Skip to content

deps(python)(deps): bump the python-minor-patch group across 1 directory with 6 updates#142

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-9ffde63193
Open

deps(python)(deps): bump the python-minor-patch group across 1 directory with 6 updates#142
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-9ffde63193

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps the python-minor-patch group with 6 updates in the / directory:

Package From To
torch 2.2.2 2.12.0
fastapi 0.135.1 0.136.3
uvicorn 0.42.0 0.48.0
pydantic 2.12.5 2.13.4
textblob 0.19.0 0.20.0
sentencepiece 0.2.0 0.2.1

Updates torch from 2.2.2 to 2.12.0

Release notes

Sourced from torch's releases.

PyTorch 2.12.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Backwards Incompatible Changes

Build Frontend

  • Strengthened SVE compile checks in FindARM.cmake, which may reject previously accepted but incorrect SVE configurations (#176646)

    Source builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.

  • Updated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (#178925)

    Building PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure CUDA_HOME points to that installation.

    Version 2.11:

    CUDA_HOME=/usr/local/cuda-12.4 python setup.py develop

    Version 2.12:

    CUDA_HOME=/usr/local/cuda-12.6 python setup.py develop

  • Enforced a C++20 minimum in CMake build files (#178662)

... (truncated)

Commits
  • 0d62256 [release] Dockerfile: skip torchaudio install when CUDA_PATH=cu132 (#183346)
  • 7661cd9 [MPS] Fix SDPA wrong output for permuted q/k/v with B > 1 (#181886)
  • 9da6087 Fix stale PYTORCH_RELEASES_CODE_CC dict (fixes #182250) (#182369)
  • e4c37cc Avoid raw stream name collisions in Inductor (#182178)
  • 822d047 [MPS] Fix bool mask handling in 1-pass SDPA decode kernel (#182285) (#182311)
  • 5c5e523 Add enable_gqa parameter to SDPA MPS meta registration (#181550)
  • eece52e [AOTI] Add BC-safe c_shim v2 for _scaled_dot_product_attention_math_for_mps e...
  • b39330b [Inductor] Call latest c_shim version for versioned fallback ops (#181548)
  • 06f10d0 Revert "[FSDP2] add fqn to communication ops" (#182100) (#182157)
  • 449e339 Revert "[Inductor] Improve materialization heuristic for a chain of computaio...
  • Additional commits viewable in compare view

Updates fastapi from 0.135.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates uvicorn from 0.42.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits
  • 73e84e5 Version 0.48.0 (#2951)
  • 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
  • dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
  • abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • Additional commits viewable in compare view

Updates textblob from 0.19.0 to 0.20.0

Changelog

Sourced from textblob's changelog.

0.20.0 (2026-04-01)

Features:

  • Allow custom tokenizer to be used for tokenizing words with .words (:pr:555). Thanks :user:ReinerBRO for the PR.

Support:

  • Support Python 3.10-3.14.
Commits
  • 0e1a37f Bump version and update changelog
  • 774c1c3 Migrate to uv and update python version support (#558)
  • cd7ad3e Use custom tokenizer for words property (#555)
  • f2b1101 [pre-commit.ci] pre-commit autoupdate (#557)
  • 82d07f6 [pre-commit.ci] pre-commit autoupdate (#556)
  • a1c8944 [pre-commit.ci] pre-commit autoupdate (#554)
  • e7e5de0 [pre-commit.ci] pre-commit autoupdate (#553)
  • 1e7e6bf build(deps): bump actions/upload-artifact from 6 to 7 (#550)
  • 61dc311 build(deps): bump actions/download-artifact from 7 to 8 (#551)
  • 990c8e2 [pre-commit.ci] pre-commit autoupdate (#552)
  • Additional commits viewable in compare view

Updates sentencepiece from 0.2.0 to 0.2.1

Release notes

Sourced from sentencepiece's releases.

v0.2.1

Major changes

New features

  • [ALL]: Added new build mode to prevent the precompiled normalization rules being embedded in *.so and *.a. (-DSPM_DISABLE_EMBEDDED_DATA=ON). This reduces the runtime size by approximately 1-2 MB. This mode is enabled to build python wheels. The rules are loaded as the data package.

Bug fixes & minor changes

  • [ALL]: Security fix to address a heap overflow issue that could occur when using a model containing an invalid precompiled normalization model.
  • [Python]: Deprecates the wheel package for Linux i686.
  • [Python]: Supported wheel for Windows Arm64. #1114
  • [Python]: Fixed the crash issue on batch decoding #1051
  • [ALL]: Updated the Unicode normalization rule with the latest ICU/Unicode rules.
  • [ALL]: Unused code and build mode cleanup.

v0.2.1pre2

Major changes

New features

  • [ALL]: Added new build mode to prevent the precompiled normalization rules being embedded in *.so and *.a. (-DSPM_DISABLE_EMBEDDED_DATA=ON). This reduces the runtime size by approximately 1-2 MB. This mode is enabled to build python wheels. The rules are loaded as the data package.

Bug fixes & minor changes

  • [ALL]: Security fix to address a heap overflow issue that could occur when using a model containing an invalid precompiled normalization model.
  • [Python]: Deprecates the wheel package for Linux i686.
  • [Python]: Supported wheel for Windows Arm64.
  • [Python]: Fixed the crash issue on batch decoding #1051
  • [ALL]: Updated the Unicode normalization rule with the latest ICU/Unicode rules.
  • [ALL]: Unused code and build mode cleanup.
Commits
  • 31646a4 Merge pull request #1136 from crusaderky/pytest-run-parallel
  • bcd44b9 free-threading tests
  • 135747f install twine before checking wheel
  • 69fe0b2 install setuptools before making sdist
  • ee1422b install setuptools before making sdist
  • 5ac2fd2 use windows-11-arm runner to test ARM64 wheel on native env.
  • 36b9745 use windows-11-arm runner to test ARM64 wheel on native env.
  • 4f043ae use auto-mode to make wheel with the native binary.
  • 623196e uses arm docker image to build and test wheel
  • 559fd65 re-enable QEMU to enable arm execution
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 19, 2026

Assignees

The following users could not be added as assignees: POWDER-RANGER/civwatch-maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 19, 2026
@dependabot dependabot Bot requested a review from POWDER-RANGER as a code owner May 19, 2026 02:09
@dependabot
deps(python)(deps): bump the python-minor-patch group across 1 direct…
7f90d6e 
…ory with 6 updates

Bumps the python-minor-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [torch](https://github.com/pytorch/pytorch) | `2.2.2` | `2.12.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.136.3` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.48.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |
| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |
| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |



Updates `torch` from 2.2.2 to 2.12.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.2.2...v2.12.0)

Updates `fastapi` from 0.135.1 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.1...0.136.3)

Updates `uvicorn` from 0.42.0 to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.42.0...0.48.0)

Updates `pydantic` from 2.12.5 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.4)

Updates `textblob` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/sloria/TextBlob/releases)
- [Changelog](https://github.com/sloria/TextBlob/blob/dev/CHANGELOG.rst)
- [Commits](sloria/TextBlob@0.19.0...0.20.0)

Updates `sentencepiece` from 0.2.0 to 0.2.1
- [Release notes](https://github.com/google/sentencepiece/releases)
- [Commits](google/sentencepiece@v0.2.0...v0.2.1)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: sentencepiece
  dependency-version: 0.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: textblob
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: torch
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: uvicorn
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-minor-patch-9ffde63193 branch from 6be8ebf to 7f90d6e Compare May 25, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@POWDER-RANGER POWDER-RANGER Awaiting requested review from POWDER-RANGER POWDER-RANGER is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants