Skip to content

chore(deps): bump the uv group across 1 directory with 11 updates#212

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-e8fbf84b48
Open

chore(deps): bump the uv group across 1 directory with 11 updates#212
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-e8fbf84b48

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 11 updates in the / directory:

Package From To
marimo 0.23.6 0.23.9
authlib 1.6.9 1.6.12
bleach 6.3.0 6.4.0
cryptography 46.0.7 48.0.1
idna 3.11 3.15
mistune 3.2.0 3.3.0
nbconvert 7.17.0 7.17.1
soupsieve 2.8.3 2.8.4
starlette 0.52.1 1.3.1
tornado 6.5.5 6.5.7
urllib3 2.6.3 2.7.0

Updates marimo from 0.23.6 to 0.23.9

Release notes

Sourced from marimo's releases.

0.23.9

What's Changed

This release makes opening a notebook in a second tab non-destructive, mo.ui.table adds new args for hidden_columns/visible_columns (mutually exclusive), and tightens sharing and error-output behavior across the board.

⭐️ Highlights

Open the same notebook in a second tab

Opening a notebook in a second browser tab no longer forcibly disconnects the first. The new tab joins as a live, read-only viewer, and you can take over editing from either side with a single click — no destructive modal and no reload required (#9746).

Show and hide table columns

mo.ui.table now supports column visibility. Hide and show columns from the column header menu, Column Explorer with a click, find columns fast with smart prefix-based search, and control initial visibility from Python. A hidden-count and "Unhide all" link keep things discoverable (#9687, #9696).

Cells with no output now show in slides

Because slides allow code edits, a slide edited to no longer produce an output used to disappear from the deck entirely. Such cells now appear in the slides minimap and viewer so you can edit them back in (they're still skipped during a presentation). Minimap thumbnails are also larger and more readable (#9771).

✨ Enhancements

  • Add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
  • Non-destructive local takeover (read-only viewer + bidirectional takeover) (#9746)
  • Add cells with no output to the minimap & viewer (#9771)
  • Add GET /api/kernel/status endpoint (#9768)
  • Enforce sharing config as server-side security (#9578)
  • Add filter param for regex and callable filtering (#9667)
  • Slides config panel open by default (#9737)
  • Add pair with agent link (#9738)
  • Add Opus 4.8 and script to append models to the top (#9723)
  • Remove mapping for 'src' to 'auto-mix-prep' (#9725)
  • Add workflow to automate running llm-sync-models script (#9724)
  • Automation script to pull models.yml (#9635)
  • Support Dremio ADBC data source browsing (#9694)
  • Add auto_close_pairs setting (#9711)
  • WASM compatibility rule checks (#9587)
  • Fix dropped error hints and improve error output UI (#9673)
  • Column Explorer visibility controls + smart-search (#9696)
  • Sort toml entries when writing config (#9686)

... (truncated)

Commits
  • c3c0ee3 release: 0.23.9 (#9790)
  • fdd55c8 fix: escape user-controlled file_key in service worker injection (#9789)
  • dc35cdf feat(sharing): add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
  • 6dcaff7 feat: non-destructive local takeover (read-only viewer + bidirectional takeov...
  • d0352e2 slides: add cells with no output to the minimap & viewer (#9771)
  • d9ab41a fix completions in slides view (#9769)
  • c0f07c0 fix: arg/kwarg collision for local numpy vars in caching (#9751)
  • 8d6e540 feat(server): add GET /api/kernel/status endpoint (#9768)
  • e55e7ba fix(runtime): don't shadow builtin print unless mo.Thread is used (#9765) (#9...
  • 4d47f09 fix(lsp): suppress marimo hover tooltip for all LSP providers, not just pylsp...
  • Additional commits viewable in compare view

Updates authlib from 1.6.9 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.6.12

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

  • Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.
Changelog

Sourced from authlib's changelog.

Version 1.6.12

Released on may 4, 2026

  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Version 1.6.11

Released on Apr 16, 2026

  • Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Version 1.6.10

Released on Apr 13, 2026

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.
Commits
  • e46e515 chore: bump to 1.6.12
  • 9babc13 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • 0dc0e5b chore: bump to 1.6.11
  • aa7b8e4 Merge commit from fork
  • 401a770 fix: CSRF issue with starlette client
  • ef09aeb chore: release 1.6.10
  • 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
  • See full diff in compare view

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

  • Dropped support for pypy 3.10. (#764)

Security fixes

  • Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

    Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

    For example::

    import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

    outputs::

    'Click'

    See the advisory for details.

  • Fix GHSA-gj48-438w-jh9v.

    Fix issue where URI sanitization wasn't happening in formaction attributes.

    See the advisory for details.

Bug fixes

  • Add support for pypy 3.11. (#764)

  • Drop version max in tinycss2 pin. (#772)

    This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits
  • f0355a7 fix: fix last release date in CHANGES
  • ae4e8a2 chore: bleach 6.4.0 and final release
  • 970df58 fix: uri-sanitization in formaction attributes
  • 7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
  • 913ab75 fix: reduce redundancy in workflow jobs
  • 218c15a fix: rework pip caching
  • 4f0b097 fix: fix tox platform restrictions
  • e95a79d chore: update pytest
  • 91539d4 Bump actions/cache from 5.0.3 to 5.0.4
  • cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
  • Additional commits viewable in compare view

Updates cryptography from 46.0.7 to 48.0.1

Changelog

Sourced from cryptography's changelog.

48.0.1 - 2026-06-09


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.

.. _v48-0-0:

48.0.0 - 2026-05-04

  • BACKWARDS INCOMPATIBLE: Support for Python 3.8 has been removed. cryptography now requires Python 3.9 or later.

  • BACKWARDS INCOMPATIBLE: Loading an X.509 CRL whose inner TBSCertList.signature algorithm does not match the outer signatureAlgorithm now raises ValueError. Previously, such CRLs were parsed successfully and only rejected during signature validation.

  • Added support for :doc:/hazmat/primitives/asymmetric/mlkem and :doc:/hazmat/primitives/asymmetric/mldsa when using OpenSSL 3.5.0 or later, in addition to the existing AWS-LC and BoringSSL support. This means post-quantum algorithms are now available to users of our wheels.

    • Note: Going forward, we do not guarantee that all functionality in cryptography will be available when building against OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

47.0.0 - 2026-04-24


* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
</tr></table> 

... (truncated)

Commits

Updates idna from 3.11 to 3.15

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

  • Correct classification error for codepoint U+A7F1

3.12 (2026-04-21)

  • Update to Unicode 17.0.0.
  • Issue a deprecation warning for the transitional argument.
  • Added lazy-loading to provide some performance improvements.
  • Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits
  • af30a09 Release 3.15
  • 30314d4 Pre-release 3.15rc0
  • 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
  • 2987fdb Convert README and HISTORY from reStructuredText to Markdown
  • 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
  • def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
  • bbd8004 Merge pull request #234 from StanFromIreland/patch-1
  • edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
  • 5557db0 Merge branch 'master' into patch-1
  • f11746c Merge pull request #235 from StanFromIreland/patch-2
  • Additional commits viewable in compare view

Updates mistune from 3.2.0 to 3.3.0

Release notes

Sourced from mistune's releases.

v3.3.0

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v3.2.1

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from mistune's changelog.

Version 3.3.0

Released on Jun 21, 2026

  • Improve CommonMark compatibility and parser performance.
  • Add command line entrypoint with UTF-8 output.
  • Support display and backtick math.
  • Render plugin list and table nodes in Markdown renderer.
  • Escape leading block markers in Markdown renderer.
  • Fix RST renderer for block quotes nested in lists.
  • Avoid generated heading ID collisions in TOC.
  • Harden URL, image, figure, and include directive handling.
  • Fix quadratic scans in inline links, reference links, and formatting markers.
  • Fix math escaping, currency pattern matching, and cross-line matching.

Version 3.2.1

Released on May 3, 2026

  • Escape link in render_toc_ul.
  • Escape text in math plugin.
  • Fix regex for math plugin.
  • Escape heading's ID attribute.
  • Fix LINK_TITLE_RE to prevent DoS.
  • Escape class attribute for admonition directive.
  • Remove double-encoding of image alt text.
  • Escape class attribute for image directive.
  • Fix width/height attribute for image directive.
Commits
  • 15c3b79 chore: release 3.3.0
  • bdc01ad tests: increase run time on pypy
  • 7cf1814 tests: increase run time for pypy
  • 6dfdc3d tests: add more tests
  • 17c50f6 chore: fix mypy issues
  • 63abe4b chore: use ruff check and format
  • e6c1b18 chore: resolve mypy issues
  • dcf8902 test(math): cover escaped math output
  • c4093c4 fix(toc): avoid generated id collisions
  • e3e51de fix(image): validate figure width option
  • Additional commits viewable in compare view

Updates nbconvert from 7.17.0 to 7.17.1

Release notes

Sourced from nbconvert's releases.

v7.17.1

7.17.1

This is a security release, fixing two CVEs:

(full advisories will be published seven days after release, on 2026-04-14).

(Full Changelog)

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​akhmerov (activity) | @​bollwyvl (activity) | @​Carreau (activity) | @​ctcjab (activity) | @​davidbrochart (activity) | @​Ken-B (activity) | @​krassowski (activity) | @​mgeier (activity) | @​minrk (activity) | @​mpacer (activity) | @​MSeal (activity) | @​SylvainCorlay (activity) | @​takluyver (activity) | @​timkpaine (activity)

Changelog

Sourced from nbconvert's changelog.

7.17.1

This is a security release, fixing two CVEs:

(full advisories will be published seven days after release, on 2026-04-14).

(Full Changelog)

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​akhmerov (activity) | @​bollwyvl (activity) | @​Carreau (activity) | @​ctcjab (activity) | @​davidbrochart (activity) | @​Ken-B (activity) | @​krassowski (activity) | @​mgeier (activity) | @​minrk (activity) | @​mpacer (activity) | @​MSeal (activity) | @​SylvainCorlay (activity) | @​takluyver (activity) | @​timkpaine (activity)

Commits

Updates soupsieve from 2.8.3 to 2.8.4

Release notes

Sourced from soupsieve's releases.

2.8.4

  • FIX: Fix another inefficient attribute pattern (@​mauriceng98).
  • FIX: Limit total number of selectors processed in a pattern to prevent massive selector requests (@​mauriceng98).
Commits

Updates starlette from 0.52.1 to 1.3.1

Release notes

Sourced from starlette's releases.

Version 1.3.1

What's Changed

Full Changelog: Kludex/starlette@1.3.0...1.3.1

Version 1.3.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.2.1...1.3.0

Version 1.2.1

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.2.0...1.2.1

Version 1.2.0

What's Changed

Full Changelog: Kludex/starlette@1.1.0...1.2.0

Version 1.1.0

... (truncated)

Changelog

Sourced from starlette's changelog.

1.3.1 (June 12, 2026)

Fixed

  • Enforce max_fields and max_part_size in FormParser #3329.
  • Enforce FormParser limits in parser callbacks #3331.

1.3.0 (June 11, 2026)

Added

  • Add httpx2 to the full extra #3323.
  • Annotate the URLPath protocol parameter with Literal #3285.

Fixed

  • Build request.url from structured components #3326.
  • Clamp oversized suffix ranges in FileResponse #3307.
  • Catch OSError alongside MultiPartException when closing temp files #3191.
  • Avoid collapsing exception groups raised from user code #2830.
  • Use removeprefix to strip the weak ETag indicator in is_not_modified #3193.
  • Fix IndexError in URL.replace() on a URL with no authority #3317.
  • Adjust testclient typing and warnings #3322.

1.2.1 (May 31, 2026)

Fixed

  • Use httpx2 for type checking in the testclient module #3304.
  • Add assert error for requires() when the request parameter is not a Request type #3298.

1.2.0 (May 28, 2026)

Added

  • Support httpx2 in the test client #3291.

1.1.0 (May 23, 2026)

Added

  • Use "application/octet-stream" as the FileResponse media type fallback #3283.

Fixed

  • Only dispatch standard HTTP verbs in HTTPEndpoint #3286.
  • Reject absolute paths in StaticFiles.lookup_path #3287.

1.0.1 (May 21, 2026)

... (truncated)

Commits
  • 8ebffd0 Version 1.3.1 (#3330)
  • 25b8e17 Enforce FormParser limits in parser callbacks (#3331)
  • dba1c4b Enforce max_fields and max_part_size in FormParser (#3329)
  • 45e51dc Use StarletteDeprecationWarning instead of DeprecationWarning (#3119)
  • 5f8610c Version 1.3.0 (#3327)
  • 167b585 Build request.url from structured components (#3326)
  • 3730925 Use removeprefix to strip weak ETag indicator in is_not_modified (#3193)
  • e6f7ad1 avoid collapsing exception groups from user code (#2830)
  • 115228f Annotate URLPath protocol parameter with Literal (#3285)
  • 113f193 docs: replace inline ASGI server list with link to canonical implemen… (#3204)
  • Additional commits viewable in compare view

Updates tornado from 6.5.5 to 6.5.7

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits
  • 48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
  • 4ae1ddd Release notes and version bump for 6.5.7
  • 3154caa curl_httpclient: Reset the curl object before putting it on the freelist
  • 7d869c0 Merge pull request #3631 from bdarnell/cve-links
  • 288241f docs: Use the correct link syntax
  • 8da981c docs: Add CVE links to 6.5.6 release notes
  • aba2569 Merge pull request #3626 from bdarnell/fixes-656
  • a24b260 httpclient_test: Accept an additional error message variant
  • a74240a Release notes and ver...

    Description has been truncated

Bumps the uv group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [marimo](https://github.com/marimo-team/marimo) | `0.23.6` | `0.23.9` |
| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.6.12` |
| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.7` | `48.0.1` |
| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |
| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.3.0` |
| [nbconvert](https://github.com/jupyter/nbconvert) | `7.17.0` | `7.17.1` |
| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |
| [starlette](https://github.com/Kludex/starlette) | `0.52.1` | `1.3.1` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |



Updates `marimo` from 0.23.6 to 0.23.9
- [Release notes](https://github.com/marimo-team/marimo/releases)
- [Commits](marimo-team/marimo@0.23.6...0.23.9)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.9...1.6.12)

Updates `bleach` from 6.3.0 to 6.4.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](mozilla/bleach@v6.3.0...v6.4.0)

Updates `cryptography` from 46.0.7 to 48.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.7...48.0.1)

Updates `idna` from 3.11 to 3.15
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.11...v3.15)

Updates `mistune` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst)
- [Commits](lepture/mistune@v3.2.0...v3.3.0)

Updates `nbconvert` from 7.17.0 to 7.17.1
- [Release notes](https://github.com/jupyter/nbconvert/releases)
- [Changelog](https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md)
- [Commits](jupyter/nbconvert@v7.17.0...v7.17.1)

Updates `soupsieve` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `starlette` from 0.52.1 to 1.3.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.52.1...1.3.1)

Updates `tornado` from 6.5.5 to 6.5.7
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.5...v6.5.7)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

---
updated-dependencies:
- dependency-name: marimo
  dependency-version: 0.23.9
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: bleach
  dependency-version: 6.4.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 48.0.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mistune
  dependency-version: 3.3.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nbconvert
  dependency-version: 7.17.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 1.3.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: tornado
  dependency-version: 6.5.7
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@dependabot dependabot Bot requested a review from jacksonpradolima as a code owner July 10, 2026 21:19
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code size/XS status/needs-review type/build type/config type/dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants