Skip to content

chore(deps)(deps): bump the evaluator-deps group in /scripts/aidlc-evaluator with 5 updates#272

Merged
Kalindi-Dev merged 1 commit into
mainfrom
dependabot/uv/scripts/aidlc-evaluator/evaluator-deps-cfc7327340
May 18, 2026
Merged

chore(deps)(deps): bump the evaluator-deps group in /scripts/aidlc-evaluator with 5 updates#272
Kalindi-Dev merged 1 commit into
mainfrom
dependabot/uv/scripts/aidlc-evaluator/evaluator-deps-cfc7327340

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 16, 2026

Bumps the evaluator-deps group in /scripts/aidlc-evaluator with 5 updates:

Package From To
boto3 1.43.6 1.43.9
ruff 0.15.12 0.15.13
semgrep 1.162.0 1.163.0
strands-agents 1.39.0 1.40.0
strands-agents-tools 0.5.2 0.5.3

Updates boto3 from 1.43.6 to 1.43.9

Commits
  • 6d47260 Merge branch 'release-1.43.9'
  • 7fb9872 Bumping version to 1.43.9
  • 1881c7f Add changelog entries from botocore
  • 7a82579 Merge branch 'release-1.43.8'
  • 9ff48ec Merge branch 'release-1.43.8' into develop
  • 06a1d63 Bumping version to 1.43.8
  • 2b6e7bd Add changelog entries from botocore
  • e6aee5d Merge branch 'release-1.43.7'
  • 05566d2 Merge branch 'release-1.43.7' into develop
  • 37e8136 Bumping version to 1.43.7
  • Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Commits
  • 2afb467 Bump 0.15.13 (#25157)
  • 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
  • 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
  • 2522549 Remove shellcheck from prek (#25154)
  • 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
  • bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
  • 828cdb7 [ty] Isolate file-watching test environment (#25151)
  • 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
  • 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
  • ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
  • Additional commits viewable in compare view

Updates semgrep from 1.162.0 to 1.163.0

Release notes

Sourced from semgrep's releases.

Release v1.163.0

1.163.0 - 2026-05-13

### Added

  • Updated PHP target parsing to support grammar changes from PHP 8.1-8.5 (LANG-380)

### Changed

  • Improved semgrep ci startup time with App-provided rules by avoiding duplicate semgrep-core rule validation during CLI rule loading while preserving config-style failures for invalid rules. (ci-rule-validation-startup)
  • Semgrep now validates dependency aware rules only on the core side, improving startup time (validate-skip-dep-aware)
  • Rule validation now runs in parallel across cores on large rulesets, reducing scan startup time. (gh-6279)
  • Rule parsing now runs in parallel across shards on multi-core machines, reducing scan startup time on large rulesets. (gh-6281)

### Fixed

  • Improved name resolution for fully-qualified names in Java, Kotlin, and Scala. This could lead to fewer false positives and more true positives when the code under analysis uses fully-qualified names instead of imports. (java-qualified)
  • Optimised rule prefiltering and parsing to improve engine startup time. (rule-parse-cache)
  • Reduced peak memory usage when scanning repos with large rulesets. (rules-json-compact)
  • Fixed transitive reachability rule parsing performance: the temporary rule file written for each transitive-reachability RPC call is JSON content (json.dumps([rule.raw])) but was being created with a .yaml suffix. OCaml's Parse_rule.parse_file dispatches purely on file extension, so this routed every TR rule through Yaml_to_generic.parse_yaml_file (the slow YAML path) instead of Fast_json.parse_program (the new hand-written RFC 8259 parser). Switching the suffix to .json lines the suffix up with the actual content and lets every TR rule parse take the fast path. (tr-json-suffix)
  • Pro: Fixed a naming resolution bug in Java. (LANG-274)
Changelog

Sourced from semgrep's changelog.

1.163.0 - 2026-05-13

### Added

  • Updated PHP target parsing to support grammar changes from PHP 8.1-8.5 (LANG-380)

### Changed

  • Improved semgrep ci startup time with App-provided rules by avoiding duplicate semgrep-core rule validation during CLI rule loading while preserving config-style failures for invalid rules. (ci-rule-validation-startup)
  • Semgrep now validates dependency aware rules only on the core side, improving startup time (validate-skip-dep-aware)
  • Rule validation now runs in parallel across cores on large rulesets, reducing scan startup time. (gh-6279)
  • Rule parsing now runs in parallel across shards on multi-core machines, reducing scan startup time on large rulesets. (gh-6281)

### Fixed

  • Improved name resolution for fully-qualified names in Java, Kotlin, and Scala. This could lead to fewer false positives and more true positives when the code under analysis uses fully-qualified names instead of imports. (java-qualified)
  • Optimised rule prefiltering and parsing to improve engine startup time. (rule-parse-cache)
  • Reduced peak memory usage when scanning repos with large rulesets. (rules-json-compact)
  • Fixed transitive reachability rule parsing performance: the temporary rule file written for each transitive-reachability RPC call is JSON content (json.dumps([rule.raw])) but was being created with a .yaml suffix. OCaml's Parse_rule.parse_file dispatches purely on file extension, so this routed every TR rule through Yaml_to_generic.parse_yaml_file (the slow YAML path) instead of Fast_json.parse_program (the new hand-written RFC 8259 parser). Switching the suffix to .json lines the suffix up with the actual content and lets every TR rule parse take the fast path. (tr-json-suffix)
  • Pro: Fixed a naming resolution bug in Java. (LANG-274)
Commits
  • db2be62semgrep/semgrep-proprietary#6316
  • c942ce5 fix: move Java synthetic getter generation to AST layer (LANG-274) (semgrep/s...
  • 832bf21 infra(ci): bump anthropics/claude-code-action to v1.0.119 (semgrep/semgrep-pr...
  • de18b7e chore: update CODEOWNERS for code-pa -> languages (semgrep/semgrep-proprietar...
  • e4d1596 fix(interfaces): add back semgrep-interfaces.opam file (semgrep/semgrep-pro...
  • 5f78fd4 fix(mcp): stop sending all rules as part of metrics (semgrep/semgrep-propriet...
  • 384de6csemgrep/semgrep-proprietary#6266
  • 6050606 perf(parsing): cache parsed xpatterns across rules (semgrep/semgrep-proprieta...
  • 376ef4c SharedMemo: add ?should_cache predicate to memo entry points (semgrep/semgrep...
  • 247180bsemgrep/semgrep-proprietary#6118
  • Additional commits viewable in compare view

Updates strands-agents from 1.39.0 to 1.40.0

Release notes

Sourced from strands-agents's releases.

v1.40.0

What's Changed

New Contributors

Full Changelog: strands-agents/sdk-python@v1.39.0...v1.40.0

Commits
  • fa74d80 fix: swarm bug "Failed to detach context" with opentelemetry (#2281)
  • 305a005 fix: set use_native_token_count default to false (#2284)
  • 6b53928 feat: add official Discord link (#2285)
  • b1a3f03 fix(ollama): update return type of latencyMs metric for ollama model provider...
  • 1847fae feat: cache AccessDenied error for count tokens (#2279)
  • f862185 feat: add proactive context compression to conversation managers (#2239)
  • See full diff in compare view

Updates strands-agents-tools from 0.5.2 to 0.5.3

Release notes

Sourced from strands-agents-tools's releases.

v0.5.3

What's Changed

New Contributors

Full Changelog: strands-agents/tools@v0.5.2...v0.5.3

Commits
  • e4ce50f feat: add official Discord link (#463)
  • 66b2924 fix: pass _default_context_options into new_context (#455)
  • 3f9e95d fix(batch): read invocations from tool input and fix concurrency error (#439)
  • ee7fcae fix: enable optional parameters in use_aws to prevent KeyError (#449)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the evaluator-deps group
94084e7 
Bumps the evaluator-deps group in /scripts/aidlc-evaluator with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.43.6` | `1.43.9` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |
| [semgrep](https://github.com/semgrep/semgrep) | `1.162.0` | `1.163.0` |
| [strands-agents](https://github.com/strands-agents/sdk-python) | `1.39.0` | `1.40.0` |
| [strands-agents-tools](https://github.com/strands-agents/tools) | `0.5.2` | `0.5.3` |


Updates `boto3` from 1.43.6 to 1.43.9
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.6...1.43.9)

Updates `ruff` from 0.15.12 to 0.15.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.13)

Updates `semgrep` from 1.162.0 to 1.163.0
- [Release notes](https://github.com/semgrep/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.162.0...v1.163.0)

Updates `strands-agents` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/strands-agents/sdk-python/releases)
- [Commits](strands-agents/sdk-python@v1.39.0...v1.40.0)

Updates `strands-agents-tools` from 0.5.2 to 0.5.3
- [Release notes](https://github.com/strands-agents/tools/releases)
- [Commits](strands-agents/tools@v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
- dependency-name: ruff
  dependency-version: 0.15.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
- dependency-name: semgrep
  dependency-version: 1.163.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: evaluator-deps
- dependency-name: strands-agents
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: evaluator-deps
- dependency-name: strands-agents-tools
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: evaluator-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 16, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 16, 2026 12:28
@Kalindi-Dev Kalindi-Dev enabled auto-merge May 16, 2026 18:03
Kalindi-Dev
Kalindi-Dev approved these changes May 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Kalindi-Dev Kalindi-Dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Kalindi-Dev
Kalindi-Dev approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Kalindi-Dev Kalindi-Dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

scottschreckengaust
scottschreckengaust approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@scottschreckengaust scottschreckengaust left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Kalindi-Dev Kalindi-Dev added this pull request to the merge queue May 18, 2026
Merged via the queue into main with commit 8b8c206 May 18, 2026
23 of 27 checks passed
@Kalindi-Dev Kalindi-Dev deleted the dependabot/uv/scripts/aidlc-evaluator/evaluator-deps-cfc7327340 branch May 18, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scottschreckengaust scottschreckengaust scottschreckengaust approved these changes

@Kalindi-Dev Kalindi-Dev Kalindi-Dev approved these changes

@spraja08 spraja08 Awaiting requested review from spraja08 spraja08 is a code owner automatically assigned from awslabs/aidlc-admins

@leandrodamascena leandrodamascena Awaiting requested review from leandrodamascena leandrodamascena is a code owner automatically assigned from awslabs/aidlc-admins

@harmjeff harmjeff Awaiting requested review from harmjeff harmjeff is a code owner automatically assigned from awslabs/aidlc-admins

@raj-jain-aws raj-jain-aws Awaiting requested review from raj-jain-aws raj-jain-aws is a code owner automatically assigned from awslabs/aidlc-admins

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scottschreckengaust @Kalindi-Dev