Skip to content

deps: Bump the python-minor group with 12 updates#430

Merged
pcalnon merged 1 commit into
mainfrom
dependabot/pip/python-minor-5c8366d22c
Jul 6, 2026
Merged

deps: Bump the python-minor group with 12 updates#430
pcalnon merged 1 commit into
mainfrom
dependabot/pip/python-minor-5c8366d22c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor group with 12 updates:

Package From To
dash 4.3.0 4.4.0
fastapi 0.138.2 0.139.0
uvicorn 0.49.0 0.50.2
sentry-sdk 2.63.0 2.64.0
coverage 7.14.3 7.15.0
filelock 3.29.4 3.29.5
pillow 12.2.0 12.3.0
typing-extensions 4.15.0 4.16.0
fastapi-cli 0.0.27 0.0.28
narwhals 2.22.1 2.23.0
nvidia-cudnn-cu12 9.23.2.1 9.24.0.43
nvidia-nvshmem-cu12 3.7.0 3.7.1

Updates dash from 4.3.0 to 4.4.0

Release notes

Sourced from dash's releases.

Dash Version 4.4.0

Added

  • #3826 WebSocket callback dispatch no longer lets long-lived callbacks limit the number of concurrent users. Async callbacks (including session-persistent ones) run directly on the connection event loop instead of occupying a worker thread, and synchronous callbacks run on a shared ThreadPoolExecutor whose size is configurable via the new websocket_max_workers argument to Dash (default 4). A synchronous persistent (no-output) callback now warns at registration since it would tie up a worker thread.

Fixed

  • #3861 Fix synchronous WebSocket callbacks not inheriting ContextVar values bound by ASGI middleware. copy_context() is now captured on the event-loop thread before the callback is submitted to the thread pool, instead of inside the worker thread where only default values were visible.
  • #3779 Fix dash.testing Browser.get_logs() returning None on non-Chrome webdrivers, which broke assertions like assert dash_duo.get_logs() == []. It now returns [], matching the Chrome code path.
  • #3822 Fix UnboundLocalError for user_callback_output in async background callbacks (Celery and Diskcache managers) when the callback raises PreventUpdate or another exception before the variable is assigned.
  • #3819 Fix RuntimeError: No active request in context when a non-Dash path falls through to the FastAPI catch-all route. Fixes #3812.
  • #3838 Replace mcp dependency with inline types.
  • #3824 Fix dash.testing ThreadedRunner.stop() hanging at teardown for Quart apps. Fixes #3823.
  • #3425 dcc.DatePicker: Fix updatemode="bothdates" not always respected

Changed

  • Drop support for Python 3.8 (end-of-life since October 2024). The minimum supported version is now Python 3.9.
Changelog

Sourced from dash's changelog.

[4.4.0] - 2026-07-03

Added

  • #3826 WebSocket callback dispatch no longer lets long-lived callbacks limit the number of concurrent users. Async callbacks (including session-persistent ones) run directly on the connection event loop instead of occupying a worker thread, and synchronous callbacks run on a shared ThreadPoolExecutor whose size is configurable via the new websocket_max_workers argument to Dash (default 4). A synchronous persistent (no-output) callback now warns at registration since it would tie up a worker thread.

Fixed

  • #3861 Fix synchronous WebSocket callbacks not inheriting ContextVar values bound by ASGI middleware. copy_context() is now captured on the event-loop thread before the callback is submitted to the thread pool, instead of inside the worker thread where only default values were visible.
  • #3779 Fix dash.testing Browser.get_logs() returning None on non-Chrome webdrivers, which broke assertions like assert dash_duo.get_logs() == []. It now returns [], matching the Chrome code path.
  • #3822 Fix UnboundLocalError for user_callback_output in async background callbacks (Celery and Diskcache managers) when the callback raises PreventUpdate or another exception before the variable is assigned.
  • #3819 Fix RuntimeError: No active request in context when a non-Dash path falls through to the FastAPI catch-all route. Fixes #3812.
  • #3838 Replace mcp dependency with inline types.
  • #3824 Fix dash.testing ThreadedRunner.stop() hanging at teardown for Quart apps. Fixes #3823.
  • #3425 dcc.DatePicker: Fix updatemode="bothdates" not always respected

