Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#180

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/minor-and-patch-1fbfd61272
Closed

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#180
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/minor-and-patch-1fbfd61272

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 10 updates in the / directory:

Package From To
cpg-utils 5.6.0 5.6.1
grpcio 1.78.0 1.80.0
grpcio-status 1.78.0 1.80.0
tornado 6.5.5 6.5.6
black 26.3.1 26.5.1
build 1.4.2 1.5.0
coverage 7.13.5 7.14.1
ruff 0.15.7 0.15.14
mike 2.1.4 2.2.0
pyright 1.1.408 1.1.409

Updates cpg-utils from 5.6.0 to 5.6.1

Commits

Updates grpcio from 1.78.0 to 1.80.0

Release notes

Sourced from grpcio's releases.

Release v1.80.0

This is release 1.80.0 (glimmering) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [ssl] Implement TLS private key signer in Python. (#41701)
  • [TLS Credentials]: Private Key Offload Implementation. (#41606)
  • Fix max sockaddr struct size on OpenBSD. (#40454)
  • [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)
  • [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)
  • [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)
  • [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)
  • [RR and WRR] enable change to connect from a random index. (#41472)
  • [xds] Implement gRFC A101. (#41051)

C++

  • [C++] Add SNI override option to C++ channel credentials options API. (#41460)

C#

  • [C# tools] Option to append Async to server side method names #39010. (#39797)

Objective-C

  • [Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41357)

PHP

  • [PHP] Disable php infinite recursion check for callback from Core to PHP. (#41835)
  • [PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (#40337)

Python

  • [Python] Fix GRPC_TRACE not working when absl log initialized in cython. (#41814)
  • Revert "[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (#41455)". (#41769)
  • [Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (#41532)
  • [Python] Docs: correct grpc.Compression references. (#41705)
  • [Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (#40226)

... (truncated)

Commits
  • f5e2d6e [Release] Bump version to 1.80.0 (on v1.80.x branch) (#41857)
  • 938cfec [subchannel connection scaling] fix when we reset backoff (#41935)
  • 91778be [Backport][v1.80.x][Python] New _create method for aio.Metadata (#41888)
  • f10b9f2 [bzlmod] upgrade rules_swift to avoid BCR CI breakage on Windows with bazel 7...
  • be4c1c5 [subchannel] fix crash in connection scaling code (#41853)
  • a71df73 [Release] Bump version to 1.80.0-pre1 (on v1.80.x branch) (#41844)
  • 3ca09e4 [Python] Fix GRPC_TRACE and add test to check the GRPC_TRACE logs print (#41814)
  • 260c6fd [PHP] Disable php infinite recursion check for callback from Core to PHP (#41...
  • 50957c5 [Flakiness] Delete flaky iomgr fd_conservation_posix_test and create an Event...
  • e1e1d0a [Bzlmod] Turn off bzlmod for PSM python tests. (#41810)
  • Additional commits viewable in compare view

Updates grpcio-status from 1.78.0 to 1.80.0

Updates tornado from 6.5.5 to 6.5.6

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0

... (truncated)

Commits
  • aba2569 Merge pull request #3626 from bdarnell/fixes-656
  • a24b260 httpclient_test: Accept an additional error message variant
  • a74240a Release notes and version bump for 6.5.6.
  • e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
  • 96dc88c speedups: validate mask length
  • ff808b3 http1connection: Enforce max_body_size in _GzipMessageDelegate
  • ede4e37 auth: Correctly parse check_authentication response
  • 1c178be Remove obsolete curl force_timeout workaround
  • c99d55b Replace deprecated pycurl IOCTLFUNCTION callback with SEEKFUNCTION
  • 2761431 Merge pull request #3587 from bdarnell/fix-link
  • Additional commits viewable in compare view

Updates black from 26.3.1 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

... (truncated)

Commits

Updates build from 1.4.2 to 1.5.0

Release notes

Sourced from build's releases.

1.5.0

What's Changed

Full Changelog: pypa/build@1.4.4...1.5.0

1.4.4

What's Changed

Full Changelog: pypa/build@1.4.3...1.4.4

1.4.3

What's Changed

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

Features

  • Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes

  • Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous

  • :issue:1033

#################### 1.4.4 (2026-04-22) ####################

Bugfixes

  • Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
  • Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
  • Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
  • Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous

  • :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

Features

... (truncated)

Commits

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

  • Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

  • Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

  • Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

  • Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

  • Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

  • Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

  • Fix: the soft keyword lazy is now bolded in HTML reports.

  • We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162

... (truncated)

Commits
  • 64d9b66 docs: correct the date for 7.14.1
  • 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
  • 078afae docs: sample HTML for 7.14.1
  • cb4f028 docs: prep for 7.14.1
  • ae2d09f Merge branch 'nedbat/classifire-316-kits'
  • 2c3568b build: declare 3.16 compatibility
  • faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
  • eb55fee test: we don't need PyPy < 7.3.22 anymore
  • ac168fe test: the text summary should show missing
  • fed4bd2 chore: upgrade virtualenv
  • Additional commits viewable in compare view

Updates ruff from 0.15.7 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Commits
  • 9ad2da3 Bump 0.15.14 (#25295)
  • c714e84 [ty] Modernize setup of union types in mdtests (#25291)
  • 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
  • aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
  • e9d72bb [ty] Allow enum member accesses on self (#25077)
  • 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
  • 9999a39 Update code example on how to update Neovim LSP log level (#25284)
  • 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
  • 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
  • c423054 Add a recursion limit to the parser (#24810)
  • Additional commits viewable in compare view

Updates mike from 2.1.4 to 2.2.0

Release notes

Sourced from mike's releases.

v2.2.0

New features

Bug fixes

  • Use DST timestamps for new commits when DST is in effect
  • Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE
Changelog

Sourced from mike's changelog.

v2.2.0 (2026-04-13)

New features

Bug fixes

  • Use DST timestamps for new commits when DST is in effect
  • Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE
Commits

Updates pyright from 1.1.408 to 1.1.409

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-and-patch group across 1 directory with 1…
e7fa03d 
…0 updates

Bumps the minor-and-patch group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cpg-utils](https://github.com/populationgenomics/cpg-utils) | `5.6.0` | `5.6.1` |
| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.80.0` |
| [grpcio-status](https://grpc.io) | `1.78.0` | `1.80.0` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.6` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |
| [build](https://github.com/pypa/build) | `1.4.2` | `1.5.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.7` | `0.15.14` |
| [mike](https://github.com/jimporter/mike) | `2.1.4` | `2.2.0` |
| [pyright](https://github.com/RobertCraigie/pyright-python) | `1.1.408` | `1.1.409` |



Updates `cpg-utils` from 5.6.0 to 5.6.1
- [Commits](https://github.com/populationgenomics/cpg-utils/commits)

Updates `grpcio` from 1.78.0 to 1.80.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Commits](grpc/grpc@v1.78.0...v1.80.0)

Updates `grpcio-status` from 1.78.0 to 1.80.0

Updates `tornado` from 6.5.5 to 6.5.6
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.5...v6.5.6)

Updates `black` from 26.3.1 to 26.5.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.1)

Updates `build` from 1.4.2 to 1.5.0
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.2...1.5.0)

Updates `coverage` from 7.13.5 to 7.14.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.5...7.14.1)

Updates `ruff` from 0.15.7 to 0.15.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.7...0.15.14)

Updates `mike` from 2.1.4 to 2.2.0
- [Release notes](https://github.com/jimporter/mike/releases)
- [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md)
- [Commits](jimporter/mike@v2.1.4...v2.2.0)

Updates `pyright` from 1.1.408 to 1.1.409
- [Release notes](https://github.com/RobertCraigie/pyright-python/releases)
- [Commits](RobertCraigie/pyright-python@v1.1.408...v1.1.409)

---
updated-dependencies:
- dependency-name: cpg-utils
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: grpcio
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: grpcio-status
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tornado
  dependency-version: 6.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: black
  dependency-version: 26.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: build
  dependency-version: 1.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ruff
  dependency-version: 0.15.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: mike
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pyright
  dependency-version: 1.1.409
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner May 27, 2026 22:55
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 27, 2026
@github-actions

github-actions Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

Vulnerability Audit

Found 7 vulnerabilities across 4 packages.
5 actionable now, 1 blocked, 1 in dev-only paths.

Actionable now — bump via uv.lock

Package Current → Fix CVEs Path
idna 3.11 → 3.15 CVE-2026-45409 cpg-utils → requests → idna
urllib3 2.6.3 → 2.7.0 CVE-2026-44432, CVE-2026-44431 metamist → urllib3
One-shot fix command 
uv lock \
  --upgrade-package idna \
  --upgrade-package urllib3

Blocked upstream — needs a fix in a parent package

Package Current → Fix CVEs Blocked by
bokeh 3.4.3 → 3.8.2 CVE-2026-21883 hail==0.2.137 pins <3.5,>=3

Dev-only — not in production image

Package Current → Fix CVEs Path
pymdown-extensions 10.20 → 10.21.3 CVE-2026-46338 mkdocs-material → pymdown-extensions

@github-actions

github-actions Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

🐳 Docker Image Built

A new Docker image has been built for this PR:

Image: australia-southeast1-docker.pkg.dev/cpg-common/images-dev/cpg_flow:e7fa03dafce1427ddfb96d282a9fecea1d125ed1

Pull command:

docker pull australia-southeast1-docker.pkg.dev/cpg-common/images-dev/cpg_flow:e7fa03dafce1427ddfb96d282a9fecea1d125ed1

🔗 View in Google Cloud Console

This comment was automatically generated by the Docker workflow.

@dependabot @github

dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 10, 2026
@dependabot dependabot Bot deleted the dependabot/uv/minor-and-patch-1fbfd61272 branch June 10, 2026 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants