chore(deps): bump the python-deps group across 1 directory with 25 updates by dependabot[bot] · Pull Request #20 · jgoy-labs/server-nexe

dependabot · 2026-04-26T14:54:38Z

Updates the requirements on setproctitle, fastapi, starlette, uvicorn, pydantic, pydantic-settings, httpx, qdrant-client, click, rich, typer, python-dotenv, pyyaml, numpy, prometheus-client, tenacity, psutil, huggingface-hub, fastembed, pypdf, cryptography, keyring, sqlcipher3, pytest-asyncio and pytest-cov to permit the latest version.
Updates setproctitle to 1.3.7

Changelog

Sourced from setproctitle's changelog.

Version 1.3.7

Add support for Python 3.14 (issue #152).

Version 1.3.6

Add support for free-threading (issue #147).

Version 1.3.5

Fix bouncing Dock icon on macOS (issue #143).

Fix building on C23 compilers (issue #145).

Version 1.3.4

Add support for Python 3.13 (issue #139).

Drop support for Python 3.7.

Version 1.3.3

Add support for Python 3.12.

Fix package metadata to include Python 3.11, 3.12.

Version 1.3.2

Restore import-time initialization of macOS to avoid crash on thread+fork (issue #113).

Version 1.3.1

Fixed segfault on macOS 12.5 in forked processes (issue #111). Note that, as a workaround, Activity Monitor will show the title of the parent.

Version 1.3.0

... (truncated)

Commits

389ed6f chore: bump version to 1.3.7
0225735 Build CPython 3.14 wheels
11d5ba7 chore: drop end year copyright
9950f38 chore: use a standard license file format
864cb72 chore: bump version update history
ef9cee1 Merge pull request #148 from lysnikolaou/free-threading
fb28127 Implement support for CPython 3.13t
cacf96f chore: bump version number to 1.3.5
314c9a8 Merge pull request #146 from gershnik/fix-145
8787da7 docs: add release note about C23 compilers fix
Additional commits viewable in compare view

Updates fastapi from 0.128.8 to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

⬆️ Update Pydantic v2 code to address deprecations. PR #15101 by @svlandeg.

Internal

🔨 Tweak translation script. PR #15174 by @YuriiMotov.

⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR #15408 by @dependabot[bot].

⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR #15409 by @dependabot[bot].

⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR #15407 by @dependabot[bot].

⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #15406 by @dependabot[bot].

⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #15405 by @dependabot[bot].

⬆ Bump mypy from 1.19.1 to 1.20.1. PR #15410 by @dependabot[bot].

⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #15400 by @dependabot[bot].

⬆ Bump starlette from 0.52.1 to 1.0.0. PR #15397 by @dependabot[bot].

⬆ Bump pygithub from 2.8.1 to 2.9.1. PR #15396 by @dependabot[bot].

⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR #15393 by @dependabot[bot].

⬆ Bump zizmor from 1.23.1 to 1.24.1. PR #15394 by @dependabot[bot].

⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR #15395 by @dependabot[bot].

⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR #15360 by @dependabot[bot].

⬆ Bump authlib from 1.6.9 to 1.6.11. PR #15373 by @dependabot[bot].

⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR #15282 by @dependabot[bot].

⬆ Bump pygments from 2.19.2 to 2.20.0. PR #15263 by @dependabot[bot].

⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR #15391 by @YuriiMotov.

⬆ Bump pillow from 12.1.1 to 12.2.0. PR #15333 by @dependabot[bot].

⬆ Bump pytest from 9.0.2 to 9.0.3. PR #15334 by @dependabot[bot].

⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #15374 by @dependabot[bot].

⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #15385 by @dependabot[bot].

🔧 Update sponsors: remove Zuplo. PR #15369 by @tiangolo.

🔧 Update sponsors: remove Speakeasy. PR #15368 by @tiangolo.

🔒️ Add zizmor and fix audit findings. PR #15316 by @YuriiMotov.

0.136.0

Upgrades

⬆️ Support free-threaded Python 3.14t. PR #15149 by @svlandeg.

0.135.4

Refactors

🔥 Remove April Fool's @app.vibe() 🤪. PR #15363 by @tiangolo.

Internal

⬆ Bump cryptography from 46.0.5 to 46.0.7. PR #15314 by @dependabot[bot].

⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR #15309 by @dependabot[bot].

🔨 Add pre-commit hook to ensure latest release header has date. PR #15293 by @YuriiMotov.

0.135.3

... (truncated)

Commits

e54e5a8 🔖 Release version 0.136.1
9a8a5fd 📝 Update release notes
7815a32 ⬆️ Update Pydantic v2 code to address deprecations (#15101)
ef1c927 📝 Update release notes
38039e1 🔨 Tweak translation script (#15174)
4fa826c 📝 Update release notes
c394156 ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (#15408)
ae230ad 📝 Update release notes
d9eb39d ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (#15409)
4f8b5d1 📝 Update release notes
Additional commits viewable in compare view

Updates starlette to 1.0.0

Release notes

Sourced from starlette's releases.

Version 1.0.0

Starlette 1.0 is here! 🎉

After nearly eight years since its creation, Starlette has reached its first stable release.

A special thank you to @lovelydinosaur, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏

Thank you to @adriangb, @graingert, @agronholm, @florimondmanca, @aminalaee, @tiangolo, @alex-oleshkevich, @abersheeran, and @uSpike for helping make Starlette what it is today. And to all my sponsors - especially @tiangolo, @huggingface, and @elevenlabs - thank you for your support!

Thank you to all 290+ contributors who have shaped Starlette over the years! ❤️

Read more on the blog post.

Check out the full release notes at https://www.starlette.io/release-notes/#100-march-22-2026

Full Changelog: Kludex/starlette@1.0.0rc1...1.0.0

Changelog

Sourced from starlette's changelog.

1.0.0 (March 22, 2026)

Starlette 1.0 is here!

After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.

You can read more on the blog post.

Added

Track session access and modification in SessionMiddleware #3166.

Fixed

Handle websocket denial responses in StreamingResponse and FileResponse #3189.

Use bytearray for field accumulation in FormParser #3179.

Move parser.finalize() inside try/except in MultiPartParser.parse() #3153.

1.0.0rc1 (February 23, 2026)

We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.

Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost 10 million times a day, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.

This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.

A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:

Kim Christie - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.

Adrian Garcia Badaracco - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.

Thomas Grainger - My async teacher, always ready to help with questions.

Alex Grönholm - Another async mentor, always prompt to help with questions.

Florimond Manca - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.

Amin Alaee - Contributed a lot with file-related PRs.

Sebastián Ramírez - Maintains FastAPI upstream, and always in contact to help with upstream issues.

Alex Oleshkevich - Helped a lot on templates and many discussions.

abersheeran - My go-to person when I need help on many subjects.

I'd also like to thank my sponsors for their support. A special thanks to @tiangolo, @huggingface, and @elevenlabs for their generous sponsorship, and to all my other sponsors:

... (truncated)

Commits

0e88e92 Version 1.0.0 (#3178)
9ee9519 Handle websocket denial responses in streaming and file responses (#3189)
a0bcc26 chore(deps-dev): bump black from 26.1.0 to 26.3.1 (#3183)
79b3f26 chore(deps-dev): bump the python-packages group with 7 updates (#3168)
789b926 Use bytearray for field accumulation in FormParser (#3179)
a1fd9d8 docs: fix typo in routing.md (#3176)
c14d0f7 Document session cookie security flags (#3169)
c2e2878 Move parser.finalize() inside try/except in MultiPartParser.parse() (#3153)
89630a8 chore(deps): bump the github-actions group with 3 updates (#3167)
4647e53 Track session access and modification in SessionMiddleware (#3166)
Additional commits viewable in compare view

Updates uvicorn from 0.34.3 to 0.46.0

Release notes

Sourced from uvicorn's releases.

Version 0.46.0

What's Changed

Support ws_max_size in wsproto implementation by @Kludex in Kludex/uvicorn#2915

Support ws_ping_interval and ws_ping_timeout in wsproto implementation by @Kludex in Kludex/uvicorn#2916

Use bytearray for incoming WebSocket message buffer in websockets-sansio by @Kludex in Kludex/uvicorn#2917

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

Preserve forwarded client ports in proxy headers middleware by @Kludex in Kludex/uvicorn#2903

Accept os.PathLike for log_config by @Kludex in Kludex/uvicorn#2905

Accept log_level strings case-insensitively by @Kludex in Kludex/uvicorn#2907

Raise helpful ImportError when PyYAML is missing for YAML log config by @Kludex in Kludex/uvicorn#2906

Revert empty context for ASGI runs by @Kludex in Kludex/uvicorn#2911

Add --reset-contextvars flag to isolate ASGI request context by @Kludex in Kludex/uvicorn#2912

Revert "Emit http.disconnect on server shutdown for streaming responses" (#2829) by @Kludex in Kludex/uvicorn#2913

New Contributors

@Krishnachaitanyakc made their first contribution in Kludex/uvicorn#2870

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Implement websocket keepalive pings for websockets-sansio by @Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.46.0 (April 23, 2026)

Added

Support ws_max_size in wsproto implementation (#2915)

Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

Add --reset-contextvars flag to isolate ASGI request context (#2912)

Accept os.PathLike for log_config (#2905)

Accept log_level strings case-insensitively (#2907)

Changed

Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)

Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

Preserve forwarded client ports in proxy headers middleware (#2903)

Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @tiangolo for the fix 🙏). See the tweet.

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

... (truncated)

Commits

b224045 Version 0.46.0 (#2918)
7375b5b Use bytearray for incoming WebSocket message buffer in websockets-sansio (#...
d438fb1 Support ws_ping_interval and ws_ping_timeout in wsproto implementation ...
3e6b964 Support ws_max_size in wsproto implementation (#2915)
2c423bd Version 0.45.0 (#2914)
7f027f8 Revert "Emit http.disconnect on server shutdown for streaming responses" (#...
73a80c3 Add --reset-contextvars flag to isolate ASGI request context (#2912)
45c0b56 Revert empty context for ASGI runs (#2911)
850d926 Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)
fdcacb4 Accept log_level strings case-insensitively (#2907)
Additional commits viewable in compare view

Updates pydantic from 2.10.6 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

... (truncated)

Commits

9e9a111 Fix backported test
1ec8c6a Prepare release v2.13.3
fb4f204 Handle AttributeError subclasses with from_attributes
ca3ddd1 Prepare release v2.13.2
000e823 Fix ValidationInfo.field_name missing with model_validate_json()
d45d8be Prepare release 2.13.1
54aca60 Fix ValidationInfo.data missing with model_validate_json()
46bf4fa Fix Pydantic release workflow (#13067)
1b359ed Prepare release v2.13.0 (#13065)
b1bf194 Fix model equality when using runtime extra configuration (#13062)
Additional commits viewable in compare view

Updates pydantic-settings to 2.14.0

Release notes

Sourced from pydantic-settings's releases.

v2.14.0

What's Changed

Fix parsing env vars into Optional Strict types by @hramezani in pydantic/pydantic-settings#792

Fix RecursionError with mutually recursive models in CLI by @hramezani in pydantic/pydantic-settings#794

Fix env_file from model_config ignored in CliApp.run() (#795) by @hramezani in pydantic/pydantic-settings#796

Update dependencies by @hramezani in pydantic/pydantic-settings#798

Add Dependabot configuration by @hramezani in pydantic/pydantic-settings#801

Bump samuelcolvin/check-python-version from 4.1 to 5 by @dependabot[bot] in pydantic/pydantic-settings#802

Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in pydantic/pydantic-settings#803

Bump actions/checkout from 4 to 6 by @dependabot[bot] in pydantic/pydantic-settings#804

Bump astral-sh/setup-uv from 5 to 7 by @dependabot[bot] in pydantic/pydantic-settings#805

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in pydantic/pydantic-settings#806

Ignore chardet and group GitHub Actions in Dependabot by @hramezani in pydantic/pydantic-settings#808

Bump actions/download-artifact from 4 to 8 in the github-actions group by @dependabot[bot] in pydantic/pydantic-settings#809

Bump the python-packages group with 2 updates by @dependabot[bot] in pydantic/pydantic-settings#810

Support reading .env files from FIFOs (e.g. 1Password Environments) by @JacobHayes in pydantic/pydantic-settings#776

Fix AliasChoices ignored when changing provider priority by @hramezani in pydantic/pydantic-settings#813

fix: resolve KeyError in run_subcommand for underscore field names by @bradykieffer in pydantic/pydantic-settings#799

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#814

Fix Literal[numeric Enum] coercion for CLI and env vars by @m9810223 in pydantic/pydantic-settings#811

Fix nested discriminated unions not discovered by env/CLI providers by @hramezani in pydantic/pydantic-settings#816

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#820

CLI ensure env nested max split internally. by @kschwab in pydantic/pydantic-settings#821

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#824

Migrate boto3-stubs to types-boto3 by @hramezani in pydantic/pydantic-settings#831

Fix CLI not recognizing field name with validate_by_name and AliasChoices by @hramezani in pydantic/pydantic-settings#826

Allow customisation of the dotevn setting source to filter variables by @CaselIT in pydantic/pydantic-settings#832

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#833

Introduce yamlfmt by @Viicos in pydantic/pydantic-settings#836

Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group by @dependabot[bot] in pydantic/pydantic-settings#837

Introduce zizmor by @Viicos in pydantic/pydantic-settings#838

Fix CliPositionalArg[list[CustomType]] crash for custom types by @hramezani in pydantic/pydantic-settings#839

Add note about Mypy plugin for BaseSettings.__init__() by @Viicos in pydantic/pydantic-settings#842

Fix cli_ignore_unknown_args=True not working on subcommands by @hramezani in pydantic/pydantic-settings#844

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#847

Fix CLI descriptions lost under python -OO by falling back to json_schema_extra by @hramezani in pydantic/pydantic-settings#843

Prepare release 2.14.0 by @hramezani in pydantic/pydantic-settings#848

New Contributors

@dependabot[bot] made their first contribution in pydantic/pydantic-settings#802

@JacobHayes made their first contribution in pydantic/pydantic-settings#776

@bradykieffer made their first contribution in pydantic/pydantic-settings#799

@CaselIT made their first contribution in pydantic/pydantic-settings#832

Full Changelog: pydantic/pydantic-settings@v2.13.1...v2.14.0

Commits

8916bee Prepare release 2.14.0 (#848)
39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
9ed7f48 Bump the python-packages group with 4 updates (#847)
617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
577c05f Add note about Mypy plugin for BaseSettings.__init__() (#842)
2355bc5 Fix CliPositionalArg[list[CustomType]] crash for custom types (#839)
16bd6fd Introduce zizmor (#838)
df8b239 Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group (#837)
c5401a2 Introduce yamlfmt (#836)
953e28e Bump the python-packages group with 3 updates (#833)
Additional commits viewable in compare view

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

The verify argument as a string argument is now deprecated and will raise warnings.

The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

The deprecated proxies argument has now been removed.

The deprecated app argument has now been removed.

JSON request bodies use a compact representation. (#3363)

Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)

Ensure certifi and httpcore are only imported if required. (#3377)

Treat socks5h as a valid proxy scheme. (#3178)

Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)

Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

The verify argument as a string argument is now deprecated and will raise warnings.

The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

The deprecated proxies argument has now been removed.

The deprecated app argument has now been removed.

JSON request bodies use a compact representation. (#3363)

Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)

Ensure certifi and httpcore are only imported if required. (#3377)

Treat socks5h as a valid proxy scheme. (#3178)

Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)

Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Commits

26d48e0 Version 0.28.1 (#3445)
89599a9 Fix verify=False, cert=... case. (#3442)
8ecb86f Add test for request params behavior changes (#3364) (#3440)
0cb7e5a Bump the python-packages group with 11 updates (#3434)
15e21e9 Updating deprecated docstring Client() class (#3426)
80960fa Version 0.28.0. (#3419)
a33c878 Fix extensions type annotation. (#3380)
ce7e14d Error on verify as str. (#3418)
47f4a96 Handle empty zstd responses (#3412)
189fc4b Update CHANGELOG.md, fix typo(s) (#3406)
Additional commits viewable in compare view

Updates qdrant-client from 1.16.1 to 1.17.1

Release notes

Sourced from qdrant-client's releases.

v1.17.1

Change Log

Features 🌊

#1162 - add a way to provide custom headers in http and grpc by @Anush008 @joein

#1166 - do not use fastembed for bm25 inference with hosted qdrant by @joein

Fixes 🔧

#1169 - do not modify date filters in local mode by @jnMetaCode

#1168 - run server version check in a thread to avoid blocking async client by @joein

#1157 - fix type hint error in grpc_uploader with older versions of protobuf by @joein

Thanks to everyone who contributed to the current release! @jnMetaCode @Anush008 @joein

v1.17.0

Change Log

Features 🚢

#1154 - introduce relevance feedback, add enable_hnsw option to payload indexes, add timeouts to upsert methods, weighted RRF, and more by @joein @coszio @generall

Fixes ⚙️

#1138 - fix score threshold for fusion queries by @cbcoutinho

Thanks to everyone who contributed to the current release! @cbcoutinho @generall @coszio Description has been truncated

…dates Updates the requirements on [setproctitle](https://github.com/dvarrazzo/py-setproctitle), [fastapi](https://github.com/fastapi/fastapi), [starlette](https://github.com/Kludex/starlette), [uvicorn](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [httpx](https://github.com/encode/httpx), [qdrant-client](https://github.com/qdrant/qdrant-client), [click](https://github.com/pallets/click), [rich](https://github.com/Textualize/rich), [typer](https://github.com/fastapi/typer), [python-dotenv](https://github.com/theskumar/python-dotenv), [pyyaml](https://github.com/yaml/pyyaml), [numpy](https://github.com/numpy/numpy), [prometheus-client](https://github.com/prometheus/client_python), [tenacity](https://github.com/jd/tenacity), [psutil](https://github.com/giampaolo/psutil), [huggingface-hub](https://github.com/huggingface/huggingface_hub), [fastembed](https://github.com/qdrant/fastembed), [pypdf](https://github.com/py-pdf/pypdf), [cryptography](https://github.com/pyca/cryptography), [keyring](https://github.com/jaraco/keyring), [sqlcipher3](https://github.com/coleifer/sqlcipher3), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version. Updates `setproctitle` to 1.3.7 - [Changelog](https://github.com/dvarrazzo/py-setproctitle/blob/master/HISTORY.rst) - [Commits](dvarrazzo/py-setproctitle@version-1.3.3...version-1.3.7) Updates `fastapi` from 0.128.8 to 0.136.1 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.8...0.136.1) Updates `starlette` to 1.0.0 - [Release notes](https://github.com/Kludex/starlette/releases) - [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md) - [Commits](Kludex/starlette@0.49.1...1.0.0) Updates `uvicorn` from 0.34.3 to 0.46.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.34.3...0.46.0) Updates `pydantic` from 2.10.6 to 2.13.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.10.6...v2.13.3) Updates `pydantic-settings` to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.4.0...v2.14.0) Updates `httpx` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/encode/httpx/releases) - [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md) - [Commits](encode/httpx@0.27.2...0.28.1) Updates `qdrant-client` from 1.16.1 to 1.17.1 - [Release notes](https://github.com/qdrant/qdrant-client/releases) - [Commits](qdrant/qdrant-client@v1.16.1...v1.17.1) Updates `click` from 8.1.7 to 8.3.3 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.1.7...8.3.3) Updates `rich` from 13.7.0 to 15.0.0 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v13.7.0...v15.0.0) Updates `typer` from 0.9.0 to 0.25.0 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.9.0...0.25.0) Updates `python-dotenv` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) Updates `pyyaml` to 6.0.3 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES) - [Commits](yaml/pyyaml@6.0.2...6.0.3) Updates `numpy` from 1.26.4 to 2.4.4 - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](numpy/numpy@v1.26.4...v2.4.4) Updates `prometheus-client` from 0.19.0 to 0.25.0 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.19.0...v0.25.0) Updates `tenacity` from 9.1.2 to 9.1.4 - [Release notes](https://github.com/jd/tenacity/releases) - [Commits](jd/tenacity@9.1.2...9.1.4) Updates `psutil` from 5.9.8 to 7.2.2 - [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst) - [Commits](giampaolo/psutil@v5.9.8...v7.2.2) Updates `huggingface-hub` from 0.36.2 to 1.12.0 - [Release notes](https://github.com/huggingface/huggingface_hub/releases) - [Commits](huggingface/huggingface_hub@v0.36.2...v1.12.0) Updates `fastembed` to 0.8.0 - [Release notes](https://github.com/qdrant/fastembed/releases) - [Changelog](https://github.com/qdrant/fastembed/blob/main/RELEASE.md) - [Commits](qdrant/fastembed@v0.3.6...v0.8.0) Updates `pypdf` to 6.10.2 - [Release notes](https://github.com/py-pdf/pypdf/releases) - [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md) - [Commits](py-pdf/pypdf@6.9.2...6.10.2) Updates `cryptography` to 47.0.0 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.0...47.0.0) Updates `keyring` to 25.7.0 - [Release notes](https://github.com/jaraco/keyring/releases) - [Changelog](https://github.com/jaraco/keyring/blob/main/NEWS.rst) - [Commits](jaraco/keyring@v25.0.0...v25.7.0) Updates `sqlcipher3` to 0.6.2 - [Commits](coleifer/sqlcipher3@0.5.0...0.6.2) Updates `pytest-asyncio` to 1.3.0 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v1.0.0...v1.3.0) Updates `pytest-cov` to 7.1.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0) --- updated-dependencies: - dependency-name: setproctitle dependency-version: 1.3.7 dependency-type: direct:production dependency-group: python-deps - dependency-name: fastapi dependency-version: 0.136.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: starlette dependency-version: 1.0.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: uvicorn dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pydantic dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: httpx dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: qdrant-client dependency-version: 1.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: click dependency-version: 8.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: rich dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: typer dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: pyyaml dependency-version: 6.0.3 dependency-type: direct:production dependency-group: python-deps - dependency-name: numpy dependency-version: 2.4.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: prometheus-client dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: tenacity dependency-version: 9.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: psutil dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: huggingface-hub dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: fastembed dependency-version: 0.8.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: pypdf dependency-version: 6.10.2 dependency-type: direct:production dependency-group: python-deps - dependency-name: cryptography dependency-version: 47.0.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: keyring dependency-version: 25.7.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: sqlcipher3 dependency-version: 0.6.2 dependency-type: direct:production dependency-group: python-deps - dependency-name: pytest-asyncio dependency-version: 1.3.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: pytest-cov dependency-version: 7.1.0 dependency-type: direct:production dependency-group: python-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-03T14:53:17Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

…tract for Onada 4.1 fix Pin chat_ui_stream accepts rag_threshold + rag_collections kwargs and that the chat_cli unpack pattern (heterogeneous dict {float, list[str]}) binds without TypeError. Covers mypy findings #20,#23,#25,#27. CEC: signature-only.

…ada 4.1 Cluster 5) The empty literal _stream_kwargs = {} let mypy infer dict[str, float] from the first assignment (rag_threshold), making the second assignment (rag_collections: list[str]) incompatible (#20). The 3 unpacking call sites (#23, #25, #27) inherited the wrong inferred type. Annotating dict[str, Any] preserves runtime behaviour and closes the 4 findings in one edit.

… nous Release consolidada v0.9.0 resultant de dues fases de treball: ## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs) Coordinat en sessions independents: - **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1) - **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background) - **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray link web, #20 SEC-004 MIME validation - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX - **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py, tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n get_message() complet - **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) + 3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock, [MEM:N] token mismatch) Auditoria global final APTE (2026-04-02). ## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI) 3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test): **Bloc 1 — Critics (5)** - #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain - #8 TOCTOU master key (os.open atomic) - #10 DreamingCycle connection leak (6/6 funcions) - #29 Phi-3.5 fora del cataleg - Ollama GUI: ollama serve headless (no open -a Ollama al Dock) **Bloc 2 — Mitjana (12)** - #21 validate_string_input API v1 - #22 auth 21 endpoints + docs gated - #17 MEM_SAVE injection strict (whitelist Unicode, blacklist) - #32 history_floor context budget - #15 Ollama breaker semantic (4xx no infra) - #16 SessionManager RLock reentrant - #19 MLX cache singleton double-checked locking - #11 Bootstrap token renewal + retry backoff (1,5,30) - #13 Qdrant pool flush + logger.warning - #20 Module cycles consumer + startup summary - #9 SQL MIN portable (Python min()) - #28 Installer --skip-model-download **Bloc 3 — Baixa (11)** - #3 HF_TOKEN warning silenciat - #4 ANSI constants buides sense TTY - #5 Qdrant didactic isatty guards - #6 warnings position_ids + Some weights filtered - #12 discover_modules early return - #14 TQDM_DISABLE runtime servidor - #18 encoding fallback utf-8 → cp1252 → latin-1 - #23 Ollama no silent fallback → HTTPException 404 - #26 _backend_model_exists best-effort + logger mitigant - #27 _BACKEND_ALIASES backwards-compat - #30 Info.plist LSUIElement=false verificats Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents amb Dev D intermedi per findings. Tot verificat al codi real. ## Pytest consolidat **4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated, test_root::test_enabled_modules, test_security::test_long_context_truncated, 4× test_memory_helper_async::TestGetMemoryApi), 0 regressions. ## Fitxers nous - core/endpoints/chat_engines/ollama_helpers.py (Sprint 4) - core/lifespan_modules.py (Sprint 4) - installer/tray_monitor.py (Sprint 4) - installer/installer_reinstall.py (Bloc 1 Bug 7) ## Stats - 61 fitxers modificats (57 codi/knowledge/tests/installer/personality + README.md + 3 nous) - +1870 / -674 linies ## Version bump v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer) ## Post-release pendent - Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes - Notaritzacio Apple (re-firma si cal) - Test manual DMG per Bug 30 (icona Dock) + smoke tests release - Webs .org i .com ja desplegades durant vacances NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final i push a GitHub release.

…tract for Onada 4.1 fix Pin chat_ui_stream accepts rag_threshold + rag_collections kwargs and that the chat_cli unpack pattern (heterogeneous dict {float, list[str]}) binds without TypeError. Covers mypy findings #20,#23,#25,#27. CEC: signature-only.

…ada 4.1 Cluster 5) The empty literal _stream_kwargs = {} let mypy infer dict[str, float] from the first assignment (rag_threshold), making the second assignment (rag_collections: list[str]) incompatible (#20). The 3 unpacking call sites (#23, #25, #27) inherited the wrong inferred type. Annotating dict[str, Any] preserves runtime behaviour and closes the 4 findings in one edit.

…tract for Onada 4.1 fix Pin chat_ui_stream accepts rag_threshold + rag_collections kwargs and that the chat_cli unpack pattern (heterogeneous dict {float, list[str]}) binds without TypeError. Covers mypy findings #20,#23,#25,#27. CEC: signature-only.

…ada 4.1 Cluster 5) The empty literal _stream_kwargs = {} let mypy infer dict[str, float] from the first assignment (rag_threshold), making the second assignment (rag_collections: list[str]) incompatible (#20). The 3 unpacking call sites (#23, #25, #27) inherited the wrong inferred type. Annotating dict[str, Any] preserves runtime behaviour and closes the 4 findings in one edit.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 26, 2026

dependabot Bot closed this May 3, 2026

dependabot Bot deleted the dependabot/pip/python-deps-ffb3f6aed6 branch May 3, 2026 14:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the python-deps group across 1 directory with 25 updates#20

chore(deps): bump the python-deps group across 1 directory with 25 updates#20
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-deps-ffb3f6aed6

dependabot Bot commented on behalf of github Apr 26, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Version 1.3.7

Version 1.3.6

Version 1.3.5

Version 1.3.4

Version 1.3.3

Version 1.3.2

Version 1.3.1

Version 1.3.0

0.136.1

Upgrades

Internal

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

Version 1.0.0

1.0.0 (March 22, 2026)

Added

Fixed

1.0.0rc1 (February 23, 2026)

Version 0.46.0

What's Changed

Version 0.45.0

What's Changed

New Contributors

Version 0.44.0

What's Changed

Version 0.43.0

Changed

Version 0.42.0

Changed

Fixed

0.46.0 (April 23, 2026)

Added

Changed

0.45.0 (April 21, 2026)

Added

Changed

Fixed

0.44.0 (April 6, 2026)

Added

0.43.0 (April 3, 2026)

Changed

0.42.0 (March 16, 2026)

Changed

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

What's Changed

Packaging

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 (2026-04-13)

What's Changed

New Features

Changes

v2.14.0

dependabot Bot commented on behalf of github Apr 26, 2026 •

edited

Loading