chore(deps): bump the uv-all group across 1 directory with 8 updates

[dependabot]

Bumps the uv-all group with 8 updates in the / directory:

Package	From	To
google-genai	1.57.0	1.60.0
google-adk	1.22.1	1.23.0
reportlab	4.4.7	4.4.9
dulwich	0.25.2	1.0.0
qdrant-client	1.15.1	1.16.2
python-telegram-bot	22.5	22.6
async-lru	2.0.5	2.1.0
ruff	0.14.11	0.14.14

Updates google-genai from 1.57.0 to 1.60.0

Release notes

Sourced from google-genai's releases.

v1.60.0

1.60.0 (2026-01-21)

Features

• Add ModelArmorConfig support for prompt and response sanitization via the Model Armor service (8d1091a)

Documentation

• Regenerate docs for 1.59.0 (351e490)
• Update docs to include interactions and file_search_stores module (a21841c)

v1.59.0

1.59.0 (2026-01-15)

Features

• Set the environment variable GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES to 'false' within BaseApiClient to disable bound token sharing. (79ac880)
• Support 4:5 and 5:4 aspect ratio in Interactions (1ddd9f1)

Documentation

• Regenerate docs for 1.58.0 (39a8b06)

v1.58.0

1.58.0 (2026-01-14)

Features

• Add FileSearchCallContent to Interactions (a882dea)
• Add ImageConfig to GenerationConfig for image generation in Interactions (b61163f)
• Support passing the custom aiohttp.ClientSession through HttpOptions.aiohttp_client (750648f), closes #1662
• Voice activity support (b7b1c2e)

Bug Fixes

• Serialize Pillow images losslessly by default (8d7c74d)

Documentation

• Regenerate docs for 1.57.0 (65018b6)

Changelog

Sourced from google-genai's changelog.

1.60.0 (2026-01-21)

Features

• Add ModelArmorConfig support for prompt and response sanitization via the Model Armor service (8d1091a)
• Update data types from discovery doc. (4209289)
• Update data types from discovery doc. (7db2c2d)

Documentation

• Regenerate docs for 1.59.0 (351e490)
• Update docs to include interactions and file_search_stores module (a21841c)

1.59.0 (2026-01-15)

Features

• Set the environment variable GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES to 'false' within BaseApiClient to disable bound token sharing. (79ac880)
• Support 4:5 and 5:4 aspect ratio in Interactions (1ddd9f1)

Documentation

• Regenerate docs for 1.58.0 (39a8b06)

1.58.0 (2026-01-14)

Features

• Add FileSearchCallContent to Interactions (a882dea)
• Add ImageConfig to GenerationConfig for image generation in Interactions (b61163f)
• Support passing the custom aiohttp.ClientSession through HttpOptions.aiohttp_client (750648f), closes #1662
• Voice activity support (b7b1c2e)

Bug Fixes

• Serialize Pillow images losslessly by default (8d7c74d)

Documentation

• Regenerate docs for 1.57.0 (65018b6)

Commits

• c9851d6 chore(main): release 1.60.0 (#1966)
• a21841c docs: Update docs to include interactions and file_search_stores module
• 4209289 feat: Update data types from discovery doc.
• 7db2c2d feat: Update data types from discovery doc.
• 459bc42 chore: Update documentation for the background parameter.
• 8d1091a feat: Add ModelArmorConfig support for prompt and response sanitization via t...
• 351e490 docs: Regenerate docs for 1.59.0
• 111032c chore(main): release 1.59.0 (#1963)
• 39a8b06 docs: Regenerate docs for 1.58.0
• 79ac880 feat: Set the environment variable GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR...
• Additional commits viewable in compare view

Updates google-adk from 1.22.1 to 1.23.0

Release notes

Sourced from google-adk's releases.

v1.23.0

1.23.0 (2026-01-22)

⚠ BREAKING CHANGES

• Breaking: Use OpenTelemetry for BigQuery plugin tracing, replacing custom ContextVar implementation (ab89d12)

Features

• [Core]

  • Add support to automatically create a session if one does not exist (8e69a58)
  • Remove @experimental decorator from AgentEngineSandboxCodeExecutor (135f763)
  • Add --disable_features CLI option to override default feature enable state (53b67ce)
  • Add otel_to_cloud flag to adk deploy agent_engine command (21f63f6)
  • Add is_computer_use field to agent information in adk-web server (5923da7)
  • Allow thinking_config in generate_content_config (e162bb8)
  • Convert A2UI messages between A2A DataPart metadata and ADK events (1133ce2)
  • Add --enable_features CLI option to override default feature enable state (79fcddb)

• [Tools]

  • Add flush mechanism to BigQueryAgentAnalyticsPlugin to ensure pending log events are written to BigQuery (9579bea)
  • Allow Google Search tool to set a different model (b57a3d4)
  • Support authentication for MCP tool listing (e3d542a 19315fe)
  • Use JSON schema for base_retrieval_tool, load_artifacts_tool, and load_memory_tool declarations when the feature is enabled (69ad605)
  • Use JSON schema for IntegrationConnectorTool declaration when the feature is enabled (2ed6865)
  • Start and close ClientSession in a single task in McpSessionManager (cce430d)
  • Use JSON schema for RestApiTool declaration when the feature is enabled (a5f0d33)

• [Evals]

  • Update adk eval CLI to consume custom metrics by adding CustomMetricEvaluator (ea0934b)
  • Update EvalConfig and EvalMetric data models to support custom metrics (6d2f33a)

• [Observability]

  • Add minimal generate_content {model.name} spans and logs for non-Gemini inference and when opentelemetry-inference-google-genai dependency is missing (935c279)

• [Integrations]

  • Enhance TraceManager asynchronous safety, enrich BigQuery plugin logging, and fix serialization (a4116a6)

• [Live]

  • Persist user input content to session in live mode (a04828d)

Bug Fixes

• Recursively extract input/output schema for AgentTool (bf2b56d)
• Yield buffered function_call and function_response events during live streaming (7b25b8f)
• Update authlib and mcp dependency versions (7955177)
• Set LITELLM_MODE to PRODUCTION before importing LiteLLM to prevent implicit .env file loading (215c2f5)
• Redact sensitive information from URIs in logs (5257869)
• Handle asynchronous driver URLs in the migration tool (4b29d15)
• Remove custom metadata from A2A response events (81eaeb5)

... (truncated)

Changelog

Sourced from google-adk's changelog.

1.23.0 (2026-01-22)

⚠ BREAKING CHANGES

• Breaking: Use OpenTelemetry for BigQuery plugin tracing, replacing custom ContextVar implementation (ab89d12)

Features

• [Core]

  • Add support to automatically create a session if one does not exist (8e69a58)
  • Remove @experimental decorator from AgentEngineSandboxCodeExecutor (135f763)
  • Add --disable_features CLI option to override default feature enable state (53b67ce)
  • Add otel_to_cloud flag to adk deploy agent_engine command (21f63f6)
  • Add is_computer_use field to agent information in adk-web server (5923da7)
  • Allow thinking_config in generate_content_config (e162bb8)
  • Convert A2UI messages between A2A DataPart metadata and ADK events (1133ce2)
  • Add --enable_features CLI option to override default feature enable state (79fcddb)

• [Tools]

  • Add flush mechanism to BigQueryAgentAnalyticsPlugin to ensure pending log events are written to BigQuery (9579bea)
  • Allow Google Search tool to set a different model (b57a3d4)
  • Support authentication for MCP tool listing (e3d542a 19315fe)
  • Use JSON schema for base_retrieval_tool, load_artifacts_tool, and load_memory_tool declarations when the feature is enabled (69ad605)
  • Use JSON schema for IntegrationConnectorTool declaration when the feature is enabled (2ed6865)
  • Start and close ClientSession in a single task in McpSessionManager (cce430d)
  • Use JSON schema for RestApiTool declaration when the feature is enabled (a5f0d33)

• [Evals]

  • Update adk eval CLI to consume custom metrics by adding CustomMetricEvaluator (ea0934b)
  • Update EvalConfig and EvalMetric data models to support custom metrics (6d2f33a)

• [Observability]

  • Add minimal generate_content {model.name} spans and logs for non-Gemini inference and when opentelemetry-inference-google-genai dependency is missing (935c279)

• [Integrations]

  • Enhance TraceManager asynchronous safety, enrich BigQuery plugin logging, and fix serialization (a4116a6)

