Skip to content

ci: bump the uv group across 1 directory with 3 updates#1241

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-c39bb84c71
Open

ci: bump the uv group across 1 directory with 3 updates#1241
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-c39bb84c71

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 3 updates in the / directory: torch, langsmith and pydantic-settings.

Updates torch from 2.12.0 to 2.12.1

Release notes

Sourced from torch's releases.

PyTorch 2.12.1 Release, bug fix release

This release is meant to fix the following regressions and silent correctness issues:

Regression fixes

  • Fix nondeterministic outputs in test_batch_invariance with FLASH_ATTN on NVIDIA B200 GPUs (#181248), fixed by updating Triton to 3.7.1 (#186814)
  • Fix illegal memory access in the Triton convolution2d_bwd_weight kernel on B100/B200 (sm100) GPUs (#187081), fixed by updating Triton to 3.7.1 (#186814)
  • Fix fill_ on byte-dtype views with misaligned storage offset (#186821)

Releng / Build

  • Drop CPython 3.13t from the binary build matrix (#182951)
Commits

Updates langsmith from 0.8.0 to 0.8.18

Release notes

Sourced from langsmith's releases.

v0.8.18

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.8.17...v0.8.18

v0.8.17

What's Changed

New Contributors

Full Changelog: langchain-ai/langsmith-sdk@v0.8.16...v0.8.17

v0.8.16

What's Changed

... (truncated)

Commits
  • 31c2bf6 release(py): 0.8.18 (#3063)
  • 8955b68 chore: reconcile bumpversion config and mandate release process for agents (#...
  • 411401f test(python): fix integration assertions for updated attachment error message...
  • 9c55156 Merge commit from fork
  • 5b2bd8d chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates ...
  • d8642f9 chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates ...
  • 953c2e5 chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python (#3044)
  • 5513699 chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python (#3039)
  • 8becdef chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python (#3038)
  • 1a9c522 chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python (#3037)
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.12.0 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • d703bd7 Prepare release 2.14.2 (#890)
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
ci: bump the uv group across 1 directory with 3 updates
4f5ef72 
Bumps the uv group with 3 updates in the / directory: [torch](https://github.com/pytorch/pytorch), [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [pydantic-settings](https://github.com/pydantic/pydantic-settings).


Updates `torch` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.12.0...v2.12.1)

Updates `langsmith` from 0.8.0 to 0.8.18
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.8.0...v0.8.18)

Updates `pydantic-settings` from 2.12.0 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.12.0...v2.14.2)

---
updated-dependencies:
- dependency-name: torch
  dependency-version: 2.12.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.8.18
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 21, 2026
@github-actions github-actions Bot added the status: ci failing Required or reported CI checks are failing label Jun 21, 2026
JerrettDavis
JerrettDavis requested changes Jun 22, 2026
View reviewed changes

@JerrettDavis JerrettDavis left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This cannot merge while CI is red. The dependency update itself is limited to uv.lock, but commitlint failed and the rest of the CI workflow was skipped after that failure.

Please regenerate/rebase the Dependabot PR so the commit metadata satisfies the repository's conventional commit policy, then let the normal CI jobs run. Once the branch is green, this should be straightforward to review as a lockfile-only dependency bump.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JerrettDavis JerrettDavis JerrettDavis requested changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code status: ci failing Required or reported CI checks are failing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JerrettDavis