Skip to content

build: bump the all-uv-deps group in /src/ContentProcessor with 12 updates#436

Merged
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/uv/src/ContentProcessor/dependabotchanges/all-uv-deps-e338f95226
Mar 2, 2026
Merged

build: bump the all-uv-deps group in /src/ContentProcessor with 12 updates#436
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/uv/src/ContentProcessor/dependabotchanges/all-uv-deps-e338f95226

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 1, 2026

Bumps the all-uv-deps group in /src/ContentProcessor with 12 updates:

Package From To
azure-core 1.38.0 1.38.2
azure-identity 1.25.1 1.25.2
certifi 2026.1.4 2026.2.25
coverage 7.13.2 7.13.4
cryptography 46.0.4 46.0.5
msal 1.34.0 1.35.0
pandas 3.0.0 3.0.1
pillow 12.1.0 12.1.1
pydantic-core 2.41.5 2.42.0
pydantic-settings 2.12.0 2.13.1
regex 2026.1.15 2026.2.28
ruff 0.14.14 0.15.4

Updates azure-core from 1.38.0 to 1.38.2

Release notes

Sourced from azure-core's releases.

azure-core_1.38.2

1.38.2 (2026-02-18)

Bugs Fixed

  • Fixed PipelineClient.format_url to preserve the leading slash when the URL template starts with /?. #45218

azure-core_1.38.1

1.38.1 (2026-02-10)

Bugs Fixed

  • Fixed PipelineClient.format_url to avoid adding trailing slashes when the URL template contains only query parameters. #45044
Commits

Updates azure-identity from 1.25.1 to 1.25.2

Release notes

Sourced from azure-identity's releases.

azure-identity_1.25.2

1.25.2 (2026-02-10)

Bugs Fixed

  • Fixed an issue with certain credentials not bypassing the token cache when claims are provided in get_token or get_token_info calls. (#44552) (#44815)
  • Fixed an issue where an unhelpful TypeError was raised during Entra ID token requests that returned empty responses. Now, a ClientAuthenticationError is raised with the full response for better troubleshooting. (#44258)

Other Changes

  • Bumped minimum dependency on msal to >=1.31.0.
  • Added debug logging of access token cache hits in several credentials to improve troubleshooting of token cache behavior. (#44963)
  • Replace instances of azure.core.pipeline.transport.HttpRequest with azure.core.rest.HttpRequest. (#44993)
Commits

Updates certifi from 2026.1.4 to 2026.2.25

Commits

Updates coverage from 7.13.2 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

  • Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

  • Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

  • We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

  • Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:

Commits

Updates msal from 1.34.0 to 1.35.0

Release notes

Sourced from msal's releases.

1.35.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0

MSAL Python 1.35.0b1

Highlights

  • The managed identity code path no longer has a dependency on the socket.getfqdn(). No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • This version of MSAL Python will pick up PyMsalRuntime 0.20.*. No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • The thumbprint name-value pair in the client_credential parameter becomes optional now. See API docs for usage.

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0b1

Changelog

Sourced from msal's changelog.

→ Tag: 1.35.0, Target: release-1.35.0

→ PyPI publish happens automatically

Commits
  • 4549f9b Merge branch 'dev' into release-1.35.0
  • 1310fac Removed logs that were causing Alerts (#878)
  • 733a83c Security: Remove unsafe PowerShell fallback in WSL (#866)
  • d7e0e11 Add OIDC issuer validation (#840)
  • 58cf073 Separate manual tests and remove unused settings from E2E (#874)
  • c096335 Remove usage of Lab API for integration test config (#870)
  • 60d3401 Add form_post response mode support for system browser authentication (#868)
  • 080111b 1.35.0b1
  • eac15a9 Suppress CodeQL warning (#867)
  • d3464e6 Explicitly remove issuer from the OIDC discovery
  • Additional commits viewable in compare view

Updates pandas from 3.0.0 to 3.0.1

Release notes

Sourced from pandas's releases.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • e04b26f RLS: 3.0.1 (#64206)
  • 47909e6 [backport 3.0.x] ENH: Add item() method to ExtensionArray class (#64134) (#64...
  • a061bfd Backport PR #64199 on branch 3.0.x (DOC: cleanup 3.0.1 whatsnew) (#64201)
  • 085a385 [backport 3.0.x] BUG: Fix read_hdf failing on generic datetime64 dtype (#6400...
  • 5f17047 [backport 3.0.x] BUG: use fill_null fallback for bug in pyarrow 21 on Windows...
  • 0d3a8cb Backport PR #64122 on branch 3.0.x (REG: Allow RE2 syntax in str.contains and...
  • 78e1917 Backport PR #64185 on branch 3.0.x (TST: remove fixed xfail for PyArrow 23.0....
  • 75a42ca Backport PR #64168 on branch 3.0.x (TST: add legacy file generation and tests...
  • 46d443f Backport PR #64092 on branch 3.0.x (BUG: DataFrame.loc fills b'' instead of N...
  • 9d67932 Backport PR #64068 on branch 3.0.x (BUG: fixed to_timedelta with list of int ...
  • Additional commits viewable in compare view

Updates pillow from 12.1.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

Commits

Updates pydantic-core from 2.41.5 to 2.42.0

Commits

Updates pydantic-settings from 2.12.0 to 2.13.1

Release notes

Sourced from pydantic-settings's releases.

v2.13.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.12.0...v2.13.0

Commits

Updates regex from 2026.1.15 to 2026.2.28

Changelog

Sourced from regex's changelog.

Version: 2026.2.28

Replaced atomic operations with mutex on pattern object for free-threaded Python.

Version: 2026.2.26

PR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.

Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.

Version: 2026.2.19

Added \z as alias of \Z, like in re module.

Added prefixmatch as alias of match, like in re module.

Version: 2026.1.15

Re-uploaded.

Version: 2026.1.14

Git issue 596: Specifying {e<=0} causes ca 210× slow-down.

Added RISC-V wheels.

Version: 2025.11.3

Git issue 594: Support relative PARNO in recursive subpatterns.

Version: 2025.10.23

'setup.py' was missing from the source distribution.

Version: 2025.10.22

Fixed test in main.yml.

Version: 2025.10.21

Moved tests into subfolder.

Version: 2025.10.20

Re-organised files.

Updated to Unicode 17.0.0.

Version: 2025.9.20

... (truncated)

Commits
  • df2d5ac Replaced atomic operations with mutex on pattern object for free-threaded Pyt...
  • ed3d9ca Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.
  • 28dd3e7 Merge pull request #598 from kevmo314/fix-storage-caching-race
  • 9789c22 Added \z as alias of \Z, like in re module.
  • cd631d8 Fix race condition in storage caching with atomic operations
  • See full diff in compare view

Updates ruff from 0.14.14 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

0.15.3

Released on 2026-02-26.

Preview features

  • Drop explicit support for .qmd file extension (#23572)

    This can now be enabled instead by setting the extension option:

    # ruff.toml
extension = { qmd = "markdown" }
pyproject.toml
[tool.ruff]
extension = { qmd = "markdown" }

  • Include configured extensions in file discovery (#23400)

  • [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

  • [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

  • [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits
  • f14edd8 Bump 0.15.4 (#23595)
  • fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
  • 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
  • 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
  • 60facfa one word typo fix in a while_loop.md test case (#23589)
  • fbb9fa7 docs: fix incorrect import-heading example (#23568)
  • 5bc49a9 Increase the ruleset size to 16 bits (#23586)
  • a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
  • e5f2f36 Bump 0.15.3 (#23585)
  • 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build: bump the all-uv-deps group
85285bb 
Bumps the all-uv-deps group in /src/ContentProcessor with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.2` |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.2` | `7.13.4` |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.4` | `46.0.5` |
| [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) | `1.34.0` | `1.35.0` |
| [pandas](https://github.com/pandas-dev/pandas) | `3.0.0` | `3.0.1` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.1.1` |
| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.42.0` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.13.1` |
| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.2.28` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.4` |


Updates `azure-core` from 1.38.0 to 1.38.2
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.2)

Updates `azure-identity` from 1.25.1 to 1.25.2
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2)

Updates `certifi` from 2026.1.4 to 2026.2.25
- [Commits](certifi/python-certifi@2026.01.04...2026.02.25)

Updates `coverage` from 7.13.2 to 7.13.4
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.2...7.13.4)

Updates `cryptography` from 46.0.4 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.4...46.0.5)

Updates `msal` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASE_GUIDE.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0)

Updates `pandas` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v3.0.0...v3.0.1)

Updates `pillow` from 12.1.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

Updates `pydantic-core` from 2.41.5 to 2.42.0
- [Release notes](https://github.com/pydantic/pydantic-core/releases)
- [Commits](https://github.com/pydantic/pydantic-core/commits)

Updates `pydantic-settings` from 2.12.0 to 2.13.1
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.12.0...v2.13.1)

Updates `regex` from 2026.1.15 to 2026.2.28
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2026.1.15...2026.2.28)

Updates `ruff` from 0.14.14 to 0.15.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.14...0.15.4)

---
updated-dependencies:
- dependency-name: azure-core
  dependency-version: 1.38.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: azure-identity
  dependency-version: 1.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: certifi
  dependency-version: 2026.2.25
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
- dependency-name: coverage
  dependency-version: 7.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: msal
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
- dependency-name: pandas
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-uv-deps
- dependency-name: pydantic-core
  dependency-version: 2.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
- dependency-name: pydantic-settings
  dependency-version: 2.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
- dependency-name: regex
  dependency-version: 2026.2.28
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
- dependency-name: ruff
  dependency-version: 0.15.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-uv-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 1, 2026
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 1, 2026
@dependabot dependabot Bot requested review from dgp10801 and nchandhi as code owners March 1, 2026 06:41
@dependabot dependabot Bot added the python:uv Pull requests that update python:uv code label Mar 1, 2026
@github-actions github-actions Bot merged commit ab40f19 into dependabotchanges Mar 2, 2026
3 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/src/ContentProcessor/dependabotchanges/all-uv-deps-e338f95226 branch March 2, 2026 00:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner

@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants