Skip to content

Bump the uv group across 1 directory with 3 updates#23

Merged
John Kennedy (jkennedyvz) merged 1 commit into
mainfrom
dependabot/uv/uv-d718f7726f
May 19, 2026
Merged

Bump the uv group across 1 directory with 3 updates#23
John Kennedy (jkennedyvz) merged 1 commit into
mainfrom
dependabot/uv/uv-d718f7726f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 3 updates in the / directory: langchain-core, jupyter-server and mistune.

Updates langchain-core from 1.3.2 to 1.3.3

Release notes

Sourced from langchain-core's releases.

langchain-core==1.3.3

Changes since langchain-core==1.3.2

release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992)

Commits

Updates jupyter-server from 2.17.0 to 2.18.0

Release notes

Sourced from jupyter-server's releases.

v2.18.0

2.18.0

(Full Changelog)

Security patches

API and Breaking Changes

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.18.0

(Full Changelog)

API and Breaking Changes

Enhancements made

Bugs fixed

... (truncated)

Commits
  • 0ceed45 Publish 2.18.0
  • 49b3439 Move check origin into a util function and add it to websocket (#1630)
  • e2e08c8 Add test case for bad next URL format
  • 624d6c0 Delete outdated patch code
  • d825b93 Apply suggestion from @​minrk
  • 789fed0 patch open redirect in /login
  • 2ee51ec fix(CVE-2026-35397): path traversal when target dir starts with root dir
  • 057869a Fix allow_origin_pat to do full matching instead of prefix matching
  • 4862199 Add resolvePath API for resolving kernel-relative paths
  • e31d514 Bump actions/create-github-app-token from 2 to 3 in the actions group across ...
  • Additional commits viewable in compare view

Updates mistune from 3.1.4 to 3.2.1

Release notes

Sourced from mistune's releases.

v3.2.1

   🐞 Bug Fixes

    View changes on GitHub

v3.2.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from mistune's changelog.

Version 3.2.1

Released on May 3, 2026

  • Escape link in render_toc_ul.
  • Escape text in math plugin.
  • Fix regex for math plugin.
  • Escape heading's ID attribute.
  • Fix LINK_TITLE_RE to prevent DoS.
  • Escape class attribute for admonition directive.
  • Remove double-encoding of image alt text.
  • Escape class attribute for image directive.
  • Fix width/height attribute for image directive.

Version 3.2.0

Released on Dec 23, 2025

  • Announce supports for python 3.14
  • Fix footnotes plugins for code blocks, ref links, blockquote and etc.
  • Fix ref links in TOC.
Commits
  • 067f908 chore: release 3.2.1
  • bf55030 Merge pull request #438 from saschabuehrle/fix/issue-370
  • 8d0cb75 fix: use strict regex for image's height and width
  • 5fa092e fix: escape xml for math plugin
  • 71ec947 Merge pull request #440 from lawrence3699/fix/image-alt-double-encoding
  • 0d6f3d8 fix: remove double-encoding of image alt text
  • 2855622 fix: escape id of headings
  • 04880a0 fix: escape id of toc
  • 7bd5709 fix: handle escaped dollar signs in inline math (fixes #370)
  • 85eb54f fix: update link reference
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the uv group with 3 updates in the / directory: [langchain-core](https://github.com/langchain-ai/langchain), [jupyter-server](https://github.com/jupyter-server/jupyter_server) and [mistune](https://github.com/lepture/mistune).


Updates `langchain-core` from 1.3.2 to 1.3.3
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.3.2...langchain-core==1.3.3)

Updates `jupyter-server` from 2.17.0 to 2.18.0
- [Release notes](https://github.com/jupyter-server/jupyter_server/releases)
- [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md)
- [Commits](jupyter-server/jupyter_server@v2.17.0...v2.18.0)

Updates `mistune` from 3.1.4 to 3.2.1
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst)
- [Commits](lepture/mistune@v3.1.4...v3.2.1)

---
updated-dependencies:
- dependency-name: langchain-core
  dependency-version: 1.3.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: jupyter-server
  dependency-version: 2.18.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mistune
  dependency-version: 3.2.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 8, 2026
@jkennedyvz John Kennedy (jkennedyvz) merged commit bf0e8f8 into main May 19, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/uv-d718f7726f branch May 19, 2026 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant