chore(deps): bump prefect from 3.6.13 to 3.6.28.dev2 in the uv group across 1 directory

[dependabot]

Bumps the uv group with 1 update in the / directory: prefect.

Updates prefect from 3.6.13 to 3.6.28.dev2

Release notes

Sourced from prefect's releases.

3.6.28.dev2: Nightly Development Release

What's Changed

Bug Fixes 🐞

• Skip uv pip freeze in bundle creation when a non-uv launcher is set by @​devin-ai-integration[bot] in PrefectHQ/prefect#21607
• Fix DNS rebinding TOCTOU bypass in validate_restricted_url by @​devin-ai-integration[bot] in PrefectHQ/prefect#21591

Development & Tidiness 🧹

• fix(tests): prevent aiosqlite teardown race in legacy events/out test by @​devin-ai-integration[bot] in PrefectHQ/prefect#21619

Documentation 📓

• docs: Add release notes for prefect-kubernetes==0.7.8 by @​devin-ai-integration[bot] in PrefectHQ/prefect#21611

Uncategorized

• docs: clarify that uv pip freeze is skipped only for execution launcher overrides by @​github-actions[bot] in PrefectHQ/prefect#21613
• Fix _UnpicklingFuture.add_done_callback swallowing deserialization errors by @​saschwartz in PrefectHQ/prefect#21612
• fix(tests): raise asyncpg connection_timeout in unit test mode by @​devin-ai-integration[bot] in PrefectHQ/prefect#21614

Full Changelog: PrefectHQ/prefect@3.6.28.dev1...3.6.28.dev2

3.6.28.dev1: Nightly Development Release

What's Changed

Bug Fixes 🐞

• fix(prefect-shell): kill whole process tree on ShellOperation cleanup by @​zzstoatzz in PrefectHQ/prefect#21586

Uncategorized

• docs: document SIGTERM bridge and sanitize_subprocess_env in utilities AGENTS.md by @​github-actions[bot] in PrefectHQ/prefect#21604
• docs: document JSDOM CSS custom property and matchMedia mocking patterns by @​github-actions[bot] in PrefectHQ/prefect#21605

Full Changelog: PrefectHQ/prefect@3.6.27...3.6.28.dev1

3.6.27 - When I cancel, you cancel

Enhancements ➕➕

• Remove causal ordering from task run recorder by @​chuqCTC in #21458
• Enable cascading cancellation for in-process subflows by @​desertaxle in #21477
• Relax work-pool storage CLI to allow ambient cloud credentials by @​desertaxle in #21578

Bug Fixes 🐞

• Bump pydocket to >=0.19.0 and drop the fakeredis pin by @​chrisguidry in #21512
• URL-encode credentials in dict fallback path for git clone by @​devin-ai-integration in #21540
• Handle missing anyio.NoEventLoopError on older anyio versions by @​devin-ai-integration in #21539
• Fix serve not clearing work pool config on existing deployments by @​vyagubov in #21528
• Add validation for malformed block document placeholder format by @​kuishou68 in #21501
• Handle PydanticInvalidForJsonSchema in parameter schema generation by @​devin-ai-integration in #21571
• Eagerly rebuild task-run submission schemas by @​desertaxle in #21556
• Propagate contextvars to the flow heartbeat thread by @​devin-ai-integration in #21577

... (truncated)

Commits

• 6f89b6d fix(tests): raise asyncpg connection_timeout in unit test mode (#21614)
• 1589b45 fix(tests): prevent aiosqlite teardown race in legacy events/out test (#21619)
• 7c70ac5 Fix DNS rebinding TOCTOU bypass in validate_restricted_url (#21591)
• 3458636 Fix _UnpicklingFuture.add_done_callback swallowing deserialization errors (#2...
• 3d18732 docs: clarify that uv pip freeze is skipped only for execution launcher overr...
• 36207f9 Skip uv pip freeze in bundle creation when a non-uv launcher is set (#21607)
• 8ab8ac4 docs: Add release notes for prefect-kubernetes==0.7.8 (#21611)
• 6373056 fix(prefect-shell): kill whole process tree on ShellOperation cleanup (#21586)
• 6dd5af5 docs: document JSDOM CSS custom property and matchMedia mocking patterns (#21...
• 9f9bed7 fix(ui-v2): default deployment detail tab to Details to match V1 (#21601)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade prefect to 3.6.28.dev2 to pick up recent bug fixes and security hardening. Updates the lockfile to reflect new and removed transitive packages.

• Dependencies
  • Bump prefect 3.6.13 → 3.6.28.dev2.
  • Lockfile changes: adds amplitude-analytics, cyclopts, docstring-parser, rich-rst, cronsim, burner-redis, uncalled-for; removes fakeredis, sortedcontainers, lupa; bumps pydocket to 0.20.3.

^{Written for commit 06be78b. Summary will update on new commits. Review in cubic}