Skip to content

Build(deps): Bump the uv group across 2 directories with 2 updates#266

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/uv/backend/uv-f8b143c4e8
Closed

Build(deps): Bump the uv group across 2 directories with 2 updates#266
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/uv/backend/uv-f8b143c4e8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps the uv group with 2 updates in the /backend directory: pypdf and langchain-core.
Bumps the uv group with 1 update in the /evaluation directory: langchain-core.

Updates pypdf from 6.9.2 to 6.10.0

Release notes

Sourced from pypdf's releases.

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

Documentation (DOC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.0, 2026-04-10

Security (SEC)

  • Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

  • Use remove_orphans in compress_identical_objects (#3310)
  • Fix PdfReadError when xref table contains comments before trailer (#3710)
  • Correctly verify AES padding during decryption (#3699)
  • Fix stale object cache from non-authoritative object streams (#3698)
  • Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

Full Changelog

Commits
  • fd0aeca REL: 6.10.0
  • b15a374 SEC: Disallow custom XML entity declarations for XMP metadata (#3724)
  • d0d9de6 DEV: Update cryptography to 46.0.7 in ci.txt
  • 1e0e5be DOC: Include policies about AI and PoCs into security policy
  • 3155e04 Bump cryptography from 46.0.6 to 46.0.7 in /requirements (#3723)
  • 696b978 DEV: Bump codecov/codecov-action from 5 to 6 (#3701)
  • 5456731 TST: Extending typing to tests; cover generic and scripts folder files (#3660)
  • e00505e DOC: Add AI policy (#3717)
  • bd95bd8 Fix PdfReadError when xref table contains comments before trailer (#3710)
  • f3f501b DEV: Update pygments version to 2.20.0 (#3707)
  • Additional commits viewable in compare view

Updates langchain-core from 1.2.22 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

Commits

Updates langchain-core from 1.2.22 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Build(deps): Bump the uv group across 2 directories with 2 updates
e9389bd 
Bumps the uv group with 2 updates in the /backend directory: [pypdf](https://github.com/py-pdf/pypdf) and [langchain-core](https://github.com/langchain-ai/langchain).
Bumps the uv group with 1 update in the /evaluation directory: [langchain-core](https://github.com/langchain-ai/langchain).


Updates `pypdf` from 6.9.2 to 6.10.0
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.9.2...6.10.0)

Updates `langchain-core` from 1.2.22 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.22...langchain-core==1.2.28)

Updates `langchain-core` from 1.2.22 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.22...langchain-core==1.2.28)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.10.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 13, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 13, 2026

Superseded by #267.

@dependabot dependabot bot closed this Apr 13, 2026
@dependabot dependabot bot deleted the dependabot/uv/backend/uv-f8b143c4e8 branch April 13, 2026 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants