Skip to content

deps: bump the pip-connectors group in /packages/vendor-connectors with 14 updates#164

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/packages/vendor-connectors/pip-connectors-1f276a3911
May 12, 2026
Merged

deps: bump the pip-connectors group in /packages/vendor-connectors with 14 updates#164
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/packages/vendor-connectors/pip-connectors-1f276a3911

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Updates the requirements on pydantic, requests, boto3, google-api-python-client, anthropic, langchain-core, langsmith, uv, strands-agents, mcp, sentence-transformers, langgraph, mypy and types-requests to permit the latest version.
Updates pydantic to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • See full diff in compare view

Updates requests to 2.34.0

Release notes

Sourced from requests's releases.

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11

Changelog

Sourced from requests's changelog.

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file

... (truncated)

Commits

Updates boto3 to 1.43.6

Commits

Updates google-api-python-client to 2.196.0

Release notes

Sourced from google-api-python-client's releases.

v2.196.0

2.196.0 (2026-05-05)

Features

Bug Fixes

Commits

Updates anthropic to 0.101.0

Release notes

Sourced from anthropic's releases.

v0.101.0

0.101.0 (2026-05-11)

Full Changelog: v0.100.0...v0.101.0

Features

  • aws: Add AWS client for Claude Platform on AWS (1e70e3a)

Bug Fixes

  • client: add missing f-string prefix in file type error message (06d109a)

Chores

  • examples: bump tools_runner.py to claude-sonnet-4-5-20250929 (#1473) (1aa8e41)
  • examples: update shebang from poetry to uv (#1497) (ace8f38)
Changelog

Sourced from anthropic's changelog.

0.101.0 (2026-05-11)

Full Changelog: v0.100.0...v0.101.0

Features

  • aws: Add AWS client for Claude Platform on AWS (1e70e3a)

Bug Fixes

  • client: add missing f-string prefix in file type error message (06d109a)

Chores

  • examples: bump tools_runner.py to claude-sonnet-4-5-20250929 (#1473) (1aa8e41)
  • examples: update shebang from poetry to uv (#1497) (ace8f38)

0.100.0 (2026-05-06)

Full Changelog: v0.99.0...v0.100.0

Features

  • api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (3b3deee)

Bug Fixes

  • api: Adjust webhook configuration (8c3339e)

0.99.0 (2026-05-05)

Full Changelog: v0.98.1...v0.99.0

Features

  • client: allow targeting a workspace for OIDC federation token exchange (4ba8067)

0.98.1 (2026-05-04)

Full Changelog: v0.98.0...v0.98.1

Chores

0.98.0 (2026-05-04)

... (truncated)

Commits
  • e8e6f66 release: 0.101.0
  • c7e3411 feat(aws): Add AWS client for Claude Platform on AWS
  • ae76de1 fix(client): add missing f-string prefix in file type error message
  • b424331 chore(examples): bump tools_runner.py to claude-sonnet-4-5-20250929 (#1473)
  • ee82e5d chore(examples): update shebang from poetry to uv (#1497)
  • 04b468d release: 0.100.0
  • 2c15407 fix(api): Adjust webhook configuration
  • dc0ce48 feat(api): add support for Managed Agents multiagents and outcomes, webhooks,...
  • d573b82 release: 0.99.0
  • 119e123 feat(client): allow targeting a workspace for OIDC federation token exchange
  • See full diff in compare view

Updates langchain-core to 1.4.0

Release notes

Sourced from langchain-core's releases.

langchain-core==1.4.0

Changes since langchain-core==0.3.86

chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329) fix(core): avoid eager pydantic.v1 import in @deprecated (#37308) chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37237) chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37204) release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992) release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834) release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813) release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588) release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612) release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

... (truncated)

Commits
  • 70e66a1 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openrouter (#37352)
  • da380bc chore(infra): merge v1.4 into master (#37350)
  • bbd10fe chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/anthropic (#37343)
  • 11bbfb7 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/fireworks (#37339)
  • 7fd61d2 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/mistralai (#37338)
  • 5c096bb chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/nomic (#37334)
  • ac47d54 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/chroma (#37333)
  • 7e5c570 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/qdrant (#37332)
  • 2086b91 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329)
  • 407e33a chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/langchain (#37327)
  • Additional commits viewable in compare view

Updates langsmith to 0.8.3

Release notes

Sourced from langsmith's releases.

v0.8.3

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.8.2...v0.8.3

Commits
  • e2386ad release(py): 0.8.3 (#2863)
  • 11d51a3 docs(langsmith): clarify trust boundaries when working with hub (#2861)
  • d98c3ed Fix push_agent URL owner for name-only identifiers (#2862)
  • 418fd41 sdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds (#2854)
  • 1baa2c1 sdk(py): replace ttl_seconds with idle_ttl_seconds + delete_after_stop_second...
  • 361c8dd release(js): bump to 0.6.2 (#2856)
  • 0d42882 fix(js): prevent sending [object Object] as span attribute when dealing with ...
  • 619818b Bump Python SDK version to 0.8.2 (#2855)
  • 8a7d3c1 fix: parse urllib3 version with packaging.Version (#2851)
  • 54f8877 Bump JS SDK version to 0.6.1 (#2847)
  • Additional commits viewable in compare view

Updates uv to 0.11.14

Release notes

Sourced from uv's releases.

0.11.14

Release Notes

Released on 2026-05-12.

Enhancements

  • Add Astral mirror URL override (#19206)
  • Ignore top_level.txt entries in uninstall that are not valid Python identifiers (#19340)

Bug fixes

  • Avoid applying .env files in parent process (#19343)
  • Filter ANSI codes in logging output (#19311)
  • Fix uv tree showing extra-conditional deps for packages required without extras (#19332)
  • Respect build options (e.g., --no-build) during lock validation (#19366)

Install uv 0.11.14

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.ps1 | iex"

Download uv 0.11.14

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-riscv64gc-unknown-linux-musl.tar.gz RISCV MUSL Linux checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.14

Released on 2026-05-12.

Enhancements

  • Add Astral mirror URL override (#19206)
  • Ignore top_level.txt entries in uninstall that are not valid Python identifiers (#19340)

Bug fixes

  • Avoid applying .env files in parent process (#19343)
  • Filter ANSI codes in logging output (Description has been truncated

@dependabot
deps: bump the pip-connectors group
2604fc1 
Updates the requirements on [pydantic](https://github.com/pydantic/pydantic), [requests](https://github.com/psf/requests), [boto3](https://github.com/boto/boto3), [google-api-python-client](https://github.com/googleapis/google-api-python-client), [anthropic](https://github.com/anthropics/anthropic-sdk-python), [langchain-core](https://github.com/langchain-ai/langchain), [langsmith](https://github.com/langchain-ai/langsmith-sdk), [uv](https://github.com/astral-sh/uv), [strands-agents](https://github.com/strands-agents/sdk-python), [mcp](https://github.com/modelcontextprotocol/python-sdk), [sentence-transformers](https://github.com/huggingface/sentence-transformers), [langgraph](https://github.com/langchain-ai/langgraph), [mypy](https://github.com/python/mypy) and [types-requests](https://github.com/python/typeshed) to permit the latest version.

Updates `pydantic` to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.3...v2.13.4)

Updates `requests` to 2.34.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.0)

Updates `boto3` to 1.43.6
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.3...1.43.6)

Updates `google-api-python-client` to 2.196.0
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](googleapis/google-api-python-client@v2.195.0...v2.196.0)

Updates `anthropic` to 0.101.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.98.1...v0.101.0)

Updates `langchain-core` to 1.4.0
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.3.2...langchain-core==1.4.0)

Updates `langsmith` to 0.8.3
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.8.0...v0.8.3)

Updates `uv` to 0.11.14
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.9...0.11.14)

Updates `strands-agents` to 1.39.0
- [Release notes](https://github.com/strands-agents/sdk-python/releases)
- [Commits](strands-agents/harness-sdk@v1.38.0...v1.39.0)

Updates `mcp` to 1.27.1
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.27.0...v1.27.1)

Updates `sentence-transformers` to 5.5.0
- [Release notes](https://github.com/huggingface/sentence-transformers/releases)
- [Commits](huggingface/sentence-transformers@v5.4.1...v5.5.0)

Updates `langgraph` to 1.2.0
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@1.1.10...1.2.0)

Updates `mypy` to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.2...v2.1.0)

Updates `types-requests` to 2.33.0.20260508
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-connectors
- dependency-name: requests
  dependency-version: 2.34.0
  dependency-type: direct:production
  dependency-group: pip-connectors
- dependency-name: boto3
  dependency-version: 1.43.6
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: google-api-python-client
  dependency-version: 2.196.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: anthropic
  dependency-version: 0.101.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: langchain-core
  dependency-version: 1.4.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: langsmith
  dependency-version: 0.8.3
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: uv
  dependency-version: 0.11.14
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: strands-agents
  dependency-version: 1.39.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: mcp
  dependency-version: 1.27.1
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: sentence-transformers
  dependency-version: 5.5.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: langgraph
  dependency-version: 1.2.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: direct:development
  dependency-group: pip-connectors
- dependency-name: types-requests
  dependency-version: 2.33.0.20260508
  dependency-type: direct:development
  dependency-group: pip-connectors
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 12, 2026
@dependabot dependabot Bot requested a review from jbdevprimary as a code owner May 12, 2026 21:04
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 12, 2026
@github-actions github-actions Bot merged commit 3e804f9 into main May 12, 2026
9 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/packages/vendor-connectors/pip-connectors-1f276a3911 branch May 12, 2026 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@jbdevprimary jbdevprimary Awaiting requested review from jbdevprimary jbdevprimary is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file pkg:connectors python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants