Skip to content

Bump the minor-patch group across 1 directory with 9 updates#92

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/minor-patch-5220fa2f4a
Open

Bump the minor-patch group across 1 directory with 9 updates#92
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/minor-patch-5220fa2f4a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the minor-patch group with 9 updates in the / directory:

Package From To
beautifulsoup4 4.14.3 4.15.0
lxml 6.0.4 6.1.1
pytz 2026.1.post1 2026.2
requests 2.33.1 2.34.2
selenium 4.43.0 4.45.0
pydantic 2.13.0 2.13.4
pydantic-settings 2.13.1 2.14.2
ruff 0.15.10 0.15.18
pre-commit 4.5.1 4.6.0

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates lxml from 6.0.4 to 6.1.1

Changelog

Sourced from lxml's changelog.

6.1.1 (2026-05-18)

Bugs fixed

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

  • GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

  • The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

  • LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.
Commits
  • b4a4c59 Build: Fix build in Py3.8.
  • a116dcb Fix typo: type annotions -> type annotations in PEP 560 comments (GH-504)
  • 7287a75 Prepare release of 6.1.1.
  • 5927a6d Add missing "xlink:href" to the known HTML link attributes.
  • 23efeb4 Build: Fix build in Py3.8.
  • 2c0563b Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...
  • 8a35fcc Fix doctest in PyPy3.9.
  • 43722f4 Update changelog.
  • 8747040 Name version of option change in docstring.
  • 6c36e6c Fix pypistats URL in download statistics script.
  • Additional commits viewable in compare view

Updates pytz from 2026.1.post1 to 2026.2

Commits

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates selenium from 4.43.0 to 4.45.0

Release notes

Sourced from selenium's releases.

Selenium 4.45.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits
  • cd6a3cd [build] Prepare for release of selenium-4.45.0 (#17680)
  • 15fad06 [build] Automated Browser Version Update (#17679)
  • cb9b6fd [grid] Add support Redis-backed for SessionQueue (#17678)
  • 18bb1d9 [py] terminate driver service process when start() fails to connect (#17651)
  • b3164ef [grid] add HtmlUnit browser logo to Grid UI (#17656)
  • bb741bd [build] Automated Browser Version Update (#17658)
  • 887237c [py] translate continue_request/continue_response kwargs to BiDi wire format ...
  • f53de51 [rb] run minimize test on linux now that #17644 fixed fluxbox startup
  • 3f37cce [rb] set window state before each window test instead of resetting driver
  • 2bfb990 [rb] skip Safari double_click action tests
  • Additional commits viewable in compare view

Updates pydantic from 2.13.0 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.13.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • d703bd7 Prepare release 2.14.2 (#890)
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 8, 2026
@dependabot dependabot Bot requested review from Olshansk and oborchers as code owners June 8, 2026 17:36
@dependabot dependabot Bot force-pushed the dependabot/uv/minor-patch-5220fa2f4a branch from 66228ac to b9d8d44 Compare June 15, 2026 17:38
@dependabot
Bump the minor-patch group across 1 directory with 9 updates
cb712af 
Bumps the minor-patch group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |
| [lxml](https://github.com/lxml/lxml) | `6.0.4` | `6.1.1` |
| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [selenium](https://github.com/SeleniumHQ/Selenium) | `4.43.0` | `4.45.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.13.0` | `2.13.4` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.2` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.18` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |



Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `lxml` from 6.0.4 to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.0.4...lxml-6.1.1)

Updates `pytz` from 2026.1.post1 to 2026.2
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](stub42/pytz@release_2026.1.post1...release_2026.2)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `selenium` from 4.43.0 to 4.45.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.43.0...selenium-4.45.0)

Updates `pydantic` from 2.13.0 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.0...v2.13.4)

Updates `pydantic-settings` from 2.13.1 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.2)

Updates `ruff` from 0.15.10 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.10...0.15.18)

Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

---
updated-dependencies:
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: pydantic-settings
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: pytz
  dependency-version: '2026.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: selenium
  dependency-version: 4.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/minor-patch-5220fa2f4a branch from b9d8d44 to cb712af Compare June 22, 2026 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Olshansk Olshansk Awaiting requested review from Olshansk Olshansk is a code owner
@oborchers oborchers Awaiting requested review from oborchers oborchers is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants