Skip to content

chore(deps): Bump the uv group across 2 directories with 3 updates#189

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/libs/filonov/uv-a06792fdae
Open

chore(deps): Bump the uv group across 2 directories with 3 updates#189
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/libs/filonov/uv-a06792fdae

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown

Bumps the uv group with 1 update in the /libs/filonov directory: tornado.
Bumps the uv group with 2 updates in the /libs/media_similarity directory: langchain and ujson.

Updates tornado from 6.5.2 to 6.5.7

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits
  • 48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
  • 4ae1ddd Release notes and version bump for 6.5.7
  • 3154caa curl_httpclient: Reset the curl object before putting it on the freelist
  • 7d869c0 Merge pull request #3631 from bdarnell/cve-links
  • 288241f docs: Use the correct link syntax
  • 8da981c docs: Add CVE links to 6.5.6 release notes
  • aba2569 Merge pull request #3626 from bdarnell/fixes-656
  • a24b260 httpclient_test: Accept an additional error message variant
  • a74240a Release notes and version bump for 6.5.6.
  • e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
  • Additional commits viewable in compare view

Updates langchain from 0.2.7 to 1.3.9

Release notes

Sourced from langchain's releases.

langchain==1.3.9

Changes since langchain==1.3.8

release(anthropic): 1.4.6 (#38105) release(langchain): 1.3.9 (#38104) fix(langchain,anthropic): confine file-search results and tighten anthropic allowed_prefixes (#38106)

langchain==1.3.8

Changes since langchain==1.3.7

release(langchain): 1.3.8 (#38096) style(core,langchain,langchain-classic,partners): replace double backticks in docstrings (#38095) release(core): 1.4.6 (#38061) chore(langchain): add overloads to create_agent (#34309) chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470) fix(langchain): support async middleware decorator typing (#34584) fix(langchain): tighten structured output model fallbacks (#38042) release(anthropic): 1.4.5 (#38036) hotfix(core): bump lockfile(s) (#38032) refactor(langchain): refactor test_create_agent_tool_validation (#34443)

langchain==1.3.7

Changes since langchain==1.3.6

release(langchain): 1.3.7 (#38024) style(langchain): add ruff rules ARG (#34435) feat(langchain): add ProviderToolSearchMiddleware (#37969) chore(langchain): activate mypy warn_return_any (#34249) test(langchain): mark legacy trigger view for 2.0 removal (#38002)

langchain==1.3.6

Changes since langchain==1.3.5

release(langchain): 1.3.6 (#38001) fix(langchain): preserve summarization trigger compatibility (#38000)

langchain==1.3.5

Changes since langchain==1.3.4

release(langchain): 1.3.5 (#37998) feat(langchain): port AND-capable trigger conditions to SummarizationMiddleware (#34576) hotfix(openai): min core dep (#37990) feat(openai): support apply_patch built-in tool (#37157) chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (#37930) chore: bump dependencies (#37892) chore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain_v1 (#37888)

langchain==1.3.4

Changes since langchain==1.3.3

... (truncated)

Commits
  • 3bfb6a3 release(langchain): 1.3.9 (#38104)
  • dcaf779 fix(langchain,anthropic): confine file-search results and tighten anthropic `...
  • 0392b6b fix(core): fix Pydantic v1 support in tools/runnable (#33698)
  • f6d63bc release(langchain): 1.3.8 (#38096)
  • 5d20596 style(core,langchain,langchain-classic,partners): replace double backticks in...
  • fb55c66 chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/huggingface (#38...
  • 51daae5 chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/chroma (#38092)
  • 70e9579 chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/fireworks (#38093)
  • 6c0e9af chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/xai (#38094)
  • 222dc84 ci(infra): clarify early PR auto-close guidance (#38090)
  • Additional commits viewable in compare view

Updates ujson from 5.11.0 to 5.12.1

Release notes

Sourced from ujson's releases.

5.12.1

Fixed

  • Fix encoding ref leak with non-English character (#714) @​nhancdt2602
  • Fix memory leak when ujson.dump() is unable to write to its file (0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853) @​bwoodsend

Note that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (#731).

5.12.0

Added

Changed

Fixed

Commits
  • 7d9036f Temporarily disable pre-built wheels for graalpy on macOS (#730)
  • 0bf630a Temporarily disable pre-built wheels for graalpy on macOS
  • 46f7596 Enable read access for CI/CD
  • 82af1d0 Fix failure cleanup paths in ujson.dump()
  • ceae6cd Gitignore .fuse_hidden and .DS_Store files
  • dd87ed3 Improve unit test coverage (#718)
  • ddbe2da Update release-drafter/release-drafter action to v7.2.1 (#717)
  • 3be5ae5 Update release-drafter/release-drafter action to v7.2.1
  • 9f90a8c Fix encoding ref leak with non-English character (#714)
  • f1574e5 Hash pin GitHub Actions (#715)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): Bump the uv group across 2 directories with 3 updates
10eba85 
Bumps the uv group with 1 update in the /libs/filonov directory: [tornado](https://github.com/tornadoweb/tornado).
Bumps the uv group with 2 updates in the /libs/media_similarity directory: [langchain](https://github.com/langchain-ai/langchain) and [ujson](https://github.com/ultrajson/ultrajson).


Updates `tornado` from 6.5.2 to 6.5.7
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.2...v6.5.7)

Updates `langchain` from 0.2.7 to 1.3.9
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain==0.2.7...langchain==1.3.9)

Updates `ujson` from 5.11.0 to 5.12.1
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.1)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.7
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langchain
  dependency-version: 1.3.9
  dependency-type: indirect
  dependency-group: uv
- dependency-name: ujson
  dependency-version: 5.12.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@dependabot dependabot Bot mentioned this pull request Jun 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants