Skip to content

chore(deps): bump the all group across 1 directory with 15 updates#1402

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/all-cd956618d9
Open

chore(deps): bump the all group across 1 directory with 15 updates#1402
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/all-cd956618d9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 23, 2026

Bumps the all group with 13 updates in the / directory:

Package From To
fsspec 2026.3.0 2026.4.0
requests 2.33.1 2.34.2
black 26.3.1 26.5.0
uvicorn 0.46.0 0.47.0
starlette-cramjam 0.5.1 0.7.0
pydantic-settings 2.13.1 2.14.1
fastapi 0.135.2 0.136.1
geojson-pydantic 2.1.0 2.1.1
numpy 2.4.4 2.4.5
pydantic 2.12.5 2.13.4
rio-tiler 9.0.4 9.0.6
simplejson 3.20.2 4.1.1
xarray 2026.2.0 2026.4.0

Updates fsspec from 2026.3.0 to 2026.4.0

Commits

Updates s3fs from 2026.3.0 to 2026.4.0

Commits

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates black from 26.3.1 to 26.5.0

Release notes

Sourced from black's releases.

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

  • Improve parse error readability by showing multi-line output with an error pointer. (#5068)
  • Add SourceASTParseError to distinguish source parse failures from internal safety errors, improving error reporting when Black's lenient parser accepts input that ast.parse() rejects (#5080)

Blackd

  • Return HTTP 400 (Bad Request) for source parse failures instead of HTTP 500, keeping HTTP 500 only for genuine internal safety errors (#5080)

Integrations

  • Added documentation for doctest formatting tools and updated the integrations index to match (#4916)

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

  • Improve parse error readability by showing multi-line output with an error pointer. (#5068)
  • Add SourceASTParseError to distinguish source parse failures from internal safety errors, improving error reporting when Black's lenient parser accepts input that ast.parse() rejects (#5080)

Blackd

  • Return HTTP 400 (Bad Request) for source parse failures instead of HTTP 500, keeping HTTP 500 only for genuine internal safety errors (#5080)

Integrations

  • Added documentation for doctest formatting tools and updated the integrations index to match (#4916)

... (truncated)

Commits

Updates uvicorn from 0.46.0 to 0.47.0

Release notes

Sourced from uvicorn's releases.

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)
Commits
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • 6761b2c Remove Hugging Face sponsor block from docs (#2923)
  • 438f648 Surface sponsors on welcome page and sidebar (#2921)
  • 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
  • b499bc4 Eagerly import the ASGI app in the parent process (#2919)
  • See full diff in compare view

Updates starlette-cramjam from 0.5.1 to 0.7.0

Release notes

Sourced from starlette-cramjam's releases.

0.7.0

What's Changed

New Contributors

Full Changelog: developmentseed/starlette-cramjam@0.6.0...0.7.0

0.6.0

What's Changed

New Contributors

Full Changelog: developmentseed/starlette-cramjam@0.5.1...0.6.0

Changelog

Sourced from starlette-cramjam's changelog.

0.7.0 (2026-04-27)

  • change: skip compression for 204 NO_CONTENT response

0.6.0 (2026-01-15)

  • remove support for python 3.9 and 3.10
  • use uv for project managment
Commits
  • 333ce4e Bump version: 0.6.0 → 0.7.0
  • a6e7a78 Merge pull request #29 from developmentseed/feat/204-skip-compression
  • d828cdb feat: skip compression for 204 responses
  • 2ad507f Merge pull request #27 from developmentseed/dependabot/github_actions/all-205...
  • 0434be4 Merge pull request #28 from developmentseed/dependabot/uv/all-5035f4443d
  • 020ed0d Bump the all group across 1 directory with 4 updates
  • 1a10dae Bump the all group across 1 directory with 4 updates
  • b940e7a update pre-commit config
  • 67b68bd update release process
  • 7f8de06 Merge pull request #24 from developmentseed/fix/pin-github-actions
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.13.1 to 2.14.1

Release notes

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • 617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
  • Additional commits viewable in compare view

Updates fastapi from 0.135.2 to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

Internal

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

... (truncated)

Commits

Updates geojson-pydantic from 2.1.0 to 2.1.1

Release notes

Sourced from geojson-pydantic's releases.

2.1.1

What's Changed

New Contributors

Full Changelog: developmentseed/geojson-pydantic@2.1.0...2.1.1

Changelog

Sourced from geojson-pydantic's changelog.

[2.1.1] - 2026-04-07

Commits
  • 402ec8b Bump version: 2.1.0 → 2.1.1
  • 01ad63d update changelog
  • 0829967 update dependabot config
  • 742975e Merge pull request #185 from developmentseed/chore/switch-to-uv
  • 9642f63 chore: switch to uv
  • 73ed7d3 Merge pull request #184 from psobolewskiPhD/clear_ring_warning
  • 15627a8 style: run pre-commit
  • 4e063d6 fix codecov action
  • 7841dde Merge pull request #182 from developmentseed/dependabot/github_actions/action...
  • 8338493 Merge pull request #181 from developmentseed/dependabot/github_actions/codeco...
  • Additional commits viewable in compare view

Updates numpy from 2.4.4 to 2.4.5

Release notes

Sourced from numpy's releases.

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Aleksei Nikiforov
  • Anarion Zuo +
  • Ankit Ahlawat
  • Breno Favaretto +
  • Charles Harris
  • Igor Krivenko +
  • Ijtihed Kilani +
  • Joren Hammudoglu
  • Maarten Baert +
  • Matti Picus
  • Nathan Goldbaum
  • Praneeth Kodumagulla +
  • Ralf Gommers
  • RoomWithOutRoof +
  • Sebastian Berg
  • Warren Weckesser
  • div +

Pull requests merged

A total of 28 pull requests were merged for this release.

  • #31093: MAINT: Prepare 2.4.x for further development
  • #31182: TYP: fix np.shape assignability issue for python lists (#31171)
  • #31197: ENH: Return rank 0 for empty matrices in matrix_rank (#30422)
  • #31198: CI/BUG: add native jobs for s390x, fix bug in pack_inner...
  • #31199: BUG: f2py map complex_long_double to NPY_CLONGDOUBLE
  • #31205: MAINT: f2py: Stop setting re._MAXCACHE to 50.
  • #31206: BUG: fix heap buffer overflow in timedelta to string casts
  • #31207: MAINT: Rename ppc64le and s390x workflow (#31121)
  • #31208: BUG: Fix matvec/vecmat in-place aliasing (out=input produces...
  • #31209: TYP: tile: accept numpy scalars and arrays as second argument...
  • #31211: DEP: Undo deprecation for np.dtype() signature used by old pickles...
  • #31212: REV: Manual revert of float16 svml use (#31178)
  • #31222: TYP: ix_ fi...

    Description has been truncated

@dependabot
chore(deps): bump the all group across 1 directory with 15 updates
7ade9de 
Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.3.0` | `2026.4.0` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |
| [starlette-cramjam](https://github.com/developmentseed/starlette-cramjam) | `0.5.1` | `0.7.0` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.2` | `0.136.1` |
| [geojson-pydantic](https://github.com/developmentseed/geojson-pydantic) | `2.1.0` | `2.1.1` |
| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.5` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |
| [rio-tiler](https://github.com/cogeotiff/rio-tiler) | `9.0.4` | `9.0.6` |
| [simplejson](https://github.com/simplejson/simplejson) | `3.20.2` | `4.1.1` |
| [xarray](https://github.com/pydata/xarray) | `2026.2.0` | `2026.4.0` |



Updates `fsspec` from 2026.3.0 to 2026.4.0
- [Commits](fsspec/filesystem_spec@2026.3.0...2026.4.0)

Updates `s3fs` from 2026.3.0 to 2026.4.0
- [Changelog](https://github.com/fsspec/s3fs/blob/main/release-procedure.md)
- [Commits](fsspec/s3fs@2026.3.0...2026.4.0)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `black` from 26.3.1 to 26.5.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.0)

Updates `uvicorn` from 0.46.0 to 0.47.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.47.0)

Updates `starlette-cramjam` from 0.5.1 to 0.7.0
- [Release notes](https://github.com/developmentseed/starlette-cramjam/releases)
- [Changelog](https://github.com/developmentseed/starlette-cramjam/blob/main/CHANGES.md)
- [Commits](developmentseed/starlette-cramjam@0.5.1...0.7.0)

Updates `pydantic-settings` from 2.13.1 to 2.14.1
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.1)

Updates `fastapi` from 0.135.2 to 0.136.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.2...0.136.1)

Updates `geojson-pydantic` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/developmentseed/geojson-pydantic/releases)
- [Changelog](https://github.com/developmentseed/geojson-pydantic/blob/main/CHANGELOG.md)
- [Commits](developmentseed/geojson-pydantic@2.1.0...2.1.1)

Updates `numpy` from 2.4.4 to 2.4.5
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.4...v2.4.5)

Updates `pydantic` from 2.12.5 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.4)

Updates `rio-tiler` from 9.0.4 to 9.0.6
- [Release notes](https://github.com/cogeotiff/rio-tiler/releases)
- [Changelog](https://github.com/cogeotiff/rio-tiler/blob/main/CHANGES.md)
- [Commits](cogeotiff/rio-tiler@9.0.4...9.0.6)

Updates `simplejson` from 3.20.2 to 4.1.1
- [Release notes](https://github.com/simplejson/simplejson/releases)
- [Changelog](https://github.com/simplejson/simplejson/blob/main/CHANGES.txt)
- [Commits](simplejson/simplejson@v3.20.2...v4.1.1)

Updates `xarray` from 2026.2.0 to 2026.4.0
- [Release notes](https://github.com/pydata/xarray/releases)
- [Commits](pydata/xarray@v2026.02.0...v2026.04.0)

Updates `gcsfs` from 2026.3.0 to 2026.4.0
- [Release notes](https://github.com/fsspec/gcsfs/releases)
- [Commits](fsspec/gcsfs@2026.3.0...2026.4.0)

---
updated-dependencies:
- dependency-name: fsspec
  dependency-version: 2026.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: s3fs
  dependency-version: 2026.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: black
  dependency-version: 26.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: uvicorn
  dependency-version: 0.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: starlette-cramjam
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pydantic-settings
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fastapi
  dependency-version: 0.136.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: geojson-pydantic
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: numpy
  dependency-version: 2.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: rio-tiler
  dependency-version: 9.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: simplejson
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: xarray
  dependency-version: 2026.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: gcsfs
  dependency-version: 2026.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants