Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 7 updates#123

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/nlp-service/minor-and-patch-23d5ef5bd3
Closed

chore(deps): bump the minor-and-patch group across 1 directory with 7 updates#123
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/nlp-service/minor-and-patch-23d5ef5bd3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 7 updates in the /nlp-service directory:

Package From To
fastapi 0.136.1 0.136.3
uvicorn 0.47.0 0.49.0
markitdown 0.1.5 0.1.6
google-genai 2.4.0 2.8.0
sentence-transformers 5.5.0 5.5.1
scikit-learn 1.8.0 1.9.0
chromadb 0.4.24 0.6.3

Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates uvicorn from 0.47.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates markitdown from 0.1.5 to 0.1.6

Release notes

Sourced from markitdown's releases.

Version 0.1.6

What's Changed

New Contributors

Full Changelog: microsoft/markitdown@v0.1.5...v0.1.6

Commits
  • e144e0a Bump version to 0.1.6 (#1914)
  • a01d74d feat: Add Azure Content Understanding converter (#1865)
  • a51f725 Clarify security posture in READMEs (#1807)
  • 604bba1 fix: handle deeply nested HTML that triggers RecursionError (#1644)
  • 63cbbd9 Updated warning about binding to non-local interfaces. (#1653)
  • a6c8ac4 Fix O(n) memory growth in PDF conversion by calling page.close() afte… (#1612)
  • c6308dc [MS] Add OCR layer service for embedded images and PDF scans (#1541)
  • See full diff in compare view

Updates google-genai from 2.4.0 to 2.8.0

Release notes

Sourced from google-genai's releases.

v2.8.0

2.8.0 (2026-06-03)

Features

  • Add Agent Platform MCP support to async generate_content (e3be9af)
  • Add transcription language code. (53ea3f6)
  • Add TranslationConfig for live translation. (4775314)
  • Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (e0854a6)

Bug Fixes

  • Include all fields of a single tool (7b1d498)

Documentation

  • A comment for field enable_widget in message GoogleMaps is changed (74d81dd)
  • A comment for field google_maps_widget_context_token in message GroundingMetadata is changed (74d81dd)
  • Remove codegen_instructions.md for simpler maintenance, Gemini API Skills should be the single source of truth (bfa2a49)
  • Update README.md for model/SDK Changes and direct to Gemini API Skills (47c1a13)
  • Update the docs for 2.7 (bbef98e)

v2.7.0

2.7.0 (2026-05-27)

Features

  • Additional computer_use field support for vertex. (b4828fa)
  • interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (543137b)
  • interaction-api: Enable BigQuery tool in Deep Research config. (5dc17e5)
  • Support Reinforcement Tuning in GenAI SDK (0ead888)

v2.6.0

2.6.0 (2026-05-21)

Features

  • Add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (b1f632d)
  • Add budget_exceeded status (15443c0)
  • Add gemini-3.5-flash (15443c0)
  • Add new fields (2910346)

Documentation

... (truncated)

Changelog

Sourced from google-genai's changelog.

2.8.0 (2026-06-03)

Features

  • Add Agent Platform MCP support to async generate_content (e3be9af)
  • Add transcription language code. (53ea3f6)
  • Add TranslationConfig for live translation. (4775314)
  • Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (e0854a6)

Bug Fixes

  • Include all fields of a single tool (7b1d498)

Documentation

  • A comment for field enable_widget in message GoogleMaps is changed (74d81dd)
  • A comment for field google_maps_widget_context_token in message GroundingMetadata is changed (74d81dd)
  • Remove codegen_instructions.md for simpler maintenance, Gemini API Skills should be the single source of truth (bfa2a49)
  • Update README.md for model/SDK Changes and direct to Gemini API Skills (47c1a13)
  • Update the docs for 2.7 (bbef98e)

2.7.0 (2026-05-27)

Features

  • Additional computer_use field support for vertex. (b4828fa)
  • interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (543137b)
  • interaction-api: Enable BigQuery tool in Deep Research config. (5dc17e5)
  • Support Reinforcement Tuning in GenAI SDK (0ead888)

2.6.0 (2026-05-21)

Features

  • Add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (b1f632d)
  • Add budget_exceeded status (15443c0)
  • Add gemini-3.5-flash (15443c0)
  • Add new fields (2910346)

Documentation

  • Replace vertexai with enterprise in Client instantiation (c1c6df7)

2.5.0 (2026-05-20)

... (truncated)

Commits
  • 76d8859 chore(main): release 2.8.0 (#2517)
  • e0854a6 feat: Support ReinforcementTuning in GenAI SDK including ValidateReward API m...
  • 53ea3f6 feat: Add transcription language code.
  • 74d81dd chore: deprecate Google Maps grounding widget API fields
  • 7bf0ba2 chore: fix docstring
  • 4775314 feat: Add TranslationConfig for live translation.
  • e3be9af feat: Add Agent Platform MCP support to async generate_content
  • bfa2a49 docs: Remove codegen_instructions.md for simpler maintenance, Gemini API Sk...
  • 47c1a13 docs: Update README.md for model/SDK Changes and direct to Gemini API Skills
  • ce29c7b chore: Internal cleanup
  • Additional commits viewable in compare view

Updates sentence-transformers from 5.5.0 to 5.5.1

Release notes

Sourced from sentence-transformers's releases.

v5.5.1 - Small Multimodal patch

This patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like model.encode({"image": ...}).

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.5.1
Inference only, use one of:
pip install sentence-transformers==5.5.1
pip install sentence-transformers[onnx-gpu]==5.5.1
pip install sentence-transformers[onnx]==5.5.1
pip install sentence-transformers[openvino]==5.5.1
Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.5.1
pip install sentence-transformers[audio]==5.5.1
pip install sentence-transformers[video]==5.5.1
Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.5.1

Bug fixed

Previously, inference like model.encode({"image": ...}) or model.encode([{"image": ...}, ...]) would be inferred as the ("image",) modality, which differed from the inferred modality of "image" for just model.encode(my_image) or model.encode([my_image, my_image_2, ...]).

This results in confusing errors if the model doesn't have a modality_config mapping for ("image",) in addition to "image", so now a single-key multimodal dict is collapsed to the bare modality (just "image" in this example).

This affected this code:

from sentence_transformers import SentenceTransformer
model = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)
embedding = model.encode({"image": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png"})
print(embedding.shape)

Which previously failed as the model only implements a path for "text", "image", and ("image", "text").

All Changes

Full Changelog: huggingface/sentence-transformers@v5.5.0...v5.5.1

Commits

Updates scikit-learn from 1.8.0 to 1.9.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.9.0

We're happy to announce the 1.9.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.9.html

This release adds narwhals as a new dependency that will help to improve dataframe interoperability across the project.

This version supports Python versions 3.11 to 3.14.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn
Commits
  • 77def0e trigger wheel builder [cd build]
  • ee7c0b0 generate changelog
  • 3d7fb04 bump version
  • 8954e7b DOC Release highlights for 1.9 (#34147)
  • 73a3eab Fix: Array-API - avoid failing for numpy fit + predict with sparse or array-l...
  • 8839aae DOC Thread-safety requirement for open_listener message consumer callback (#3...
  • 4d2476a DOC Refactor array API docs page (#34054)
  • f9f812f 🔒 🤖 CI Update lock files for scipy-dev CI build(s) 🔒 🤖 ...
  • d779dc3 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
  • 6a03cf0 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
  • Additional commits viewable in compare view

Updates chromadb from 0.4.24 to 0.6.3

Release notes

Sourced from chromadb's releases.

0.6.3

Version: 0.6.3 Git ref: refs/tags/0.6.3 Build Date: 2025-01-14T22:21 PIP Package: chroma-0.6.3.tar.gz Github Container Registry Image: ghcr.io/chroma-core/chroma:0.6.3 DockerHub Image: chromadb/chroma:0.6.3

What's Changed

New Contributors

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-and-patch group across 1 directory with 7…
2ea1911 
… updates

Bumps the minor-and-patch group with 7 updates in the /nlp-service directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.47.0` | `0.49.0` |
| [markitdown](https://github.com/microsoft/markitdown) | `0.1.5` | `0.1.6` |
| [google-genai](https://github.com/googleapis/python-genai) | `2.4.0` | `2.8.0` |
| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.5.0` | `5.5.1` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |
| [chromadb](https://github.com/chroma-core/chroma) | `0.4.24` | `0.6.3` |



Updates `fastapi` from 0.136.1 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `uvicorn` from 0.47.0 to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.47.0...0.49.0)

Updates `markitdown` from 0.1.5 to 0.1.6
- [Release notes](https://github.com/microsoft/markitdown/releases)
- [Commits](microsoft/markitdown@v0.1.5...v0.1.6)

Updates `google-genai` from 2.4.0 to 2.8.0
- [Release notes](https://github.com/googleapis/python-genai/releases)
- [Changelog](https://github.com/googleapis/python-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-genai@v2.4.0...v2.8.0)

Updates `sentence-transformers` from 5.5.0 to 5.5.1
- [Release notes](https://github.com/huggingface/sentence-transformers/releases)
- [Commits](huggingface/sentence-transformers@v5.5.0...v5.5.1)

Updates `scikit-learn` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.8.0...1.9.0)

Updates `chromadb` from 0.4.24 to 0.6.3
- [Release notes](https://github.com/chroma-core/chroma/releases)
- [Changelog](https://github.com/chroma-core/chroma/blob/main/RELEASE_PROCESS.md)
- [Commits](chroma-core/chroma@0.4.24...0.6.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: markitdown
  dependency-version: 0.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: google-genai
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: sentence-transformers
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: scikit-learn
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: chromadb
  dependency-version: 0.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 6, 2026
@dependabot dependabot Bot requested review from ahjinsolo and tuirk as code owners June 6, 2026 16:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 6, 2026
@tuirk

tuirk commented Jun 6, 2026

Copy link
Copy Markdown
Owner

Closing: bundles chromadb 0.4.24→0.6.3 with google-genai 2.4→2.8 — same blocker as closed #106. chromadb migration is intentional/deferred (numpy<2, vector_store API). Safe pins (fastapi, markitdown, etc.) can be bumped manually in a focused PR. Dependabot ignore for chromadb >=0.5.0 added in chore/dependabot-ignores.

@tuirk tuirk closed this Jun 6, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/pip/nlp-service/minor-and-patch-23d5ef5bd3 branch June 6, 2026 16:54
@tuirk tuirk mentioned this pull request Jun 6, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tuirk tuirk Awaiting requested review from tuirk tuirk is a code owner

@ahjinsolo ahjinsolo Awaiting requested review from ahjinsolo ahjinsolo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tuirk