• [Live]

  • Persist user input content to session in live mode (a04828d)

Bug Fixes

• Recursively extract input/output schema for AgentTool (bf2b56d)
• Yield buffered function_call and function_response events during live streaming (7b25b8f)
• Update authlib and mcp dependency versions (7955177)
• Set LITELLM_MODE to PRODUCTION before importing LiteLLM to prevent implicit .env file loading (215c2f5)
• Redact sensitive information from URIs in logs (5257869)
• Handle asynchronous driver URLs in the migration tool (4b29d15)
• Remove custom metadata from A2A response events (81eaeb5)
• Handle None inferences in eval results (7d4326c)

... (truncated)

Commits

• 7cf1e44 chore: Bumps version to v1.23.0 and updates CHANGELOG.md
• 3f1b0d0 chore: minor fix for DebugLoggingPlugin example
• 935c279 feat(otel): add minimal generate_content {model.name} spans and logs for no...
• 82fa10b feat: add new conversational analytics api tool set
• bf2b56d fix: recursively extract input/output schema for AgentTool
• 3d96b78 chore: Pin litellm dependency to versions below 1.80.17
• 91ec80c docs: fixing multiple typos
• 295b345 chore: Filter out adk_request_input event from content list
• b57a3d4 feat: Allow google search tool to set different model
• 9579bea feat(plugins): Add flush mechanism to BigQueryAgentAnalyticsPlugin
• Additional commits viewable in compare view

Updates reportlab from 4.4.7 to 4.4.9

Updates dulwich from 0.25.2 to 1.0.0

Release notes

Sourced from dulwich's releases.

1.0.0

What's Changed

• More tests by @​jelmer in jelmer/dulwich#2066
• Document C git compatibility by @​jelmer in jelmer/dulwich#2067
• Remove deprecated functions by @​jelmer in jelmer/dulwich#2068

Full Changelog: jelmer/dulwich@dulwich-0.25.2...dulwich-1.0.0

Changelog

Sourced from dulwich's changelog.

1.0.0 2026-01-17

• Release of 1.0!

  From here on, Dulwich will not break backwards compatibility until 2.0 - although we may print DeprecationWarning when using deprecated functionality.

  Micro releases (1.x.y) will be reserved for important bugfixes.

  Major releases (1.x.0) will introduced new features and functionality, without breaking backwards compatibility.

  (Jelmer Vernooij, #2007)

Commits

• ca9de6d release dulwich 1.0.0
• d5275f4 Remove deprecated functions (#2068)
• 918d8c1 Remove deprecated functions
• f1022bd Document C git compatibility (#2067)
• 58deddd More tests (#2066)
• 490088a Fix Windows-specific test failures
• 0424ada Document C git compatibility
• 638ee02 Add new test modules to test suite configuration
• 92cb716 Add tests for porcelain notes module
• c495ca3 Add tests to achieve 100% coverage for mailmap module
• Additional commits viewable in compare view

Updates qdrant-client from 1.15.1 to 1.16.2

Release notes

Sourced from qdrant-client's releases.

v1.16.2

Change Log

Deprecations ⏳

• #1110 - drop python3.9 support by @​joein

Fixes ⚙️

• #1132- adjust numpy versioning by @​joein
• #1133 - propagate lookup_from correctly in query_points_groups by @​joein
• #1134 - fix qdrant-client import in read-only systems by @​holyMolyTolli

Thanks to everyone who contributed to the current release! @​holyMolyTolli @​joein

v1.16.1

Change Log

Features 🪐

• #1116 - implement grpc version of cluster_collection_update by @​joein
• #1123 - expose the remaining cluster methods: remove_peer, collection_cluster_info, recover_current_peer, cluster_status by @​joein

Fixes 😮

• #1125 - rename common.proto to qdrant_common.proto to avoid conflicts with other libraries by @​joein
• #1124 - fix local mode with persistence backward compatibility by @​joein
• #1121 - add .pyi files for grpc files to help static code analyzers by @​joein

v1.16.0

Change Log

Features 🪐

• #1060 - builtin BM25 support (fastembed is not longer required to generate bm25 embeddings) by @​joein
• #1071 - grpc connection pooling by @​JojiiOfficial
• #1088 - queryless scores is now equal to 1 by @​joein
• #1077 - pass grpc credentials to grpc channels by @​ivandasch @​joein
• #1085 - allow passing UUID to all methods without converting to strings by @​joein
• #1069 - add TextAny filter, metadata to collections, add parametrized rrf query, ACORN (qdrant changelog) by @​joein
• #1106 - update grpc generator by @​joein
• #1114 - expose cluster collection update operations by @​joein @​generall

Deprecations ⌚

• #1093 - add, query, query_batch methods deprecated in favour of upsert and query_points by @​joein
• #1103 - remove deprecated methods: search, recommend, discovery, upload_records, search_batch, recommend_batch, discovery_batch, rest, init_from in create_collection, all lock-related methods by @​joein
• #1104 - remove structs used only in the removed methods (#1103) by @​joein

Fixes 😮

• #1081 - fix overriding prefetch limit by @​joein

... (truncated)

Commits

• 49fa101 bump version to 1.16.2
• 5bd87e4 Fix/lazy load local mode (#1134)
• 1b142af fix: propagate lookup from correctly in query_points_groups (#1133)
• 9e61a69 Drop python3.9 (#1110)
• 2c45a53 new: adjust numpy versioning (#1132)
• 67836fc tests: speed up tests (#1130)
• 750d735 bump version to 1.16.1
• b06e839 new: include pyi into the package (#1121)
• 18ec0ad new: expose the remaining cluster methods (#1123)
• a0d48e4 fix: fix local mode backward compatibility (#1124)
• Additional commits viewable in compare view

Updates python-telegram-bot from 22.5 to 22.6

Release notes

Sourced from python-telegram-bot's releases.

v22.6

We've just released v22.6. Thank you to everyone who contributed to this release. As usual, upgrade using pip install -U python-telegram-bot.

The release notes can be found here.

Commits

• 7dc44df Bump Version to v22.6 (#5108)
• 2da6068 Documentation Improvements (#4988)
• 432a67e Full Support for Bot API 9.3 (#5078)
• 327f469 Update Ruff to v0.14.13 (#5107)
• f9352c4 Bump chango to 0.6.1 (#5101)
• 92eeee6 Update Ruff to v0.14.11 (#5100)
• 8511941 Add Fallback Name Support for Job Callbacks without __name__ (#5088)
• c804f69 Bump pre-commit Hooks to Latest Versions (#5083)
• 20f457c Fix Broken Links in Documentation (#5080)
• 3a1c494 Update Copyright to 2026 (#5075)
• Additional commits viewable in compare view

Updates async-lru from 2.0.5 to 2.1.0

Release notes

Sourced from async-lru's releases.

2.1.0

• Fixed cancelling of task when all tasks waiting on it have been cancelled.
• Fixed DeprecationWarning from asyncio.iscoroutinefunction.

Changelog

Sourced from async-lru's changelog.

2.1.0 (2026-01-17)

• Fixed cancelling of task when all tasks waiting on it have been cancelled.
• Fixed DeprecationWarning from asyncio.iscoroutinefunction.

Commits

• b4e713b Release v2.1.0 (#729)
• 64e52a3 fix: callback inappropriately suppresses asyncio logs (#725)
• dfa6915 build(deps): bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 (#728)
• f050134 build(deps): bump coverage from 7.13.0 to 7.13.1 (#727)
• e19862d build(deps-dev): bump mypy from 1.19.0 to 1.19.1 (#726)
• 9ab48ab build(deps): bump coverage from 7.12.0 to 7.13.0 (#724)
• bbfbdae build(deps): bump pytest from 9.0.1 to 9.0.2 (#723)
• 8414747 build(deps): bump actions/checkout from 5 to 6 (#722)
• 0212617 build(deps-dev): bump mypy from 1.18.2 to 1.19.0 (#721)
• 760a980 build(deps-dev): bump flake8-bugbear from 25.10.21 to 25.11.29 (#720)
• Additional commits viewable in compare view

Updates ruff from 0.14.11 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser

... (truncated)

Commits

• 8b2e7b3 Prepare release v0.14.14 (#22813)
• 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
• b7de434 add CCfW hooks (#22803)
• b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
• 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
• ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
• c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
• b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
• f516d47 Update contributing guide for adding a new rule (#22779)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.