Changed

  • Drop support for Python 3.8 (end-of-life since October 2024). The minimum supported version is now Python 3.9.
Commits
  • 1fc4a2d Merge pull request #3870 from plotly/master-4.4.0
  • 2a59605 version 4.4.0 build artifacts
  • b7d537b Merge branch 'dev' into master-4.4.0
  • 4e0fb90 Merge pull request #3867 from plotly/version-4.4.0
  • 826c080 version 4.4.0
  • 9ba8421 Merge pull request #3862 from plotly/fix/ws-contextvars
  • c79ebf4 Merge branch 'dev' into fix/ws-contextvars
  • 7cf426e Merge pull request #3860 from plotly/fix/dependabot-spam
  • a33d61d Merge branch 'dev' into fix/dependabot-spam
  • d5ffe05 Merge branch 'dev' into fix/ws-contextvars
  • Additional commits viewable in compare view

Updates fastapi from 0.138.2 to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn from 0.49.0 to 0.50.2

Release notes

Sourced from uvicorn's releases.

Version 0.50.1

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.50.0...0.50.1

Version 0.50.0

What's Changed

Full Changelog: Kludex/uvicorn@0.49.0...0.50.0

Changelog

Sourced from uvicorn's changelog.

0.50.2 (July 6, 2026)

Fixed

  • Require websockets>=13.0, which the default websockets-sansio implementation needs (#3021)

0.50.1 (July 6, 2026)

Fixed

  • Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansio implementation (#3019)

0.50.0 (July 4, 2026)

If you use WebSockets, note that --ws auto now picks the websockets-sansio implementation. You shouldn't need it, but you can pin --ws websockets to get the deprecated legacy one back.

Changed

  • Exit with the dedicated code 3 on any startup failure: app loading, socket bind and lifespan startup errors previously exited with a mix of 0, 1 and 3 (#3001)
  • Stop the multiprocess supervisor when a worker exits with code 3 instead of restarting it forever (#3001)
  • Default --ws auto to websockets-sansio when websockets is installed (#2985)
  • Skip the eager app import in the parent process with --reload or --workers, fixing a memory regression introduced in 0.47.0 (#3012)
  • Build a fresh asgi scope dict per request (#2977)
  • Cache the asgi scope sub-dict per connection (#2976)
  • Avoid copying single-frame WebSocket payloads in websockets-sansio (#2983)
  • Memoize trusted host checks in ProxyHeadersMiddleware (#2970)
  • Replace click.style with an internal ANSI style helper (#2981)

Deprecated

  • Deprecate the legacy websockets implementation; use websockets-sansio or wsproto instead (#2985)
Commits
  • a1b570c Version 0.50.2 (#3022)
  • 83c7da7 Require websockets>=13.0 for the default sansio implementation (#3021)
  • b4d0116 Version 0.50.1 (#3020)
  • 2a9151d Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansi...
  • 1bf3ab4 Cover the excluded-directory branch in FileFilter with a direct test (#3014)
  • 837b5f9 Deflake multiprocess, reload, and signal supervisor tests (#2975)
  • 21d2c16 Version 0.50.0 (#3013)
  • 6c42e8d Skip the eager app import in the parent when spawning workers (#3012)
  • 56a4631 Exit with a dedicated code on startup failure and stop the supervisor when a ...
  • 3314dfc chore(deps): bump the github-actions group with 4 updates (#3007)
  • Additional commits viewable in compare view

Updates sentry-sdk from 2.63.0 to 2.64.0

Release notes

Sourced from sentry-sdk's releases.

2.64.0

The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated. To keep the previous behavior, set stream_gen_ai_spans=False.

Self-hosted Sentry users should opt out with stream_gen_ai_spans=False, since streamed gen_ai spans may not be ingested by their Sentry instance.

Bug Fixes 🐛

Documentation 📚

Internal Changes 🔧

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.64.0

The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated. To keep the previous behavior, set stream_gen_ai_spans=False.

Self-hosted Sentry users should opt out with stream_gen_ai_spans=False, since streamed gen_ai spans may not be ingested by their Sentry instance.

Bug Fixes 🐛

Documentation 📚

Internal Changes 🔧

... (truncated)

Commits
  • 9cb0167 Call out changed stream_gen_ai_spans default value
  • bdbe208 Update CHANGELOG.md
  • 8966e45 release: 2.64.0
  • 7074643 ci: 🤖 Update test matrix with new releases (06/29) (#6682)
  • b0f319f (test): exclude django 6.1 alphas and betas from tox (#6690)
  • a661615 (test): need to include the alpha tag for mcp package inclusion (#6688)
  • 9c83606 ci(mcp): Pin mcp package to <2.0.0 while alphas are in flight (#6687)
  • 1dd161d feat: Set sentry.trace_lifecycle attr in span streaming (#6684)
  • 5dabd02 fix(pydantic-ai): Stop truncating in the streaming trace lifecycle (#6659)
  • 7991f71 ref: Make stream_gen_ai_spans opt out (#6658)
  • Additional commits viewable in compare view

Updates coverage from 7.14.3 to 7.15.0

Changelog

Sourced from coverage's changelog.

Version 7.15.0 — 2026-07-02

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now those commands have a new option --keep-combined to retain the data files after combining them instead of the default, which is to delete them. Finishes issue 2198_.

  • Fix: the LCOV report would incorrectly count excluded functions as uncovered, as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen <pull 2206_>.

  • When running your program, coverage now correctly sets yourmodule.__spec__.loader as strongly recommended <--loader--_>, avoiding the deprecation warning described in issue 2208. Thanks, A5rocks <pull 2209_>_.

  • Fix: with Python 3.10, running with the -I (isolated mode) option didn't correctly omit the current directory from the module search path, as described in issue 2103. That is now fixed thanks to Ilia Sorokin <pull 2211_>.

.. --loader--: https://docs.python.org/3/reference/datamodel.html#module.__loader_ .. _issue 2103: coveragepy/coveragepy#2103 .. _issue 2198: coveragepy/coveragepy#2198 .. _issue 2205: coveragepy/coveragepy#2205 .. _pull 2206: coveragepy/coveragepy#2206 .. _issue 2208: coveragepy/coveragepy#2208 .. _pull 2209: coveragepy/coveragepy#2209 .. _pull 2211: coveragepy/coveragepy#2211

.. _changes_7-14-3:

Commits
  • c8c8020 docs: sample HTML for 7.15.0
  • ae19db1 docs: prep for 7.15.0
  • 17b45a1 docs: --keep-combined in the man page
  • 6f9fa1e fix: preserve isolated sys.path on Python 3.10 (#2211)
  • 787af5f chore: bump actions/checkout in the action-dependencies group (#2210)
  • 1ed3998 fix: start attaching the loader on __spec__ #2208 (#2209)
  • 1ab1122 docs: remove stray comma
  • f24a91f feat: --keep-combined for reporting commands. #2198
  • 5e70751 test: canonicalize mock calls in test_cmdline to reduce diff noise
  • 65979cc fix: skip excluded functions in LCOV function totals (#2206)
  • Additional commits viewable in compare view

Updates filelock from 3.29.4 to 3.29.5

Release notes

Sourced from filelock's releases.

3.29.5

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.29.4...3.29.5

Commits
  • be56227 lifetime: reject negative, non-numeric, and bool values at the setter (#573)
  • 1f6cde4 roll back a read acquire's open transaction when its SELECT fails (#575)
  • c76dee6 test: fix Windows type check broken by #577 (#580)
  • ea594a5 Keep Unix lock files after release (#577)
  • 7595a7b use a private break name in break_lock_file (#576)
  • 0b707fe [pre-commit.ci] pre-commit autoupdate (#572)
  • 22ecd6a don't complete a writer acquire on a peer's reclaimed marker (#571)
  • 70ecdb2 build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#570)
  • dbcc83a [pre-commit.ci] pre-commit autoupdate (#568)
  • 022394c don't follow symlinks in raise_on_not_writable_file (#567)
  • Additional commits viewable in compare view

Updates pillow from 12.2.0 to 12.3.0

Release notes

Sourced from pillow's releases.

12.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.3.0.html

Removals

Documentation

Dependencies

Bumps the python-minor group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [dash](https://github.com/plotly/dash) | `4.3.0` | `4.4.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.138.2` | `0.139.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.49.0` | `0.50.2` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.63.0` | `2.64.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.14.3` | `7.15.0` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.29.4` | `3.29.5` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.15.0` | `4.16.0` |
| [fastapi-cli](https://github.com/fastapi/fastapi-cli) | `0.0.27` | `0.0.28` |
| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.22.1` | `2.23.0` |
| [nvidia-cudnn-cu12](https://developer.nvidia.com/cuda-zone) | `9.23.2.1` | `9.24.0.43` |
| [nvidia-nvshmem-cu12](https://developer.nvidia.com/cuda-zone) | `3.7.0` | `3.7.1` |


Updates `dash` from 4.3.0 to 4.4.0
- [Release notes](https://github.com/plotly/dash/releases)
- [Changelog](https://github.com/plotly/dash/blob/dev/CHANGELOG.md)
- [Commits](plotly/dash@v4.3.0...v4.4.0)

Updates `fastapi` from 0.138.2 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.2...0.139.0)

Updates `uvicorn` from 0.49.0 to 0.50.2
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.2)

Updates `sentry-sdk` from 2.63.0 to 2.64.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.63.0...2.64.0)

Updates `coverage` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

Updates `filelock` from 3.29.4 to 3.29.5
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.4...3.29.5)

Updates `pillow` from 12.2.0 to 12.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.2.0...12.3.0)

Updates `typing-extensions` from 4.15.0 to 4.16.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.15.0...4.16.0)

Updates `fastapi-cli` from 0.0.27 to 0.0.28
- [Release notes](https://github.com/fastapi/fastapi-cli/releases)
- [Changelog](https://github.com/fastapi/fastapi-cli/blob/main/release-notes.md)
- [Commits](fastapi/fastapi-cli@0.0.27...0.0.28)

Updates `narwhals` from 2.22.1 to 2.23.0
- [Release notes](https://github.com/narwhals-dev/narwhals/releases)
- [Commits](narwhals-dev/narwhals@v2.22.1...v2.23.0)

Updates `nvidia-cudnn-cu12` from 9.23.2.1 to 9.24.0.43

Updates `nvidia-nvshmem-cu12` from 3.7.0 to 3.7.1

---
updated-dependencies:
- dependency-name: dash
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: uvicorn
  dependency-version: 0.50.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: sentry-sdk
  dependency-version: 2.64.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: coverage
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: filelock
  dependency-version: 3.29.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: pillow
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: typing-extensions
  dependency-version: 4.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: fastapi-cli
  dependency-version: 0.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: narwhals
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: nvidia-cudnn-cu12
  dependency-version: 9.24.0.43
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: nvidia-nvshmem-cu12
  dependency-version: 3.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from pcalnon as a code owner July 6, 2026 14:17
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@pcalnon pcalnon self-assigned this Jul 6, 2026
@pcalnon pcalnon merged commit c9652ee into main Jul 6, 2026
26 of 27 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/python-minor-5c8366d22c branch July 6, 2026 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant