deps: bump the pip-connectors group in /packages/vendor-connectors with 10 updates

[dependabot]

Updates the requirements on more-itertools, boto3, anthropic, uv, strands-agents, fastapi, uvicorn, sentence-transformers, pytest-asyncio and langgraph to permit the latest version.
Updates more-itertools to 11.1.0

Release notes

Sourced from more-itertools's releases.

Version 11.1.0

Changes:

• numeric_range was updated to fix its handling of empty ranges (thanks to rhettinger)
• peekable was updated to fix typing issues (thanks to DORI2001, powellnorma, Pandede, m9810223, and rhettinger)
• islice_extended was optimized for memory usage and speed (thanks to ben42code, rhettinger, and pochmann)
• serialize now supports the generator methods throw, send, and close (thanks to rhettinger)
• seekable now supports implements __getitem__ for cached elements (thanks to SAY-5, jenstroeger, and JamesParrott)

Commits

• 64be96c Merge pull request #1159 from more-itertools/version-11.1.0
• 03a08ec Changes for version 11.1.0
• 9af73b9 Bump version: 11.0.2 → 11.1.0
• 264b18d Merge pull request #1158 from SAY-5/seekable-getitem
• ba7ef94 Add seekable.getitem to access the internal cache
• 18d9889 Merge pull request #1157 from rhettinger/expand_serialize
• c7b870a Add tests
• fb6923e Update stub
• 1c85ece Make attributes private. Support all generator methods.
• bd8475c Merge pull request #1155 from rhettinger/optimize_islice_extended
• Additional commits viewable in compare view

Updates boto3 to 1.43.15

Commits

• ecbbf11 Merge branch 'release-1.43.15'
• af67f4e Bumping version to 1.43.15
• 16a99f5 Add changelog entries from botocore
• 07953b0 Merge branch 'release-1.43.14'
• 7270b75 Merge branch 'release-1.43.14' into develop
• 25c77c3 Bumping version to 1.43.14
• 5e64afc Add changelog entries from botocore
• 97921f4 Merge branch 'release-1.43.13'
• 4e58a35 Merge branch 'release-1.43.13' into develop
• 1307ac2 Bumping version to 1.43.13
• Additional commits viewable in compare view

Updates anthropic to 0.104.1

Release notes

Sourced from anthropic's releases.

v0.104.1

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

• streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

Changelog

Sourced from anthropic's changelog.

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

• streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

0.104.0 (2026-05-21)

Full Changelog: v0.103.1...v0.104.0

Features

• api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (80d0fdf)

0.103.1 (2026-05-19)

Full Changelog: v0.103.0...v0.103.1

Bug Fixes

• runner: skip tool calls SessionToolRunner does not own (#1817) (9425c6a)

0.103.0 (2026-05-19)

Full Changelog: v0.102.0...v0.103.0

Features

• client: Add support for self-hosted sandboxes in CMA with sandbox helpers (e5625b0)

0.102.0 (2026-05-13)

Full Changelog: v0.101.0...v0.102.0

Features

• api: Add BetaManagedAgentsSearchResultBlock types (3681f10)
• api: Add support for cache diagnostics beta (db51c6c)
• internal/types: support eagerly validating pydantic iterators (68dabb0)

Chores

• api: spec updates (d579133)

0.101.0 (2026-05-11)

Full Changelog: v0.100.0...v0.101.0

... (truncated)

Commits

• 5db69c6 release: 0.104.1
• 5fe4933 fix(streaming): carry encrypted_content through beta compaction accumulator (...
• aaaacb5 release: 0.104.0
• 4b05172 feat(api): Add support for thinking-token-count beta for estimated tokens in ...
• See full diff in compare view

Updates uv to 0.11.16

Release notes

Sourced from uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

0.11.15

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

... (truncated)

Commits

• 135a363 Bump version to 0.11.16 (#19522)
• 3b5f994 Add a uv lock check to CI (#19524)
• 4ffb506 Improve crates.io new crate error message (#19523)
• 51ba989 Add support for direct archive dependencies in Git (#10072)
• c07a6ef Reject locked malware installations (#18936)
• 58a6734 Allow environment variables that take a list to be empty (#19503)
• c1477e2 Use UV_NO_SYSTEM_CONFIG in tests to avoid reading machine-global config (#1...
• 4648a0b uv audit: specialize malformed OSV error (#19515)
• e2375ab Test create_junction changes from #19402 (#19487)
• 547bf2f Avoid unwrapping from OnceMap (#19510)
• Additional commits viewable in compare view

Updates strands-agents to 1.41.0

Release notes

Sourced from strands-agents's releases.

v1.41.0

What's Changed

• feat(plugins): add MultiAgentPlugin for Swarm and Graph orchestrators by @​zastrowm in strands-agents/sdk-python#2280
• feat: bump starlette dependency to 1.x by @​pgrayy in strands-agents/sdk-python#2297
• feat(bedrock): add TTL support to auto-injected tool and system/user cache points by @​kpx-dev in strands-agents/sdk-python#2232
• fix(tests): add use_native_token_count=True when expected by @​lizradway in strands-agents/sdk-python#2311

Full Changelog: strands-agents/harness-sdk@v1.40.0...v1.41.0

Commits

• 64a6862 fix(tests): add use_native_token_count=True when expected (#2311)
• 46ce50b feat(bedrock): add TTL support to auto-injected tool and system/user cache po...
• 1232230 feat: bump starlette dependency to 1.x (#2297)
• afb0dd9 feat(plugins): add MultiAgentPlugin for Swarm and Graph orchestrators (#2280)
• See full diff in compare view

Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates uvicorn to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

• Support ws_max_size in wsproto implementation (#2915)
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

• Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

• Add --reset-contextvars flag to isolate ASGI request context (#2912)
• Accept os.PathLike for log_config (#2905)
• Accept log_level strings case-insensitively (#2907)

Changed

• Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
• Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits

• 73e84e5 Version 0.48.0 (#2951)
• 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
• dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
• abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
• See full diff in compare view

Updates sentence-transformers to 5.5.1

Release notes

Sourced from sentence-transformers's releases.

v5.5.1 - Small Multimodal patch

This patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like model.encode({"image": ...}).

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.5.1
Inference only, use one of:
pip install sentence-transformers==5.5.1
pip install sentence-transformers[onnx-gpu]==5.5.1
pip install sentence-transformers[onnx]==5.5.1
pip install sentence-transformers[openvino]==5.5.1
Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.5.1
pip install sentence-transformers[audio]==5.5.1
pip install sentence-transformers[video]==5.5.1
Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.5.1

Bug fixed

Previously, inference like model.encode({"image": ...}) or model.encode([{"image": ...}, ...]) would be inferred as the ("image",) modality, which differed from the inferred modality of "image" for just model.encode(my_image) or model.encode([my_image, my_image_2, ...]).

This results in confusing errors if the model doesn't have a modality_config mapping for ("image",) in addition to "image", so now a single-key multimodal dict is collapsed to the bare modality (just "image" in this example).

This affected this code:

from sentence_transformers import SentenceTransformer
model = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)
embedding = model.encode({"image": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png"})
print(embedding.shape)

Which previously failed as the model only implements a path for "text", "image", and ("image", "text").

All Changes

• [fix] Collapse single-key multimodal dicts to bare modality by @​tomaarsen in #3779

Full Changelog: huggingface/sentence-transformers@v5.5.0...v5.5.1

Commits

• ce3ec6d Release v5.5.1
• 610a7c5 [fix] Collapse single-key multimodal dicts to bare modality (#3779)
• See full diff in compare view

Updates pytest-asyncio to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates langgraph to 1.2.2

Release notes

Sourced from langgraph's releases.

langgraph==1.2.2

Changes since 1.2.1

• chore(langgraph): bump version to 1.2.2 (#7914)
• fix(langgraph): assign stable IDs to id=None BaseMessages before DeltaChannel checkpoint writes (#7913)
• release(checkpoint): 4.1.1 (#7890)

Commits

• add2696 chore(langgraph): bump version to 1.2.2 (#7914)
• 5d5a641 fix(langgraph): assign stable IDs to id=None BaseMessages before DeltaChannel...
• d1e2ff0 release(checkpoint): 4.1.1 (#7890)
• e787af2 release(sdk-py): 0.3.15 (#7891)
• 604534e fix(sdk-py): percent-encode caller-supplied identifiers in URL paths (#7893)
• 346aa97 fix(checkpoint): restrict lc:2 envelope revival to default constructor (#7892)
• 82b3872 chore(deps): bump the uv group across 2 directories with 1 update (#7853)
• fcc4ab8 chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint (#7860)
• 701d344 chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint-postgres (#7861)
• 2c7967c chore(deps): bump idna from 3.11 to 3.15 in /libs/cli (#7865)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions