Skip to content

Bump the dependencies group across 1 directory with 28 updates#1102

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-6c2db31058
Closed

Bump the dependencies group across 1 directory with 28 updates#1102
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-6c2db31058

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the dependencies group with 28 updates in the / directory:

Package From To
pydantic 2.13.3 2.13.4
pymongo 4.10.1 4.17.0
paramiko 3.5.1 5.0.0
boto3 1.42.96 1.42.97
azure-storage-blob 12.27.1 12.29.0
responses 0.21.0 0.26.1
botocore 1.42.96 1.42.97
cryptography 47.0.0 48.0.0
pydantic-core 2.46.3 2.46.4
pytz 2026.1.post1 2026.2
urllib3 1.26.20 2.6.3
certifi 2026.4.22 2026.5.20
decorator 5.2.1 5.3.1
idna 3.13 3.17
lxml 6.1.0 6.1.1
matplotlib-inline 0.2.1 0.2.2
mpmath 1.3.0 1.4.1
msal 1.36.0 1.37.0
narwhals 2.20.0 2.21.0
parso 0.8.6 0.8.7
pyjwt 2.12.1 2.13.0
pymdown-extensions 10.21.2 10.21.3
python-discovery 1.2.2 1.4.0
ruff 0.15.12 0.15.15
textual 8.2.4 8.2.7
traitlets 5.14.3 5.15.0
virtualenv 21.2.4 21.4.2
wcwidth 0.6.0 0.7.0

Updates pydantic from 2.13.3 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • See full diff in compare view

Updates pymongo from 4.10.1 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.17.0 (2026/04/20)

PyMongo 4.17 brings a number of changes including:

  • has_key, iterkeys and itervalues in :class:bson.son.SON have been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator in and the keys() and values() methods, respectively.
  • Added the :meth:~pymongo.asynchronous.client_session.AsyncClientSession.bind and :meth:~pymongo.client_session.ClientSession.bind methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See the Transactions docs <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/crud/transactions/#methods>_ for examples and more information.
  • Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. See the IWM <https://www.mongodb.com/docs/atlas/intelligent-workload-management>_ or Overload Errors <https://www.mongodb.com/docs/atlas/overload-errors/?interface=driver&language=python>_ docs for more information.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

  • Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
  • PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
  • Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
  • Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
  • Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
  • Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
  • Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Changes in Version 4.15.5 (2025/12/02)

Version 4.15.5 is a bug fix release.

  • Fixed a bug that could cause AutoReconnect("connection pool paused") errors when cursors fetched more documents from the database after SDAM heartbeat failures.

Changes in Version 4.15.4 (2025/10/21)

Version 4.15.4 is a bug fix release.

  • Relaxed the callback type of :meth:~pymongo.asynchronous.client_session.AsyncClientSession.with_transaction to allow the broader Awaitable type rather than only Coroutine objects.
  • Added the missing Python 3.14 trove classifier to the package metadata.

... (truncated)

Commits
  • f2103a9 Prep branch v4.17
  • 3491c08 PYTHON-5801 - Update changelog for 4.17 release (#2762)
  • 912ef33 PYTHON-5798 - Overload retargeting prose tests do not ensure that sec… (#2760)
  • b4e2c03 PYTHON-5800 - Simple collation is included in index information (#2761)
  • f31ba09 PYTHON-5797 - Add IWM and Overload Error links to changelog (#2757)
  • 5da9183 PYTHON-5794 - Add prose tests to verify correct retry behavior when a… (#2755)
  • 35e51a5 Revert "PYTHON-5768 Add AGENTS.md w/copilot instructions" (#2744) (#2754)
  • f41dd5c PYTHON-5772 Increase _gcp_helpers.py coverage (#2749)
  • 49e7a05 PYTHON-5760 Increase _azure_helpers.py coverage (#2747)
  • a2b0cd8 PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md (#2756)
  • Additional commits viewable in compare view

Updates paramiko from 3.5.1 to 5.0.0

Commits
  • 710cc5c What's a few weeks between friends?
  • ea93c59 Fix up Ed25519Key so it has non-erroring repr() during fatal errors
  • 5b90ef9 ruff/isort
  • f3864b6 Changelog fixes
  • acd4bc1 Replace hardcoded PEM format in PKey.write* with new parameter
  • 6fa1556 Bump group-exchange kex min_bits to 2048
  • eb87ad3 Fix some tests that were incorrectly passing
  • 1ecc933 Remove GSSAPI support :(
  • 9bf5fca Remove SHA1-based (non-GSS) kex methods
  • b8f75c7 Lintin' ain't easy
  • Additional commits viewable in compare view

Updates boto3 from 1.42.96 to 1.42.97

Commits

Updates azure-storage-blob from 12.27.1 to 12.29.0

Release notes

Sourced from azure-storage-blob's releases.

azure-storage-blob_12.29.0

12.29.0 (2026-05-14)

Features Added

  • Stable release of features from 12.29.0b1

Bugs Fixed

  • Fixed an issue where BlobClient's download_blob did not retry upon ServiceReponseError and ServiceResponseTimeoutError exceptions
  • Fixed various issues with configuring logging via logging_enable and logging_body keywords on a per-request basis and with retries. Prior to this fix logging may have not behaved as expected, especially on retries.
  • Fix a potential memory leak caused by improper exception handling that could occur under rare circumstances.
Commits
  • e73548b Release date
  • 60f7b16 Changed release date
  • 5280297 Modified release date to 5/12/2026
  • 15e1ae9 NO_CI [Doc] Update references to wiki pages (#46169)
  • 3f5c4d2 cibuildwheel not necessary in build-system metadata for `azure-storage-ex...
  • 5b5b757 Modified release date to 2026-05-11
  • 8b9a3e5 [Storage][101] Cherry pick recent fixes and release prep (#46659)
  • fdae976 Merge branch 'main' into release/storage/stg101
  • 1e540de Fix typing contract for max_concurrency in File Share client (#45637)
  • fa44dea Fix typing contract for max_concurrency in Datalake client (#45631)
  • Additional commits viewable in compare view

Updates responses from 0.21.0 to 0.26.1

Release notes

Sourced from responses's releases.

0.26.1

  • Added Spanish translation of the README (README.es.rst)
  • When both content_type and headers['content-type'] are in a response mock file, content_type is now used.
  • Added strict_match to urlencoded_params_matcher, enabling partial request parameter matching.

0.26.0

  • When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
  • Consider the Retry-After header when handling retries

0.25.8

  • Fix bug where the content type is always recorded as either text/plain or application/json. See #770
  • Allow asserts on add_callback() matches. See #727

0.25.7

  • Added support for python 3.13

0.25.6

No release notes provided.

0.25.5

No release notes provided.

0.25.3

  • Fixed recorder not saving and loading response headers with yaml files. See #715

0.25.2

  • Mulligan on 0.25.1 to run release pipeline correctly.
  • Added matchers.body_matcher for matching string request bodies. See #717

Responses 0.25.1

What's Changed

New Contributors

Full Changelog: getsentry/responses@0.25.0...0.25.1

0.25.0

  • Added support for Python 3.12
  • Fixed matchers.header_matcher not failing when a matched header is missing from the request. See #702

... (truncated)

Changelog

Sourced from responses's changelog.

0.26.1

  • Added Spanish translation of the README (README.es.rst)
  • When both content_type and headers['content-type'] are in a response mock file, content_type is now used.
  • Added strict_match to urlencoded_params_matcher, enabling partial request parameter matching.

0.26.0

  • When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
  • Consider the Retry-After header when handling retries

0.25.8

  • Fix bug where the content type is always recorded as either text/plain or application/json. See #770
  • Allow asserts on add_callback() matches. See #727

0.25.7

  • Added support for python 3.13

0.25.6

  • Added py.typed to package_data

0.25.5

  • Fix readme issue that prevented 0.25.4 from being published to pypi.

0.25.4

  • Responses can now match requests that use data with file-like objects. Files will be read as bytes and stored in the request mock. See #736
  • RequestsMock.matchers was added. This property is an alias to responses.matchers. See #739
  • Removed tests from packaged wheels. See #746
  • Improved recorder API to ease use in REPL environments. See #745

... (truncated)

Commits
  • 7a80232 release: 0.26.1
  • 1fda897 Add strict_match parameter to urlencoded_params_matcher (#796)
  • ab8d480 chore: Fix lint build and update changes (#795)
  • 71be9a2 fix: remove content-type from headers in _add_from_file to avoid RuntimeError...
  • 84c2b08 Add Spanish translation of the README documentation (#790)
  • 3da192e chore: pin GitHub Actions to full-length commit SHAs (#789)
  • cc53d77 Merge branch 'release/0.26.0'
  • 94913d0 release: 0.26.0
  • 051b79e Make assert_all_requests_are_fired always assert on exception (#782)
  • 0905cb8 Fix query_param_matcher not matching empty query parameter values (#787)
  • Additional commits viewable in compare view

Updates botocore from 1.42.96 to 1.42.97

Commits

Updates cryptography from 47.0.0 to 48.0.0

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04


* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

    

  • Note: Going forward, we do not guarantee that all functionality
    
in cryptography will be available when building against
    
OpenSSL. See :doc:/statements/state-of-openssl for more information.
    • 



.. _v47-0-0:

Commits

Updates pydantic-core from 2.46.3 to 2.46.4

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • See full diff in compare view

Updates pytz from 2026.1.post1 to 2026.2

Commits

Updates urllib3 from 1.26.20 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)

2.6.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)

[!IMPORTANT]

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

  • Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

2.6.2 (2025-12-11)

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

2.6.0 (2025-12-05)

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using

... (truncated)

Commits
  • 0248277 Release 2.6.3
  • 8864ac4 Merge commit from fork
  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
  • 34284cb Mention experimental features in the security policy (#3746)
  • Additional commits viewable in compare view

Updates certifi from 2026.4.22 to 2026.5.20

Commits

Updates decorator from 5.2.1 to 5.3.1

Changelog

Sourced from decorator's changelog.

5.3.1 (2026-05-18)

Added license SPDX identifier to pyproject.toml (reported by Christian Lackas).

5.3.0 (2026-05-17)

Added official support for Python 3.14 (thanks to Hugo van Kemenade, David Cain and the GitHub user bersbersbers). Fixed a bug with "return await" contributed by Kadir Can Ozden. Moved decorator.py to a package structure (decorator/__init__.py) and added a stub file (decorator/__init__.pyi) contributed by Marco Gorelli.

Commits

Updates idna from 3.13 to 3.17

Changelog

Sourced from idna's changelog.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

Commits

@dependabot
Bump the dependencies group across 1 directory with 28 updates
529e58f 
Bumps the dependencies group with 28 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |
| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.10.1` | `4.17.0` |
| [paramiko](https://github.com/paramiko/paramiko) | `3.5.1` | `5.0.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.42.97` |
| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.27.1` | `12.29.0` |
| [responses](https://github.com/getsentry/responses) | `0.21.0` | `0.26.1` |
| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.42.97` |
| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |
| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.3` | `2.46.4` |
| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |
| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |
| [idna](https://github.com/kjd/idna) | `3.13` | `3.17` |
| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |
| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |
| [mpmath](https://github.com/mpmath/mpmath) | `1.3.0` | `1.4.1` |
| [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) | `1.36.0` | `1.37.0` |
| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.20.0` | `2.21.0` |
| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |
| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.21.2` | `10.21.3` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.4.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |
| [textual](https://github.com/Textualize/textual) | `8.2.4` | `8.2.7` |
| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.0` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.4.2` |
| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |



Updates `pydantic` from 2.13.3 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.3...v2.13.4)

Updates `pymongo` from 4.10.1 to 4.17.0
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.10.1...4.17.0)

Updates `paramiko` from 3.5.1 to 5.0.0
- [Commits](paramiko/paramiko@3.5.1...5.0.0)

Updates `boto3` from 1.42.96 to 1.42.97
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.96...1.42.97)

Updates `azure-storage-blob` from 12.27.1 to 12.29.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.27.1...azure-storage-blob_12.29.0)

Updates `responses` from 0.21.0 to 0.26.1
- [Release notes](https://github.com/getsentry/responses/releases)
- [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES)
- [Commits](getsentry/responses@0.21.0...0.26.1)

Updates `botocore` from 1.42.96 to 1.42.97
- [Commits](boto/botocore@1.42.96...1.42.97)

Updates `cryptography` from 47.0.0 to 48.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@47.0.0...48.0.0)

Updates `pydantic-core` from 2.46.3 to 2.46.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@core-v2.46.3...core-v2.46.4)

Updates `pytz` from 2026.1.post1 to 2026.2
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](stub42/pytz@release_2026.1.post1...release_2026.2)

Updates `urllib3` from 1.26.20 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.20...2.6.3)

Updates `certifi` from 2026.4.22 to 2026.5.20
- [Commits](certifi/python-certifi@2026.04.22...2026.05.20)

Updates `decorator` from 5.2.1 to 5.3.1
- [Release notes](https://github.com/micheles/decorator/releases)
- [Changelog](https://github.com/micheles/decorator/blob/master/CHANGES.md)
- [Commits](micheles/decorator@5.2.1...5.3.1)

Updates `idna` from 3.13 to 3.17
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.13...v3.17)

Updates `lxml` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.1.0...lxml-6.1.1)

Updates `matplotlib-inline` from 0.2.1 to 0.2.2
- [Commits](ipython/matplotlib-inline@0.2.1...0.2.2)

Updates `mpmath` from 1.3.0 to 1.4.1
- [Release notes](https://github.com/mpmath/mpmath/releases)
- [Changelog](https://github.com/mpmath/mpmath/blob/master/CHANGES)
- [Commits](mpmath/mpmath@1.3.0...1.4.1)

Updates `msal` from 1.36.0 to 1.37.0
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASE_GUIDE.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.36.0...1.37.0)

Updates `narwhals` from 2.20.0 to 2.21.0
- [Release notes](https://github.com/narwhals-dev/narwhals/releases)
- [Commits](narwhals-dev/narwhals@v2.20.0...v2.21.0)

Updates `parso` from 0.8.6 to 0.8.7
- [Changelog](https://github.com/davidhalter/parso/blob/master/CHANGELOG.rst)
- [Commits](davidhalter/parso@v0.8.6...v0.8.7)

Updates `pyjwt` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.12.1...2.13.0)

Updates `pymdown-extensions` from 10.21.2 to 10.21.3
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@10.21.2...10.21.3)

Updates `python-discovery` from 1.2.2 to 1.4.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Changelog](https://github.com/tox-dev/python-discovery/blob/main/docs/changelog.rst)
- [Commits](tox-dev/python-discovery@1.2.2...1.4.0)

Updates `ruff` from 0.15.12 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.15)

Updates `textual` from 8.2.4 to 8.2.7
- [Release notes](https://github.com/Textualize/textual/releases)
- [Changelog](https://github.com/Textualize/textual/blob/main/CHANGELOG.md)
- [Commits](Textualize/textual@v8.2.4...v8.2.7)

Updates `traitlets` from 5.14.3 to 5.15.0
- [Release notes](https://github.com/ipython/traitlets/releases)
- [Changelog](https://github.com/ipython/traitlets/blob/main/CHANGELOG.md)
- [Commits](ipython/traitlets@v5.14.3...v5.15.0)

Updates `virtualenv` from 21.2.4 to 21.4.2
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.2.4...21.4.2)

Updates `wcwidth` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/jquast/wcwidth/releases)
- [Commits](jquast/wcwidth@0.6.0...0.7.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pymongo
  dependency-version: 4.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: paramiko
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.97
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: azure-storage-blob
  dependency-version: 12.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: responses
  dependency-version: 0.26.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.97
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: cryptography
  dependency-version: 48.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pydantic-core
  dependency-version: 2.46.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pytz
  dependency-version: '2026.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: certifi
  dependency-version: 2026.5.20
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: decorator
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: idna
  dependency-version: '3.17'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: matplotlib-inline
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: mpmath
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: msal
  dependency-version: 1.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: narwhals
  dependency-version: 2.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: parso
  dependency-version: 0.8.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pyjwt
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pymdown-extensions
  dependency-version: 10.21.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: textual
  dependency-version: 8.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: traitlets
  dependency-version: 5.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: virtualenv
  dependency-version: 21.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wcwidth
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 21, 2026
@dependabot dependabot Bot deleted the dependabot/pip/dependencies-6c2db31058 branch June 21, 2026 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants