Skip to content

Comments

chore(deps): bump the uv group across 1 directory with 11 updates#150

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-ea2251d267
Open

chore(deps): bump the uv group across 1 directory with 11 updates#150
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-ea2251d267

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 21, 2026

Bumps the uv group with 10 updates in the / directory:

Package From To
copier 9.6.0 9.11.2
deepdiff 7.0.1 8.6.1
filelock 3.18.0 3.20.3
h11 0.14.0 0.16.0
marshmallow 3.26.1 3.26.2
mcp 1.6.0 1.23.0
pyasn1 0.6.1 0.6.2
requests 2.32.3 2.32.4
urllib3 2.3.0 2.6.3
virtualenv 20.29.3 20.36.1

Updates copier from 9.6.0 to 9.11.2

Release notes

Sourced from copier's releases.

v9.11.2 (2026-01-20)

Fix

  • updating: restore support for preserved symlinks pointing outside subproject (#2427)

Security

  • disallow symlink-based includes outside template root
  • disallow symlink-following write operations outside destination directory (#2427)

v9.11.1 (2026-01-10)

Fix

  • updating: avoid circular reference when rendering JSON-serialized _copier_conf variable

v9.11.0 (2025-11-20)

Feat

  • updating: allow updating a dirty Git repository when the subproject directory is clean (#2369)
  • add support for custom question icons (#2381)
  • add support for conditionally unsetting a question's default value

Fix

  • raise warning instead of error when chmod is not allowed
  • fix using default answers from settings for required questions (#2374)

Refactor

  • drop support for Python 3.9

v9.10.3 (2025-10-17)

Fix

  • updating: render templated skip-if-exists patterns before applying patch with excluded paths
  • updating: exclude only Git-ignored files when applying patch
  • updating: ignore paths added to the _exclude list in new template version when updating

v9.10.2 (2025-09-09)

Fix

  • deps: remove prompt-toolkit version cap

v9.10.1 (2025-08-28)

Fix

... (truncated)

Changelog

Sourced from copier's changelog.

v9.11.2 (2026-01-20)

Fix

  • updating: restore support for preserved symlinks pointing outside subproject (#2427)

Security

  • disallow symlink-based includes outside template root
  • disallow symlink-following write operations outside destination directory (#2427)

v9.11.1 (2026-01-10)

Fix

  • updating: avoid circular reference when rendering JSON-serialized _copier_conf variable

v9.11.0 (2025-11-20)

Feat

  • updating: allow updating a dirty Git repository when the subproject directory is clean (#2369)
  • add support for custom question icons (#2381)
  • add support for conditionally unsetting a question's default value

Fix

  • raise warning instead of error when chmod is not allowed
  • fix using default answers from settings for required questions (#2374)

Refactor

  • drop support for Python 3.9

v9.10.3 (2025-10-17)

Fix

  • updating: render templated skip-if-exists patterns before applying patch with excluded paths
  • updating: exclude only Git-ignored files when applying patch
  • updating: ignore paths added to the _exclude list in new template version when updating

v9.10.2 (2025-09-09)

Fix

... (truncated)

Commits
  • b9ee296 bump: version 9.11.1 → 9.11.2
  • b3a7b37 fix: disallow symlink-based includes outside template root
  • 66271ab build(deps): update dependency mkdocstrings to v1.0.1
  • 9b7fd37 build(deps): update dependency ruff to v0.14.13
  • 40aa86f build(deps): update dependency uv to v0.9.24
  • 84f3b80 build(deps): update dependency commitizen to v4.12.0
  • f307b38 docs: mention filenames before code blocks in quickstart section (#2458)
  • 41cb45c fix(updating): restore support for preserved symlinks pointing outside subpro...
  • 10cebae build(deps): update dependency commitizen to v4.11.2
  • 639a5d1 build(deps): update dependency ruff to v0.14.11
  • Additional commits viewable in compare view

Updates deepdiff from 7.0.1 to 8.6.1

Release notes

Sourced from deepdiff's releases.

8.6.1

DeepDiff 8-6-1

  • Patched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).

8.5.0

  • Updating deprecated pydantic calls
  • Switching to pyproject.toml
  • Fix for moving nested tables when using iterable_compare_func. by
  • Fix recursion depth limit when hashing numpy.datetime64
  • Moving from legacy setuptools use to pyproject.toml

8.4.1

  • pytz is not required.

8.4.0

  • Adding BaseOperatorPlus base class for custom operators
  • default_timezone can be passed now to set your default timezone to something other than UTC.
  • New summarization algorithm that produces valid json
  • Better type hint support

8.1.1

Adding Python 3.13 to setup.py

8.1.0

  • Removing deprecated lines from setup.py
  • Added prefix option to pretty()
  • Fixes hashing of numpy boolean values.
  • Fixes slots comparison when the attribute doesn't exist.
  • Relaxing orderly-set reqs
  • Added Python 3.13 support
  • Only lower if clean_key is instance of str #504
  • Fixes issue where the key deep_distance is not returned when both compared items are equal #510
  • Fixes exclude_paths fails to work in certain cases
  • exclude_paths fails to work #509
  • Fixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys
  • to_dict() method chokes on standard json.dumps() kwargs #490
  • Fixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty
  • Fixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty #508

8.0.1 - extra import of numpy is removed

8.0.0

With the introduction of threshold_to_diff_deeper, the values returned are different than in previous versions of DeepDiff. You can still get the older values by setting threshold_to_diff_deeper=0. However to signify that enough has changed in this release that the users need to update the parameters passed to DeepDiff, we will be doing a major version update.

  • use_enum_value=True makes it so when diffing enum, we use the enum's value. It makes it so comparing an enum to a string or any other value is not reported as a type change.
  • threshold_to_diff_deeper=float is a number between 0 and 1. When comparing dictionaries that have a small intersection of keys, we will report the dictionary as a new_value instead of reporting individual keys changed. If you set it to zero, you get the same results as DeepDiff 7.0.1 and earlier, which means this feature is disabled. The new default is 0.33 which means if less that one third of keys between dictionaries intersect, report it as a new object.
  • Deprecated ordered-set and switched to orderly-set. The ordered-set package was not being maintained anymore and starting Python 3.6, there were better options for sets that ordered. I forked one of the new implementations, modified it, and published it as orderly-set.
  • Added use_log_scale:bool and log_scale_similarity_threshold:float. They can be used to ignore small changes in numbers by comparing their differences in logarithmic space. This is different than ignoring the difference based on significant digits.
  • json serialization of reversed lists.
  • Fix for iterable moved items when iterable_compare_func is used.

... (truncated)

Commits
  • 60ac5b9 Merge commit from fork
  • 683756e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes
  • c69c06c Security fix: Prevent class pollution and remote code execution in Delta
  • b639fec updating the docs
  • 6f3d5ee Bump version: 8.5.0 → 8.6.0
  • 388a60e Merge pull request #557 from seperman/dev
  • 0978fb8 adding docs for 8.6.0
  • d469a4c making type hints compatible with old python
  • e16507c fixing type hints
  • 33de087 adding type hints to search
  • Additional commits viewable in compare view

Updates filelock from 3.18.0 to 3.20.3

Release notes

Sourced from filelock's releases.

3.20.3

What's Changed

Full Changelog: tox-dev/filelock@3.20.2...3.20.3

3.20.2

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

3.20.1

What's Changed

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

3.20.0

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.19.1...3.20.0

3.19.1

What's Changed

... (truncated)

Commits

Updates h11 from 0.14.0 to 0.16.0

Commits

Updates marshmallow from 3.26.1 to 3.26.2

Changelog

Sourced from marshmallow's changelog.

3.26.2 (2025-12-19)

Bug fixes:

  • :cve:2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.
Commits
  • 1407d51 Merge pull request #2878 from marshmallow-code/3.x-mypy-unreachable
  • b2292f5 Fix mypy errors
  • 8acd211 Merge pull request #2877 from marshmallow-code/3.x-delint
  • b4bcb4a [pre-commit.ci] auto fixes from pre-commit.com hooks
  • b78af7a Delint
  • 2c4451e Merge commit from fork
  • 86d101a Bump version and update changelog
  • 489a8d4 Only deep copy error message collections
  • 6d4a17d Add test coverage for error message modification
  • 0356a3f Merge error store messages without rebuilding collections
  • Additional commits viewable in compare view

Updates mcp from 1.6.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates protobuf from 5.29.4 to 6.33.4

Commits

Updates pyasn1 from 0.6.1 to 0.6.2

Release notes

Sourced from pyasn1's releases.

Release 0.6.2

It's a minor release.

  • Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
  • Added support for Python 3.14.
  • Added SECURITY.md policy.
  • Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.2, released 16-01-2026

Commits

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)
Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.
Commits
  • 021dc72 Polish up release tooling for last manual release
  • 821770e Bump version and add release notes for v2.32.4
  • 59f8aa2 Add netrc file search information to authentication documentation (#6876)
  • 5b4b64c Add more tests to prevent regression of CVE 2024 47081
  • 7bc4587 Add new test to check netrc auth leak (#6962)
  • 96ba401 Only use hostname to do netrc lookup instead of netloc
  • 7341690 Merge pull request #6951 from tswast/patch-1
  • 6716d7c remove links
  • a7e1c74 Update docs/conf.py
  • c799b81 docs: fix dead links to kenreitz.org
  • Additional commits viewable in compare view

Updates urllib3 from 2.3.0 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)

2.6.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)

[!IMPORTANT]

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

  • Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

2.6.2 (2025-12-11)

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

2.6.0 (2025-12-05)

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using

... (truncated)

Commits
  • 0248277 Release 2.6.3
  • 8864ac4 Merge commit from fork
  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
  • 34284cb Mention experimental features in the security policy (#3746)
  • Additional commits viewable in compare view

Updates virtualenv from 20.29.3 to 20.36.1

Release notes

Sourced from virtualenv's releases.

20.36.1

What's Changed

Full Changelog: pypa/virtualenv@20.36.0...20.36.1

20.36.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

20.35.3

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)

v20.36.0 (2026-01-07)


Features - 20.36.0

  • Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

- Fix race condition in ``_virtualenv.py`` when file is overwritten during import, preventing ``NameError`` when ``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:

    

  • pip to 25.3 from 25.2 (:issue:2989)
    • 



v20.35.3 (2025-10-10)


Bugfixes - 20.35.3

  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)

v20.35.2 (2025-10-10)

Bugfixes - 20.35.2

- Revert out changes related to the extraction of the discovery module - by :user:`gaborbernat`. (:issue:`2978`)

v20.35.1 (2025-10-09)


Bugfixes - 20.35.1

  • Patch get_interpreter to handle missing cache and app_data - by :user:esafak (:issue:2972)
  • Fix backwards incompatible changes to PythonInfo - by :user:gaborbernat. (:issue:2975)

v20.35.0 (2025-10-08)

Features - 20.35.0

... (truncated)

Commits
  • d0ad11d release 20.36.1
  • dec4cec Merge pull request #3013 from gaborbernat/fix-sec
  • 5fe5d38 release 20.36.0 (#3011)
  • 9719376 release 20.36.0
  • 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
  • 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
  • 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
  • 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
  • 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
  • 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major v...

Description has been truncated

@dependabot
chore(deps): bump the uv group across 1 directory with 11 updates
8e3daaf 
Bumps the uv group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [copier](https://github.com/copier-org/copier) | `9.6.0` | `9.11.2` |
| [deepdiff](https://github.com/seperman/deepdiff) | `7.0.1` | `8.6.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.18.0` | `3.20.3` |
| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |
| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.26.1` | `3.26.2` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.6.0` | `1.23.0` |
| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |
| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |
| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.3` | `20.36.1` |



Updates `copier` from 9.6.0 to 9.11.2
- [Release notes](https://github.com/copier-org/copier/releases)
- [Changelog](https://github.com/copier-org/copier/blob/master/CHANGELOG.md)
- [Commits](copier-org/copier@v9.6.0...v9.11.2)

Updates `deepdiff` from 7.0.1 to 8.6.1
- [Release notes](https://github.com/seperman/deepdiff/releases)
- [Changelog](https://github.com/seperman/deepdiff/blob/master/docs/changelog.rst)
- [Commits](seperman/deepdiff@7.0.1...8.6.1)

Updates `filelock` from 3.18.0 to 3.20.3
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.18.0...3.20.3)

Updates `h11` from 0.14.0 to 0.16.0
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

Updates `marshmallow` from 3.26.1 to 3.26.2
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.26.1...3.26.2)

Updates `mcp` from 1.6.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.6.0...v1.23.0)

Updates `protobuf` from 5.29.4 to 6.33.4
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `pyasn1` from 0.6.1 to 0.6.2
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.6.1...v0.6.2)

Updates `requests` from 2.32.3 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.32.4)

Updates `urllib3` from 2.3.0 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.3.0...2.6.3)

Updates `virtualenv` from 20.29.3 to 20.36.1
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.29.3...20.36.1)

---
updated-dependencies:
- dependency-name: copier
  dependency-version: 9.11.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: deepdiff
  dependency-version: 8.6.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: filelock
  dependency-version: 3.20.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: marshmallow
  dependency-version: 3.26.2
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: protobuf
  dependency-version: 6.33.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pyasn1
  dependency-version: 0.6.2
  dependency-type: indirect
  dependency-group: uv
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 21, 2026
@coderabbitai
Copy link

coderabbitai bot commented Jan 21, 2026

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants