Skip to content

chore(deps): bump the search group across 1 directory with 5 updates#1389

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/search/search-ce53aca9e4
Open

chore(deps): bump the search group across 1 directory with 5 updates#1389
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/search/search-ce53aca9e4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026
edited
Loading

Bumps the search group with 5 updates in the /search directory:

Package From To
elasticsearch 9.2.0 9.3.0
flask 3.1.2 3.1.3
flask-cors 6.0.1 6.0.2
python-dotenv 1.2.1 1.2.2
ruff 0.14.7 0.15.4

Updates elasticsearch from 9.2.0 to 9.3.0

Release notes

Sourced from elasticsearch's releases.

9.3.0

Enhancements

  • Add pack_dense_vector helper function to pack dense vectors for efficient uploading (#3219)
  • New and updated ES|QL functions in the ES|QL query builder for 9.3 and Serverless (#3266)

API

  • Added cat.circuit_breaker API
  • Added experimental esql.get_view, esql.put_view and esql.delete_view APIs
  • Added experimental indices.get_sample_configuration, indices.put_sample_configuration, indices.delete_sample_configuration, indices.get_all_sample_configuration, indices.get_sample, indices.get_sample_stats APIs
  • Added inference.put_groq, inference.put_openshift_ai, inference.put_nvidia APIs
  • Added downsampling_method argument to indices.put_data_lifecycle API
  • Added return_documents and top_n arguments to inference.rerank API
  • Added close_job argument to ml.stop_datafeed API
  • Added certificate_identity to security.create_cross_cluster_api_key and security.update_cross_cluster_api_key APIs

Serverless-specific

  • Added project_routing argument to project.tags API

DSL

  • Added NumpyDenseVector field, with support for dense vectors based on numpy arrays (#3218)
  • Added ExponentialHistogram field
  • Added time_series_metric argument to Histogram field
  • Added on_disk_rescore argument from DenseVectorIndexOptions type
  • Added slices argument to UpdateByQueryResponse type

9.2.1

Enhancements

  • Instrument ping with OTel (#3160)
  • Make positional arguments in DSL generated classes explicit (#3233)
  • Add warnings for private APIs (#3212)

Bug fixes

  • ES|QL query builder: fix missing assignment (#3151)
  • Use relative imports to fix elasticsearch9 package imports (#3232)

API

  • Added transform.get_node_stats API
  • Added requests_per_second argument to delete_by_query_rethrottle, reindex_rethrottle and update_by_query_rethrottle APIs
  • Added allow_closed, allow_no_indices, expand_wildcards, ignore_throttled and ignore_available arguments to cat.segments API
  • Added chunking_settings argument to inference.put_watsonxai API
  • Added id argument to ml.stop_trained_model_deployment API
  • Removed chunking_settings argument from inference.put_anthropic, inference.put_contextualai, inference.put_deepseek APIs
Commits

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726
Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726
Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates flask-cors from 6.0.1 to 6.0.2

Release notes

Sourced from flask-cors's releases.

6.0.2

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@6.0.1...6.0.2

Commits

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

Updates ruff from 0.14.7 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

0.15.3

Released on 2026-02-26.

Preview features

  • Drop explicit support for .qmd file extension (#23572)

    This can now be enabled instead by setting the extension option:

    # ruff.toml
extension = { qmd = "markdown" }
pyproject.toml
[tool.ruff]
extension = { qmd = "markdown" }

  • Include configured extensions in file discovery (#23400)

  • [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

  • [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

  • [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits
  • f14edd8 Bump 0.15.4 (#23595)
  • fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
  • 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
  • 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
  • 60facfa one word typo fix in a while_loop.md test case (#23589)
  • fbb9fa7 docs: fix incorrect import-heading example (#23568)
  • 5bc49a9 Increase the ruleset size to 16 bits (#23586)
  • a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
  • e5f2f36 Bump 0.15.3 (#23585)
  • 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the search group across 1 directory with 5 updates
e87fd13 
Bumps the search group with 5 updates in the /search directory:

| Package | From | To |
| --- | --- | --- |
| [elasticsearch](https://github.com/elastic/elasticsearch-py) | `9.2.0` | `9.3.0` |
| [flask](https://github.com/pallets/flask) | `3.1.2` | `3.1.3` |
| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.1` | `6.0.2` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.7` | `0.15.4` |



Updates `elasticsearch` from 9.2.0 to 9.3.0
- [Release notes](https://github.com/elastic/elasticsearch-py/releases)
- [Commits](elastic/elasticsearch-py@v9.2.0...v9.3.0)

Updates `flask` from 3.1.2 to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.2...3.1.3)

Updates `flask-cors` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@6.0.1...6.0.2)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `ruff` from 0.14.7 to 0.15.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.7...0.15.4)

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 9.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: search
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: search
- dependency-name: flask-cors
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: search
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: search
- dependency-name: ruff
  dependency-version: 0.15.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: search
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants