Bump the python-packages group with 4 updates#850
Merged
Conversation
Bumps the python-packages group with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [boto3](https://github.com/boto/boto3), [mypy](https://github.com/python/mypy) and [ruff](https://github.com/astral-sh/ruff). Updates `pydantic` from 2.12.5 to 2.13.1 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.12.5...v2.13.1) Updates `boto3` from 1.42.87 to 1.42.90 - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.42.87...1.42.90) Updates `mypy` from 1.20.0 to 1.20.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.20.0...v1.20.1) Updates `ruff` from 0.15.10 to 0.15.11 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.10...0.15.11) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: boto3 dependency-version: 1.42.90 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: mypy dependency-version: 1.20.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: ruff dependency-version: 0.15.11 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages ... Signed-off-by: dependabot[bot] <support@github.com>
hramezani
approved these changes
Apr 24, 2026
736-c41-2c1-e464fc974
added a commit
to Swiss-Armed-Forces/Loom
that referenced
this pull request
Jun 29, 2026
This MR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [debugpy](https://aka.ms/debugpy) ([source](https://github.com/microsoft/debugpy)) | dev | patch | `1.8.20` → `1.8.21` | [](https://securityscorecards.dev/viewer/?uri=github.com/microsoft/debugpy) | | [numpy](https://github.com/numpy/numpy) ([changelog](https://numpy.org/doc/stable/release)) | dependencies | patch | `2.4.4` → `2.4.6` | [](https://securityscorecards.dev/viewer/?uri=github.com/numpy/numpy) | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) ([changelog](https://github.com/pydantic/pydantic-settings/releases)) | dependencies | patch | `2.14.0` → `2.14.2` | [](https://securityscorecards.dev/viewer/?uri=github.com/pydantic/pydantic-settings) | | [python-multipart](https://github.com/Kludex/python-multipart) ([changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)) | dependencies | patch | `^0.0.22` → `^0.0.32` | [](https://securityscorecards.dev/viewer/?uri=github.com/Kludex/python-multipart) | | [types-requests](https://github.com/python/typeshed) ([changelog](https://github.com/typeshed-internal/stub_uploader/blob/main/data/changelogs/requests.md)) | dependencies | patch | `2.32.0.20240523` → `2.32.4.20260324` | [](https://securityscorecards.dev/viewer/?uri=github.com/python/typeshed) | --- ### Release Notes <details> <summary>microsoft/debugpy (debugpy)</summary> ### [`v1.8.21`](https://github.com/microsoft/debugpy/releases/tag/v1.8.21): debugpy v1.8.21 [Compare Source](microsoft/debugpy@v1.8.20...v1.8.21) Fixes for: - Return evaluate result in DAP response body instead of writing to stdout: [#​2027](microsoft/debugpy#2027) - Prevent invalid `scopes` request from crashing debug session: [#​2026](microsoft/debugpy#2026) - Skip uninitialized `__slots__` in variable resolver: [#​2024](microsoft/debugpy#2024) - Handle `-c` arguments that are `bytes` instead of `str`: [#​2021](microsoft/debugpy#2021) - Fix evaluation of variables from chained exception frames: [#​2018](microsoft/debugpy#2018) - `ContinueRequest` with a specific `threadId` no longer resumes all threads (in-process adapter): [#​2012](microsoft/debugpy#2012) - Avoid strong reference to exceptions during unwind: [#​2008](microsoft/debugpy#2008) - Show error message on evaluate failures in the hover context: [#​2006](microsoft/debugpy#2006) - Display `dlerror` output when `dlopen` fails: [#​2000](microsoft/debugpy#2000) - Replace removed `pkgutil.get_loader` with `importlib.util.find_spec` in `get_fullname`: [#​1998](microsoft/debugpy#1998) Enhancements: - Add option to ignore all system exit codes: [#​2017](microsoft/debugpy#2017) - Pull changes from pydevd up to March 2026: [#​2010](microsoft/debugpy#2010) Infrastructure work: - Suppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA [#​2816216](https://github.com/microsoft/debugpy/issues/2816216), [#​2816217](https://github.com/microsoft/debugpy/issues/2816217), [#​2816218](https://github.com/microsoft/debugpy/issues/2816218), [#​2816219](https://github.com/microsoft/debugpy/issues/2816219), [#​2816220](https://github.com/microsoft/debugpy/issues/2816220)): [#​2028](microsoft/debugpy#2028), [#​2029](microsoft/debugpy#2029), [#​2030](microsoft/debugpy#2030), [#​2031](microsoft/debugpy#2031), [#​2032](microsoft/debugpy#2032) Thanks to [@​maxbachmann](https://github.com/maxbachmann), [@​mfussenegger](https://github.com/mfussenegger), and [@​sambrightman](https://github.com/sambrightman) for the commits. </details> <details> <summary>numpy/numpy (numpy)</summary> ### [`v2.4.6`](https://github.com/numpy/numpy/releases/tag/v2.4.6): (May 18, 2026) [Compare Source](numpy/numpy@v2.4.5...v2.4.6) ### NumPy 2.4.6 Release Notes NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release. This release supports Python versions 3.11-3.14 #### Contributors A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time. - !EarlMilktea - Charles Harris - Sebastian Berg - Warren Weckesser #### Pull requests merged A total of 4 pull requests were merged for this release. - [#​31444](numpy/numpy#31444): MAINT: Prepare 2.4.x for further development - [#​31453](numpy/numpy#31453): BUG: Fix regression in `arr.conj()` - [#​31459](numpy/numpy#31459): BUG: `np.linalg.svd(..., hermitian=True)` returns non-unitary... - [#​31460](numpy/numpy#31460): BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator... ### [`v2.4.5`](https://github.com/numpy/numpy/releases/tag/v2.4.5): (May 15, 2026) [Compare Source](numpy/numpy@v2.4.4...v2.4.5) ### NumPy 2.4.5 Release Notes NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure. This release supports Python versions 3.11-3.14 #### Contributors A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. - Aleksei Nikiforov - Anarion Zuo + - Ankit Ahlawat - Breno Favaretto + - Charles Harris - Igor Krivenko + - Ijtihed Kilani + - Joren Hammudoglu - Maarten Baert + - Matti Picus - Nathan Goldbaum - Praneeth Kodumagulla + - Ralf Gommers - RoomWithOutRoof + - Sebastian Berg - Warren Weckesser - div + #### Pull requests merged A total of 28 pull requests were merged for this release. - [#​31093](numpy/numpy#31093): MAINT: Prepare 2.4.x for further development - [#​31182](numpy/numpy#31182): TYP: fix `np.shape` assignability issue for python lists ([#​31171](numpy/numpy#31171)) - [#​31197](numpy/numpy#31197): ENH: Return rank 0 for empty matrices in matrix\_rank ([#​30422](numpy/numpy#30422)) - [#​31198](numpy/numpy#31198): CI/BUG: add native jobs for s390x, fix bug in `pack_inner`... - [#​31199](numpy/numpy#31199): BUG: f2py map complex\_long\_double to NPY\_CLONGDOUBLE - [#​31205](numpy/numpy#31205): MAINT: f2py: Stop setting re.\_MAXCACHE to 50. - [#​31206](numpy/numpy#31206): BUG: fix heap buffer overflow in timedelta to string casts - [#​31207](numpy/numpy#31207): MAINT: Rename ppc64le and s390x workflow ([#​31121](numpy/numpy#31121)) - [#​31208](numpy/numpy#31208): BUG: Fix matvec/vecmat in-place aliasing (out=input produces... - [#​31209](numpy/numpy#31209): TYP: `tile`: accept numpy scalars and arrays as second argument... - [#​31211](numpy/numpy#31211): DEP: Undo deprecation for np.dtype() signature used by old pickles... - [#​31212](numpy/numpy#31212): REV: Manual revert of float16 svml use ([#​31178](numpy/numpy#31178)) - [#​31222](numpy/numpy#31222): TYP: `ix_` fix for boolean and non-1d input ([#​31218](numpy/numpy#31218)) - [#​31329](numpy/numpy#31329): BUG: incorrect temp elision for new-style (NEP 43) user-defined... - [#​31330](numpy/numpy#31330): TYP: fix sliding\_window\_view axis parameter typing - [#​31335](numpy/numpy#31335): BUG: Prevent deadlock due to downstream importing NumPy in dlopen... - [#​31336](numpy/numpy#31336): BUG: Fix segfault in nditer.multi\_index when \_\_getitem\_\_ raises... - [#​31338](numpy/numpy#31338): TYP: Fix ruff lint error - [#​31357](numpy/numpy#31357): BUG: fix memory leak in np.zeros when fill-zero loop raises ([#​31320](numpy/numpy#31320)) - [#​31358](numpy/numpy#31358): BUG: np.einsum() fails with a 0-dimensional out argument and... - [#​31379](numpy/numpy#31379): BUG: Fix signed overflow issue in npy\_gcd for INT\_MIN on s390x... - [#​31383](numpy/numpy#31383): CI: remove Cirrus CI FreeBSD job ([#​31380](numpy/numpy#31380)) - [#​31390](numpy/numpy#31390): BUILD: newer MKL uses so.3 - [#​31391](numpy/numpy#31391): BLD/MAINT: improve support for Intel LLVM compilers - [#​31401](numpy/numpy#31401): BUG: Avoid UB in [safe]()\[add,sub,mul] helpers ([#​31396](numpy/numpy#31396)) - [#​31402](numpy/numpy#31402): BUG: exclude \_\_pycache\_\_ directories from wheels ([#​31397](numpy/numpy#31397)) - [#​31404](numpy/numpy#31404): TYP: `_NestedSequence` type parameter default to work around... - [#​31426](numpy/numpy#31426): TYP: Fix `DTypeLike` runtime type-checker support ([#​31425](numpy/numpy#31425)) </details> <details> <summary>pydantic/pydantic-settings (pydantic-settings)</summary> ### [`v2.14.2`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.2) [Compare Source](pydantic/pydantic-settings@v2.14.1...v2.14.2) #### What's Changed This is a security patch release. - Prevent `NestedSecretsSettingsSource` from following symlinks outside `secrets_dir` by [@​hramezani](https://github.com/hramezani) in [#​889](pydantic/pydantic-settings#889) - Prepare release 2.14.2 by [@​hramezani](https://github.com/hramezani) in [#​890](pydantic/pydantic-settings#890) ##### Security Fixes [GHSA-4xgf-cpjx-pc3j](GHSA-4xgf-cpjx-pc3j): `NestedSecretsSettingsSource` with `secrets_nested_subdir=True` could follow a symbolic link inside `secrets_dir` pointing outside it, reading out-of-tree files into settings values and bypassing the `secrets_dir_max_size` cap. Affected versions: `>= 2.12.0, < 2.14.2`. **Full Changelog**: <pydantic/pydantic-settings@v2.14.1...v2.14.2> ### [`v2.14.1`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.1) [Compare Source](pydantic/pydantic-settings@v2.14.0...v2.14.1) #### What's Changed - Bump the python-packages group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​850](pydantic/pydantic-settings#850) - Bump the python-packages group with 5 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​854](pydantic/pydantic-settings#854) - Bump the github-actions group with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​853](pydantic/pydantic-settings#853) - Bump the python-packages group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​856](pydantic/pydantic-settings#856) - Fix field named `cls` conflicting with classmethod parameter by [@​hramezani](https://github.com/hramezani) in [#​858](pydantic/pydantic-settings#858) - Prepare release 2.14.1 by [@​hramezani](https://github.com/hramezani) in [#​859](pydantic/pydantic-settings#859) **Full Changelog**: <pydantic/pydantic-settings@v2.14.0...v2.14.1> </details> <details> <summary>Kludex/python-multipart (python-multipart)</summary> ### [`v0.0.32`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0032-2026-06-04) [Compare Source](Kludex/python-multipart@0.0.31...0.0.32) - Speed up partial-boundary scanning for CR/LF-dense part data [#​300](Kludex/python-multipart#300). ### [`v0.0.31`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0031-2026-06-04) [Compare Source](Kludex/python-multipart@0.0.30...0.0.31) - Speed up multipart header parsing and callback dispatch [#​295](Kludex/python-multipart#295). - Bound header field name size before validating [#​296](Kludex/python-multipart#296). - Validate `Content-Length` is non-negative in `parse_form` [#​297](Kludex/python-multipart#297). ### [`v0.0.30`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0030-2026-05-31) [Compare Source](Kludex/python-multipart@0.0.29...0.0.30) - Parse `application/x-www-form-urlencoded` bodies per the WHATWG URL standard, treating only `&` as a field separator [#​290](Kludex/python-multipart#290). - Ignore RFC 2231/5987 extended parameters (`name*`, `filename*`) in `parse_options_header`, keeping the plain parameter authoritative per [RFC 7578 §4.2](https://datatracker.ietf.org/doc/html/rfc7578#section-4.2) [#​291](Kludex/python-multipart#291). ### [`v0.0.29`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0029-2026-05-17) [Compare Source](Kludex/python-multipart@0.0.28...0.0.29) - Handle malformed RFC 2231 continuations in `parse_options_header` [#​270](Kludex/python-multipart#270). ### [`v0.0.28`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0028-2026-05-10) [Compare Source](Kludex/python-multipart@0.0.27...0.0.28) - Speed up partial-boundary tail scan via `bytes.find` [#​281](Kludex/python-multipart#281). - Cap multipart boundary length at 256 bytes [#​282](Kludex/python-multipart#282). ### [`v0.0.27`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0027-2026-04-27) [Compare Source](Kludex/python-multipart@0.0.26...0.0.27) - Add multipart header limits [#​267](Kludex/python-multipart#267). - Pass parse offsets via constructors [#​268](Kludex/python-multipart#268). ### [`v0.0.26`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0026-2026-04-10) [Compare Source](Kludex/python-multipart@0.0.25...0.0.26) - Skip preamble before the first multipart boundary more efficiently [#​262](Kludex/python-multipart#262). - Silently discard epilogue data after the closing multipart boundary [#​259](Kludex/python-multipart#259). ### [`v0.0.25`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0025-2026-04-10) [Compare Source](Kludex/python-multipart@0.0.24...0.0.25) - Add MIME content type info to `File` [#​143](Kludex/python-multipart#143). - Handle CTE values case-insensitively [#​258](Kludex/python-multipart#258). - Remove custom `FormParser` classes [#​257](Kludex/python-multipart#257). - Add `UPLOAD_DELETE_TMP` to `FormParser` config [#​254](Kludex/python-multipart#254). - Emit `field_end` for trailing bare field names on finalize [#​230](Kludex/python-multipart#230). - Handle multipart headers case-insensitively [#​252](Kludex/python-multipart#252). - Apply Apache-2.0 properly [#​247](Kludex/python-multipart#247). ### [`v0.0.24`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0024-2026-04-05) [Compare Source](Kludex/python-multipart@0.0.23...0.0.24) - Validate `chunk_size` in `parse_form()` [#​244](Kludex/python-multipart#244). ### [`v0.0.23`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0023-2026-04-05) [Compare Source](Kludex/python-multipart@0.0.22...0.0.23) - Remove unused `trust_x_headers` parameter and `X-File-Name` fallback [#​196](Kludex/python-multipart#196). - Return processed length from `QuerystringParser._internal_write` [#​229](Kludex/python-multipart#229). - Cleanup metadata dunders from `__init__.py` [#​227](Kludex/python-multipart#227). </details> --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMTYiLCJ1cGRhdGVkSW5WZXIiOiI0My4yNDYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=--> See merge request swiss-armed-forces/cyber-command/cea/loom!460 Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com> Co-authored-by: shrewd-laidback palace <shrewd-laidback-palace-736-c41-2c1-e464fc974@swiss-armed-forces-open-source.ch>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the python-packages group with 4 updates: pydantic, boto3, mypy and ruff.
Updates
pydanticfrom 2.12.5 to 2.13.1Release notes
Sourced from pydantic's releases.
... (truncated)
Changelog
Sourced from pydantic's changelog.
... (truncated)
Commits
d45d8bePrepare release 2.13.154aca60FixValidationInfo.datamissing withmodel_validate_json()46bf4faFix Pydantic release workflow (#13067)1b359edPrepare release v2.13.0 (#13065)b1bf194Fix model equality when using runtimeextraconfiguration (#13062)17a35e3Update jiter to v0.14.0 (#13064)feea402Usesimulationmode in Codspeed CI (#13063)671c9b0Add basic benchmarks for model equality (#13061)d17d71eBump cryptography from 46.0.6 to 46.0.7 (#13056)919d61a👥 Update Pydantic People (#13059)Updates
boto3from 1.42.87 to 1.42.90Commits
ac298d4Merge branch 'release-1.42.90'c16e41eBumping version to 1.42.90ec6d8b3Add changelog entries from botocoree73a6f9Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 (#4767)54a9dc1Merge branch 'release-1.42.89'0cb8ca5Merge branch 'release-1.42.89' into develop730d84cBumping version to 1.42.896b65768Add changelog entries from botocoref92a06cMerge branch 'release-1.42.88'5da0f6aMerge branch 'release-1.42.88' into developUpdates
mypyfrom 1.20.0 to 1.20.1Changelog
Sourced from mypy's changelog.
... (truncated)
Commits
c60e8bfBump version to 1.20.1842e492Always disable sync in SQLite cache (#21184)e82a046Temporarily skip few base64 tests (#21193)f7fa418Revert dict.or typeshed change (#21186)a2e8ee1Fix narrowing for match case with variadic tuples (#21192)521f88fAvoid narrowing type[T] in type calls (#21174)a4876e9Fix regression for catching empty tuple in except (#21153)6fccffcFix reachability for frozenset and dict view narrowing (#21151)de50419Fix narrowing with chained comparison (#21150)eafcf18Avoid narrowing to unreachable at module level (#21144)Updates
rufffrom 0.15.10 to 0.15.11Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
Commits
53554b1Bump 0.15.11 (#24678)08c56c8Factor out themdtestcrate (#24616)725fbb7[ty] Use partially qualified names when reporting diagnostics regarding bad c...ddd6a30[ty] Do not suggest argument completion when at value of keyword argument (#2...9282e61Disallow@disjoint_base on TypedDicts and Protocols (#24671)e9986d8[ty] Reject using properties withNeversetters or deleters (#24510)9cf212f[ty] Normalize property setter and deleter wrappers (#24509)12a1589Add override mention to ASYNC109 docs (#24666)dccb03d[ty] Avoid panicking on overloadedCallabletype context (#24661)61f9a0a[ty] Sync vendored typeshed stubs (#24646)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions