Skip to content
This repository is currently being migrated. It's locked while the migration is in progress.

chore(deps): bump the version-update group across 1 directory with 11 updates#282

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/main/version-update-8f278ee509
Open

chore(deps): bump the version-update group across 1 directory with 11 updates#282
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/main/version-update-8f278ee509

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Bumps the version-update group with 11 updates in the / directory:

Package From To
poetry 2.2.1 2.4.1
onnxruntime 1.23.2 1.26.0
pydantic 2.12.4 2.13.4
scikit-learn 1.7.2 1.8.0
uvicorn 0.38.0 0.48.0
boto3 1.41.2 1.43.16
pre-commit 4.5.0 4.6.0
ruff 0.14.6 0.15.14
pytest 9.0.1 9.0.3
pytest-cov 7.0.0 7.1.0
bandit 1.9.2 1.9.4

Updates poetry from 2.2.1 to 2.4.1

Release notes

Sourced from poetry's releases.

2.4.1

Changed

  • Re-allow installer==0.7.0 (#10887).

Fixed

  • Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).

2.4.0

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

  • Update vendored packaging to 26.2 (#936).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.4.1] - 2026-05-09

Changed

  • Re-allow installer==0.7.0 (#10887).

Fixed

  • Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).

[2.4.0] - 2026-05-03

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

... (truncated)

Commits

Updates onnxruntime from 1.23.2 to 1.26.0

Release notes

Sourced from onnxruntime's releases.

1.26.0

n.b. The following was generated via LLM from Git history. Only the contributor list has been verified.

ONNX Runtime Release 1.26.0

Announcement - Breaking Changes

  • Support for CUDA 12 will be removed in 1.27.0.
    • CUDA 13 will continue to be published as onnxruntime-<os>-<arch>-gpu_cuda13-<version>.<ext>
  • CUDA runtime will be moving soon to a dedicated Execution Provider (EP) instead of a published package from ORT core.

Highlights

  • Added optional memory mapping for .ort model loads (#28164).
  • Added RISC-V Vector (RVV) support for CPU EP (#28261).
  • OpenVINO EP upgraded for 1.26.0 development release (#28297).
  • WebGPU gained GridSample support (#28264) and Split-K improvements (#28151).
  • CUDA plugin EP gained graph support (#28002), profiling API (#28216).

Security and Reliability Hardening

  • Replaced unrestricted Python setattr configuration with an allowlist (#28083).
  • Hardened multiple OOB and overflow scenarios across ML and core ops:
    • Attention mask index OOB write (#27789).
    • MaxPoolGrad indices bounds validation (#27903).
    • SVM and TreeEnsemble bounds/security fixes (#27950, #27951, #27952, #27989).
    • RNN sequence_lens OOB read and integer overflow handling (#28052, #28003).
    • GroupQueryAttention seqlens_k bounds validation and compatibility follow-up (#28031, #28259).
    • MatMulBnb4 and ML coefficient SafeInt checks (#27995, #28001).
    • CUDA Gather int32 overflow fix (#28108).
    • GridSample float->int64 cast hardening for NaN/Inf/out-of-range coords (#28302).
  • Fixed session logger use-after-free during EP teardown under verbose logging (#28274).

CUDA, Attention, and MLAS

  • Filled CUDA opset/operator gaps and extended support:
    • Transpose opset 23 -> 25 (#27740).
    • QuantizeLinear/DequantizeLinear opset 25 (#28046).
    • CUDA TopK INT8/INT16/UINT8 support (#27862).
    • LabelEncoder CUDA support for numeric types (#28045).
  • Attention/GQA improvements:
    • Fixed ONNX Attention min-bias alignment crash on SM<80 and masked-batch NaN behavior (#27831).
    • Added FP32 QK accumulation path for unfused GQA attention (#28198).
    • Added CUDART_VERSION reduction compatibility in GQA attention (#28296).
    • Fixed CUDA 13 build error in GQA unfused attention (#28309).
    • PagedAttention fallback for SM<80 fp16 (#28200).
  • MLAS updates:
    • FP16 Gelu enablement (#26815).
    • Arm64 BF16 fast-math conv kernels for NCHW/NCHWc paths (#27878).

... (truncated)

Commits
  • 8c546c3 1.26.0 - cherry-pick for RC2 (#28347)
  • 55c5c82 GridSample: harden float->int64 casts against NaN/Inf/out-of-range coords (#2...
  • 60ce9cc Relax GQA seqlens_k shape validation for backward compat with older models (#...
  • d02a0fd Fix DoubleQDQPairsRemover adding spurious dimension to scalar scale/zero-poin...
  • 9b30f30 remove weights_are_all_positive_ from TreeEnsemble (#27552)
  • 5f2f848 fix(ci): incorrect relative template includes for setup-feeds (#28312)
  • de2bc90 Add QNN Plugin EP repo link to README (#28225)
  • 8dd4a06 Include license file in built distributions (#27783)
  • 6e19374 Fix CUDA 13 build error in gqa_unfused_attention.cu (#28309)
  • d6c363c [OVEP] OpenVINO EP 1.26.0 Development Release Updates (#28297)
  • Additional commits viewable in compare view

Updates pydantic from 2.12.4 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • Additional commits viewable in compare view

Updates scikit-learn from 1.7.2 to 1.8.0

Release notes

Sourced from scikit-learn's releases.

Release 1.8.0

We're happy to announce the 1.8.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_8_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.8.html

This version supports Python versions 3.11 to 3.14 and features support of free-threaded CPython.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn
Commits
  • 646da0f [cd build]
  • 4f4f283 Generate changelog
  • 967dcde Set version
  • cb1424b DOC Release highlights for 1.8 (#32809)
  • 5645b27 🔒 🤖 CI Update lock files for main CI build(s) 🔒 🤖 (#32859)
  • 6b9fb11 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
  • a0f6d88 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
  • c1de8fc FIX Make get_namespace handle pandas dataframe input (#32838)
  • 764249a Fix _safe_indexing with non integer arrays on array API inputs (#32840)
  • eca5e0a FIX Add new default max_samples=None in Bagging estimators (#32825)
  • Additional commits viewable in compare view

Updates uvicorn from 0.38.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits
  • 73e84e5 Version 0.48.0 (#2951)
  • 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
  • dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
  • abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • Additional commits viewable in compare view

Updates boto3 from 1.41.2 to 1.43.16

Commits
  • 6ffdfa1 Merge branch 'release-1.43.16'
  • c4ad31c Bumping version to 1.43.16
  • c7c604f Add changelog entries from botocore
  • ecbbf11 Merge branch 'release-1.43.15'
  • 8574b5d Merge branch 'release-1.43.15' into develop
  • af67f4e Bumping version to 1.43.15
  • 16a99f5 Add changelog entries from botocore
  • 07953b0 Merge branch 'release-1.43.14'
  • 7270b75 Merge branch 'release-1.43.14' into develop
  • 25c77c3 Bumping version to 1.43.14
  • Additional commits viewable in compare view

Updates pre-commit from 4.5.0 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

pre-commit v4.5.1

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

4.5.1 - 2025-12-16

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Updates ruff from 0.14.6 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Commits
  • 9ad2da3 Bump 0.15.14 (#25295)
  • c714e84 [ty] Modernize setup of union types in mdtests (#25291)
  • 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
  • aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
  • e9d72bb [ty] Allow enum member accesses on self (#25077)
  • 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
  • 9999a39 Update code example on how to update Neovim LSP log level (#25284)
  • 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
  • 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
  • c423054 Add a recursion limit to the parser (#24810)
  • Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer...

    Description has been truncated

@dependabot
chore(deps): bump the version-update group across 1 directory with 11…
955505f 
… updates

Bumps the version-update group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [poetry](https://github.com/python-poetry/poetry) | `2.2.1` | `2.4.1` |
| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.23.2` | `1.26.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.4` | `2.13.4` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.7.2` | `1.8.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.38.0` | `0.48.0` |
| [boto3](https://github.com/boto/boto3) | `1.41.2` | `1.43.16` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.0` | `4.6.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.6` | `0.15.14` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.1` | `9.0.3` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [bandit](https://github.com/PyCQA/bandit) | `1.9.2` | `1.9.4` |



Updates `poetry` from 2.2.1 to 2.4.1
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.2.1...2.4.1)

Updates `onnxruntime` from 1.23.2 to 1.26.0
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.23.2...v1.26.0)

Updates `pydantic` from 2.12.4 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.4...v2.13.4)

Updates `scikit-learn` from 1.7.2 to 1.8.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.7.2...1.8.0)

Updates `uvicorn` from 0.38.0 to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.38.0...0.48.0)

Updates `boto3` from 1.41.2 to 1.43.16
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.41.2...1.43.16)

Updates `pre-commit` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.0...v4.6.0)

Updates `ruff` from 0.14.6 to 0.15.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.6...0.15.14)

Updates `pytest` from 9.0.1 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.1...9.0.3)

Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `bandit` from 1.9.2 to 1.9.4
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.9.2...1.9.4)

---
updated-dependencies:
- dependency-name: poetry
  dependency-version: 2.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: onnxruntime
  dependency-version: 1.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: scikit-learn
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: boto3
  dependency-version: 1.43.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: ruff
  dependency-version: 0.15.14
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: version-update
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update
- dependency-name: bandit
  dependency-version: 1.9.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: version-update
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 28, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 28, 2026 07:50
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 28, 2026
@github-actions github-actions Bot enabled auto-merge May 28, 2026 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abd-vro-machine