Bump the uv group across 3 directories with 8 updates by dependabot[bot] · Pull Request #4 · srirsiva/graphiti

dependabot · 2026-05-19T21:02:32Z

Bumps the uv group with 7 updates in the / directory:

Package	From	To
jupyterlab	`4.5.2`	`4.5.7`
langsmith	`0.7.31`	`0.8.0`
idna	`3.11`	`3.15`
jupyter-server	`2.17.0`	`2.18.0`
langchain-core	`1.3.0`	`1.3.3`
mistune	`3.2.0`	`3.2.1`
urllib3	`2.6.3`	`2.7.0`

Bumps the uv group with 5 updates in the /mcp_server directory:

Package	From	To
langsmith	`0.7.31`	`0.8.0`
idna	`3.10`	`3.15`
langchain-core	`1.3.0`	`1.3.3`
urllib3	`2.6.3`	`2.7.0`
python-multipart	`0.0.26`	`0.0.27`

Bumps the uv group with 2 updates in the /server directory: idna and urllib3.

Updates jupyterlab from 4.5.2 to 4.5.7

Release notes

Sourced from jupyterlab's releases.

v4.5.7

4.5.7

(Full Changelog)

Security patches

CVE-2026-42557 GHSA-mqcg-5x36-vfcg

CVE-2026-42266 GHSA-37w4-hwhx-4rc4

CVE-2026-40171 GHSA-rch3-82jr-f9w9

Bugs fixed

Video and Audio Content Providers: Fix JupyterLite support #18652 (@martinRenou)

Fix notebook hang when dropping cells #18808 (@MUFFANUJ)

Fix Contextual Help keyboard shortcut reliability and menu Help functionality #18747 (@itsmejay80)

Fix focusing input element when opening a dialog from Command Palette #18735 (@Carreau)

Fix native context menu blocked even when context menu is suppressed #18753 (@utsav-develops)

Fix flaky toolbar item placement in popup #18618 (@filipeoliveira05)

Update terminal default font family to honor macOS system-wide ui-monospace #18647 (@flaviomartins)

Maintenance and upkeep improvements

Fix linting issue #18819 (@krassowski)

Fix syntax for Python 3.9 on 4.5.x branch #18817 (@krassowski)

Remove unused CodeMirror v5 CSS rule #18785 (@Carreau)

Remove unused CSS rule forgotten after CodeMirror migration #18763 (@Carreau)

Remove unused progress bar CSS rule in execution indicator #18759 (@Carreau)

Remove dead .jp-VariableRenderer-TrustButton CSS rule #18762 (@Carreau)

Remove used .jp-Cell-Placeholder CSS rules #18761 (@Carreau)

Documentation improvements

Fix name of option for extension manager implementation in docs #18788 (@krassowski)

Remove 4.5.0 announcement from docs #18740 (@krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @filipeoliveira05 (activity) | @flaviomartins (activity) | @itsmejay80 (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @MUFFANUJ (activity) | @utsav-develops (activity)

v4.5.6

4.5.6

... (truncated)

Commits

f514041 [ci skip] Publish 4.5.7
66fe9ad Backport PR #18652 on branch 4.5.x (Video and Audio Content Providers: Fix Ju...
f4455fa Fix syntax for Python 3.9 on 4.5.x branch (#18817)
d2322b5 Backport PR #18819 on branch 4.5.x (Fix linting issue) (#18820)
5d9cb8c Merge commit from fork
1de120b Merge commit from fork
6926100 Backport PR #18808 on branch 4.5.x (Fix notebook hang when dropping cells) (#...
67e6e88 Backport PR #18647 on branch 4.5.x (Update default font family to honor macOS...
bf21eb9 Backport PR #18747 on branch 4.5.x (Fix Contextual Help keyboard shortcut rel...
73cafa5 Backport PR #18788 on branch 4.5.x (Fix name of option for extension manager ...
Additional commits viewable in compare view

Updates langsmith from 0.7.31 to 0.8.0

Release notes

Sourced from langsmith's releases.

v0.8.0

What's Changed

feat(js,py): JS 0.6.0, Py 0.8.0 by @jacoblee93 in langchain-ai/langsmith-sdk#2831

release(js): 0.6.0 by @jacoblee93 in langchain-ai/langsmith-sdk#2832

release(py): 0.8.0 by @jacoblee93 in langchain-ai/langsmith-sdk#2833

Full Changelog: langchain-ai/langsmith-sdk@v0.7.38...v0.8.0

v0.7.38

What's Changed

feat(js): add tracing of opencode by @dqbd in langchain-ai/langsmith-sdk#2776

chore(js): Remove types/uuid by @jacoblee93 in langchain-ai/langsmith-sdk#2814

docs(sandbox): document default idle TTL of 10 minutes by @DanielKneipp in langchain-ai/langsmith-sdk#2788

ci(py): Bump pytest timeout to 2m by @jacoblee93 in langchain-ai/langsmith-sdk#2815

chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 4 updates by @dependabot[bot] in langchain-ai/langsmith-sdk#2803

chore(deps): update sphinx-autobuild requirement from >=2024 to >=2024.10.3 in /python by @dependabot[bot] in langchain-ai/langsmith-sdk#2809

chore(deps): update myst-nb requirement from >=1.1.1 to >=1.4.0 in /python by @dependabot[bot] in langchain-ai/langsmith-sdk#2810

chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /python by @dependabot[bot] in langchain-ai/langsmith-sdk#2812

chore(deps-dev): bump @langchain/openai from 0.5.18 to 0.6.17 in /js by @dependabot[bot] in langchain-ai/langsmith-sdk#2806

chore(deps): bump the py-minor-and-patch group across 1 directory with 18 updates by @dependabot[bot] in langchain-ai/langsmith-sdk#2808

feat(py): Adds strands OTEL exporter by @jacoblee93 in langchain-ai/langsmith-sdk#2817

chore(js): Switch to oxfmt and oxlint by @jacoblee93 in langchain-ai/langsmith-sdk#2819

fix(py): fix RunTree ValidationError when inputs or outputs is a Pydantic BaseModel by @QuentinBrosse in langchain-ai/langsmith-sdk#2820

chore: add apac support by @joaquin-borggio-lc in langchain-ai/langsmith-sdk#2821

fix(js): Pull Claude Agent SDK subagent runs from transcript, add tool span for subagents, merge message blocks by id by @jacoblee93 in langchain-ai/langsmith-sdk#2816

release(js): 0.5.26 by @jacoblee93 in langchain-ai/langsmith-sdk#2824

release(py): 0.7.38 by @jacoblee93 in langchain-ai/langsmith-sdk#2825

Full Changelog: langchain-ai/langsmith-sdk@v0.7.37...v0.7.38

v0.7.37

What's Changed

perf(js): Offload serialize to worker thread at flush time by @jacoblee93 in langchain-ai/langsmith-sdk#2781

release(js): 0.5.24 by @emil-lc in langchain-ai/langsmith-sdk#2790

chore(js): Fix perf test flagging by @jacoblee93 in langchain-ai/langsmith-sdk#2792

feat(js,python): Adds hub model config and provider to schemas by @jacoblee93 in langchain-ai/langsmith-sdk#2793

fix(js): minor test improvements by @christian-bromann in langchain-ai/langsmith-sdk#2429

fix(js): Include auth headers on info requests by @jacoblee93 in langchain-ai/langsmith-sdk#2800

release(js): 0.5.25 by @jacoblee93 in langchain-ai/langsmith-sdk#2801

fix(python): flush both tracing_queue and compressed_traces in flush() by @angus-langchain in langchain-ai/langsmith-sdk#2796

chore(deps): bump postcss from 8.5.8 to 8.5.10 in /js/internal/environment_tests/test-exports-vite in the npm_and_yarn group across 1 directory by @dependabot[bot] in langchain-ai/langsmith-sdk#2791

chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by @dependabot[bot] in langchain-ai/langsmith-sdk#2794

fix(python): flush pending traces during Client.cleanup() by @angus-langchain in langchain-ai/langsmith-sdk#2799

fix(py): Fix concurrency for multiple Claude Agent SDK sessions by @jacoblee93 in langchain-ai/langsmith-sdk#2795

release(py): 0.7.37 by @jacoblee93 in langchain-ai/langsmith-sdk#2802

Full Changelog: langchain-ai/langsmith-sdk@v0.7.36...v0.7.37

... (truncated)

Commits

cf01c87 release(py): 0.8.0 (#2833)
fd049c8 release(js): 0.6.0 (#2832)
092a886 feat(js,py): JS 0.6.0, Py 0.8.0 (#2831)
ff180c0 release(py): 0.7.38 (#2825)
d9de3ca release(js): 0.5.26 (#2824)
1428394 fix(js): Pull Claude Agent SDK subagent runs from transcript, add tool span f...
838e957 chore: add apac support (#2821)
003f22a fix(py): fix RunTree ValidationError when inputs or outputs is a Pydantic Bas...
8f5ef27 chore(js): Switch to oxfmt and oxlint (#2819)
9873633 feat(py): Adds strands OTEL exporter (#2817)
Additional commits viewable in compare view

Updates idna from 3.11 to 3.15

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.

Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.

Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.

Allow flit_core 4.x in the build backend.

Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.

Add Dependabot configuration for GitHub Actions.

Convert README and HISTORY from reStructuredText to Markdown.

Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

Correct classification error for codepoint U+A7F1

3.12 (2026-04-21)

Update to Unicode 17.0.0.

Issue a deprecation warning for the transitional argument.

Added lazy-loading to provide some performance improvements.

Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

af30a09 Release 3.15
30314d4 Pre-release 3.15rc0
05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
2987fdb Convert README and HISTORY from reStructuredText to Markdown
59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
bbd8004 Merge pull request #234 from StanFromIreland/patch-1
edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
5557db0 Merge branch 'master' into patch-1
f11746c Merge pull request #235 from StanFromIreland/patch-2
Additional commits viewable in compare view

Updates jupyter-server from 2.17.0 to 2.18.0

Release notes

Sourced from jupyter-server's releases.

v2.18.0

2.18.0

(Full Changelog)

Security patches

CVE-2026-40110 GHSA-24qx-w28j-9m6p

CVE-2025-61669 GHSA-qh7q-6qm3-653w

CVE-2026-40934 GHSA-5mrq-x3x5-8v8f

CVE-2026-35397 GHSA-5789-5fc7-67v3

API and Breaking Changes

Add query param to sanitize HTML in GET /nbconvert/html #1618 (@Yann-P, @Carreau)

Enhancements made

Update handlers.py to fix ioloop blockers(sync file operations) #1617 (@zolyfarkas-fb, @Carreau)

Add resolvePath API for resolving kernel-relative paths #1331 (@krassowski, @Carreau, @blink1073)

Bugs fixed

Move check origin into a util function and add it to websocket #1630 (@Carreau, @Yann-P)

Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart #1628 (@Carreau, @claude, @krassowski)

Try to fix flaky test "test_restart_kernel" #1625 (@Carreau)

Fix potential unraisable pytest error #1624 (@Carreau)

fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs #1620 (@terminalchai, @krassowski, @ptch314)

Fix three file descriptor leaks in kernel connection lifecycle (#1506) #1619 (@tonyx93, @Carreau)

Use web.HTTPError for kernel restart failures #1616 (@YDawn, @Carreau)

Handle EADDRINUSE and EACCES in _bind_http_server_tcp #1613 (@YDawn, @Zsailer, @minrk)

Use st_birthtime for file created timestamp on macOS/BSD #1594 (@ktaletsk, @krassowski, @minrk)

Fix double write when refusing hidden files in contents handler #1585 (@Krish-876, @minrk)

Close all sockets in _find_http_port explicitly #1584 (@MaryushSoroka, @minrk)

Fix writing on remote file systems with attribute cache #1574 (@krassowski, @Zsailer)

Add IdentityProvider.cookie_secret_hook #1569 (@emin63, @minrk)

fix context pollution #1561 (@dualc, @Zsailer)

Fix gateway cookie handling #1558 (@kevin-bates, @RRosio, @lresende, @minrk)

fix connection exception cause high cpu load #1484 (@dualc, @lresende, @minrk)

Maintenance and upkeep improvements

Start to test on Python 3.13 and 3.14 #1623 (@Carreau)

Bump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory #1621 (@Carreau)

Bump brace-expansion from 1.1.12 to 1.1.13 #1615 (@minrk)

Fix package spec for jupytext #1614 (@krassowski, @Zsailer)

chore: update pre-commit hooks #1607 (@minrk)

try to fix ci on windows #1600 (@minrk, @krassowski)

run prerelease tests on 3.14 #1599 (@minrk)

Pin sphinx to an older version (<9) to fix docs #1597 (@krassowski, @minrk)

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.18.0

(Full Changelog)

API and Breaking Changes

Add query param to sanitize HTML in GET /nbconvert/html #1618 (@Yann-P, @Carreau)

Enhancements made

Update handlers.py to fix ioloop blockers(sync file operations) #1617 (@zolyfarkas-fb, @Carreau)

Avoid redundant call to _get_os_path in _dir_model #1547 (@joeyutong, @vidartf)

Allow specifying extra params to scrub from logs #1538 (@jtpio, @Zsailer, @vidartf)

Add a logger to the ExtensionPoint API #1523 (@Zsailer, @vidartf)

Allow user to update identity values #1518 (@brichet, @minrk)

If ServerApp.ip is ipv6 use [::1] as local_url #1495 (@manics, @afshin)

Better error message when starting kernel for session. #1478 (@Carreau, @davidbrochart, @krassowski, @minrk)

Add a traitlet to disable recording HTTP request metrics #1472 (@yuvipanda, @Zsailer)

prometheus: Expose 3 activity metrics #1471 (@yuvipanda, @Zsailer)

Add prometheus info metrics listing server extensions + versions #1470 (@yuvipanda, @Zsailer)

Add prometheus metric with version information #1467 (@yuvipanda, @Zsailer)

Don't hide .so,.dylib files by default #1457 (@nokados, @krassowski, @minrk, @vidartf)

Better hash format error message #1442 (@fcollonval, @Zsailer)

Removing excessive logging from reading local files #1420 (@lresende, @kevin-bates)

Add async start hook to ExtensionApp API #1417 (@Zsailer, @Darshan808, @bollwyvl, @fcollonval, @krassowski)

Do not include token in dashboard link, when available #1406 (@minrk, @blink1073)

Add an option to have authentication enabled for all endpoints by default #1392 (@krassowski, @Wh1isper, @blink1073, @bollwyvl, @minrk, @yuvipanda)

websockets: add configurations for ping interval and timeout #1391 (@oliver-sanders, @blink1073)

log extension import time at debug level unless it's actually slow #1375 (@minrk, @Zsailer, @yuvipanda)

Add support for async Authorizers (part 2) #1374 (@Zsailer, @blink1073)

Support async Authorizers #1373 (@Zsailer, @blink1073)

Support get file(notebook) md5 #1363 (@Wh1isper, @blink1073, @bollwyvl, @krassowski)

Update kernel env to reflect changes in session #1354 (@blink1073, @Carreau, @krassowski)

Add resolvePath API for resolving kernel-relative paths #1331 (@krassowski, @Carreau, @blink1073)

Bugs fixed

Move check origin into a util function and add it to websocket #1630 (@Carreau, @Yann-P)

Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart #1628 (@Carreau, @claude, @krassowski)

Try to fix flaky test "test_restart_kernel" #1625 (@Carreau)

Fix potential unraisable pytest error #1624 (@Carreau)

fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs #1620 (@terminalchai, @krassowski, @ptch314)

Fix three file descriptor leaks in kernel connection lifecycle (#1506) #1619 (@tonyx93, @Carreau)

Use web.HTTPError for kernel restart failures #1616 (@YDawn, @Carreau)

Handle EADDRINUSE and EACCES in _bind_http_server_tcp #1613 (@YDawn, @Zsailer, @minrk)

Use st_birthtime for file created timestamp on macOS/BSD #1594 (@ktaletsk, @krassowski, @minrk)

Fix double write when refusing hidden files in contents handler #1585 (@Krish-876, @minrk)

Close all sockets in _find_http_port explicitly #1584 (@MaryushSoroka, @minrk)

Fix writing on remote file systems with attribute cache #1574 (@krassowski, @Zsailer)

Add IdentityProvider.cookie_secret_hook #1569 (@emin63, @minrk)

... (truncated)

Commits

0ceed45 Publish 2.18.0
49b3439 Move check origin into a util function and add it to websocket (#1630)
e2e08c8 Add test case for bad next URL format
624d6c0 Delete outdated patch code
d825b93 Apply suggestion from @minrk
789fed0 patch open redirect in /login
2ee51ec fix(CVE-2026-35397): path traversal when target dir starts with root dir
057869a Fix allow_origin_pat to do full matching instead of prefix matching
4862199 Add resolvePath API for resolving kernel-relative paths
e31d514 Bump actions/create-github-app-token from 2 to 3 in the actions group across ...
Additional commits viewable in compare view

Updates langchain-core from 1.3.0 to 1.3.3

Release notes

Sourced from langchain-core's releases.

langchain-core==1.3.3

Changes since langchain-core==1.3.2

release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992)

langchain-core==1.3.2

Changes since langchain-core==1.3.1

release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834)

langchain-core==1.3.1

Changes since langchain-core==1.3.0

release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813)

Commits

5039dfe release(core): 1.3.3 (#37198)
55a7707 fix(core): set deprecation since to 1.3.3 to match release (#37200)
c979c61 fix(core, langchain): harden load() against untrusted manifests (#37197)
d703110 docs: update README.md (#37190)
4d50a2a ci(infra): run pre-release checks before TestPyPI publish (#37194)
9bd730e fix(fireworks): require api_key in FireworksEmbeddings (#37193)
f475f41 release(mistralai): 1.1.4 (#37191)
7dbff48 fix(mistralai): strip non-wire keys from ToolMessage (#37188)
913816c release(fireworks): 1.3.1 (#37189)
4498d3d fix(fireworks): strip non-wire keys from ToolMessage text content blocks (#...
Additional commits viewable in compare view

Updates mistune from 3.2.0 to 3.2.1

Release notes

Sourced from mistune's releases.

v3.2.1

🐞 Bug Fixes

Resolve Windows compatibility issues in file inclusion and tests - by @Yuki9814 (25471)

Escape html text - by @lepture (a3cb6)

Update link reference - by @lepture (85eb5)

Handle escaped dollar signs in inline math - by @saschabuehrle in lepture/mistune#370 (7bd57)

Escape id of toc - by @lepture (04880)

Escape id of headings - by @lepture (28556)

Remove double-encoding of image alt text - by @lawrence3699 (0d6f3)

Escape xml for math plugin - by @lepture (5fa09)

Use strict regex for image's height and width - by @lepture (8d0cb)

View changes on GitHub

Changelog

Sourced from mistune's changelog.

Version 3.2.1

Released on May 3, 2026

Escape link in render_toc_ul.

Escape text in math plugin.

Fix regex for math plugin.

Escape heading's ID attribute.

Fix LINK_TITLE_RE to prevent DoS.

Escape class attribute for admonition directive.

Remove double-encoding of image alt text.

Escape class attribute for image directive.

Fix width/height attribute for image directive.

Commits

067f908 chore: release 3.2.1
bf55030 Merge pull request #438 from saschabuehrle/fix/issue-370
8d0cb75 fix: use strict regex for image's height and width
5fa092e fix: escape xml for math plugin
71ec947 Merge pull request #440 from lawrence3699/fix/image-alt-double-encoding
0d6f3d8 fix: remove double-encoding of image alt text
2855622 fix: escape id of headings
04880a0 fix: escape id of toc
7bd5709 fix: handle escaped dollar signs in inline math (fixes #370)
85eb54f fix: update link reference
Additional commits viewable in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

Decompression-bomb safeguards of the streaming API were bypassed:

When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @Cycloctane)

During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @kimkou2024)

See GHSA-mf9v-mfxr-j63j for details.

HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @christos-spearbit)

Deprecations and Removals

Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Re...
Description has been truncated

Bumps the uv group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.2` | `4.5.7` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.31` | `0.8.0` | | [idna](https://github.com/kjd/idna) | `3.11` | `3.15` | | [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.18.0` | | [langchain-core](https://github.com/langchain-ai/langchain) | `1.3.0` | `1.3.3` | | [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` | Bumps the uv group with 5 updates in the /mcp_server directory: | Package | From | To | | --- | --- | --- | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.31` | `0.8.0` | | [idna](https://github.com/kjd/idna) | `3.10` | `3.15` | | [langchain-core](https://github.com/langchain-ai/langchain) | `1.3.0` | `1.3.3` | | [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` | Bumps the uv group with 2 updates in the /server directory: [idna](https://github.com/kjd/idna) and [urllib3](https://github.com/urllib3/urllib3). Updates `jupyterlab` from 4.5.2 to 4.5.7 - [Release notes](https://github.com/jupyterlab/jupyterlab/releases) - [Changelog](https://github.com/jupyterlab/jupyterlab/blob/main/RELEASE.md) - [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/[email protected]...@jupyterlab/[email protected]) Updates `langsmith` from 0.7.31 to 0.8.0 - [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases) - [Commits](langchain-ai/langsmith-sdk@v0.7.31...v0.8.0) Updates `idna` from 3.11 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `jupyter-server` from 2.17.0 to 2.18.0 - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](jupyter-server/jupyter_server@v2.17.0...v2.18.0) Updates `langchain-core` from 1.3.0 to 1.3.3 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain-core==1.3.0...langchain-core==1.3.3) Updates `mistune` from 3.2.0 to 3.2.1 - [Release notes](https://github.com/lepture/mistune/releases) - [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst) - [Commits](lepture/mistune@v3.2.0...v3.2.1) Updates `urllib3` from 2.6.3 to 2.7.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.3...2.7.0) Updates `langsmith` from 0.7.31 to 0.8.0 - [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases) - [Commits](langchain-ai/langsmith-sdk@v0.7.31...v0.8.0) Updates `idna` from 3.10 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `langchain-core` from 1.3.0 to 1.3.3 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain-core==1.3.0...langchain-core==1.3.3) Updates `urllib3` from 2.6.3 to 2.7.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.3...2.7.0) Updates `python-multipart` from 0.0.26 to 0.0.27 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.26...0.0.27) Updates `idna` from 3.10 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `urllib3` from 2.6.3 to 2.7.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.3...2.7.0) --- updated-dependencies: - dependency-name: jupyterlab dependency-version: 4.5.7 dependency-type: direct:production dependency-group: uv - dependency-name: langsmith dependency-version: 0.8.0 dependency-type: direct:production dependency-group: uv - dependency-name: idna dependency-version: '3.15' dependency-type: indirect dependency-group: uv - dependency-name: jupyter-server dependency-version: 2.18.0 dependency-type: indirect dependency-group: uv - dependency-name: langchain-core dependency-version: 1.3.3 dependency-type: indirect dependency-group: uv - dependency-name: mistune dependency-version: 3.2.1 dependency-type: indirect dependency-group: uv - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: indirect dependency-group: uv - dependency-name: langsmith dependency-version: 0.8.0 dependency-type: indirect dependency-group: uv - dependency-name: idna dependency-version: '3.15' dependency-type: indirect dependency-group: uv - dependency-name: langchain-core dependency-version: 1.3.3 dependency-type: indirect dependency-group: uv - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: indirect dependency-group: uv - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: indirect dependency-group: uv - dependency-name: idna dependency-version: '3.15' dependency-type: indirect dependency-group: uv - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: indirect dependency-group: uv ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 19, 2026

dependabot Bot mentioned this pull request May 19, 2026

Bump the uv group across 3 directories with 7 updates #3

Closed

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the uv group across 3 directories with 8 updates#4

Bump the uv group across 3 directories with 8 updates#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-202227949f

dependabot Bot commented on behalf of github May 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 19, 2026

v4.5.7

4.5.7

Security patches

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

v4.5.6

4.5.6

v0.8.0

What's Changed

v0.7.38

What's Changed

v0.7.37

What's Changed

3.15 (2026-05-12)

3.14 (2026-05-10)

3.13 (2026-04-22)

3.12 (2026-04-21)

v2.18.0

2.18.0

Security patches

API and Breaking Changes

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

2.18.0

API and Breaking Changes

Enhancements made

Bugs fixed

langchain-core==1.3.3

langchain-core==1.3.2

langchain-core==1.3.1

v3.2.1

🐞 Bug Fixes

View changes on GitHub

Version 3.2.1

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

Security

Deprecations and Removals

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants