Skip to content

chore(deps): bump the uv group across 2 directories with 2 updates#2619

Merged
mrveiss merged 1 commit intoDev_new_guifrom
dependabot/uv/requirements-ci/uv-dfa1404a3e
Mar 28, 2026
Merged

chore(deps): bump the uv group across 2 directories with 2 updates#2619
mrveiss merged 1 commit intoDev_new_guifrom
dependabot/uv/requirements-ci/uv-dfa1404a3e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026

Bumps the uv group with 2 updates in the /requirements-ci directory: cryptography and langchain-core.
Bumps the uv group with 1 update in the /autobot-infrastructure/shared/mcp/tools/knowledge-base-mcp directory: cryptography.

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

Updates langchain-core from 1.2.18 to 1.2.22

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.22

Changes since langchain-core==1.2.21

release(core): 1.2.22 (#36201) fix(core): validate paths in prompt.save and load_prompt, deprecate methods (#36200)

langchain-core==1.2.21

Changes since langchain-core==1.2.20

release(core): 1.2.21 (#36179) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) chore(core): remove stale blockbuster allowlist for deleted context module (#36168) ci: suppress pytest streaming output in CI (#36092)

langchain-core==1.2.20

Changes since langchain-core==1.2.19

release(core): 1.2.20 (#36085) fix(core): trace invocation params in metadata (#36080) feat: Add LangSmith integration metadata to create_agent and init_chat_model (#35810) feat(core): harden anti-ssrf (#35960) ci: avoid unnecessary dep installs in lint targets (#36046) docs(core): document base_url in mermaid api (#35961) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (#35805) chore: housekeeping (#35850)

langchain-core==1.2.19

Changes since langchain-core==1.2.18

release(core): 1.2.19 (#35832) chore(core): move BaseCrossEncoder to langchain-core (#35809) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (#35775)

Commits
  • d22df94 release(core): 1.2.22 (#36201)
  • 27add91 fix(core): validate paths in prompt.save and load_prompt, deprecate metho...
  • 7563fce chore(model-profiles): refresh model profile data (#36195)
  • 3e64c25 chore: use repo permissions instead of org membership for maintainer override...
  • 1778b08 chore(partners): bump langchain-core min to 1.2.21 (#36183)
  • ad574fc fix(openai): bump min core version (#36180)
  • 19f81cf release(core): 1.2.21 (#36179)
  • 6d07ef2 release(openai): 1.1.12 (#36178)
  • 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
  • 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
  • Additional commits viewable in compare view

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the uv group across 2 directories with 2 updates
4d6036c 
Bumps the uv group with 2 updates in the /requirements-ci directory: [cryptography](https://github.com/pyca/cryptography) and [langchain-core](https://github.com/langchain-ai/langchain).
Bumps the uv group with 1 update in the /autobot-infrastructure/shared/mcp/tools/knowledge-base-mcp directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.5 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.6)

Updates `langchain-core` from 1.2.18 to 1.2.22
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.18...langchain-core==1.2.22)

Updates `cryptography` from 46.0.5 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.22
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 27, 2026
@dependabot dependabot bot requested a review from mrveiss as a code owner March 27, 2026 20:09
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

🤖 AutoBot Phase Validation Results

System Maturity: 0.0%

Phase Status:

Recommendations:

@mrveiss mrveiss changed the base branch from main to Dev_new_gui March 27, 2026 20:25
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

✅ SSOT Configuration Compliance: Passing

🎉 No hardcoded values detected that have SSOT config equivalents!

@mrveiss mrveiss merged commit fc4e6bc into Dev_new_gui Mar 28, 2026
11 of 15 checks passed
@dependabot dependabot bot deleted the dependabot/uv/requirements-ci/uv-dfa1404a3e branch March 28, 2026 19:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrveiss mrveiss Awaiting requested review from mrveiss mrveiss is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrveiss