
- core/cli/client.py:46 — declare self._ssl_context: Optional[
  ssl.SSLContext] = None before populating in if-branch (#13)
- core/cli/output.py:33 — annotate module-level console: Any to bridge
  the dual-decl Console / FallbackConsole (#14)
- core/resources.py:110 — cast(Any, resource_path) so Path() accepts
  the importlib.resources Traversable that exposes __fspath__ (#17)
- core/resilience/circuit_breaker.py:76 — annotate __lock_loop:
  Optional[asyncio.AbstractEventLoop] = None (#18)
- core/dependencies.py:43-44 — annotate rate_limit_tracker /
  start_rate_limit_cleanup_task as Optional[Any] = None in the import
  fallback (#29, #30)
- core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str],
  list[int]]] = [] (#62)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants