chore(deps): bump the uv group across 2 directories with 2 updates

[dependabot]

Bumps the uv group with 1 update in the / directory: idna.
Bumps the uv group with 1 update in the /hindsight-integrations/pydantic-ai directory: pydantic-ai-slim.

Updates idna from 3.11 to 3.15

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

• Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
• Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

• Correct classification error for codepoint U+A7F1

3.12 (2026-04-21)

• Update to Unicode 17.0.0.
• Issue a deprecation warning for the transitional argument.
• Added lazy-loading to provide some performance improvements.
• Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

• af30a09 Release 3.15
• 30314d4 Pre-release 3.15rc0
• 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
• 2987fdb Convert README and HISTORY from reStructuredText to Markdown
• 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
• def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
• bbd8004 Merge pull request #234 from StanFromIreland/patch-1
• edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
• 5557db0 Merge branch 'master' into patch-1
• f11746c Merge pull request #235 from StanFromIreland/patch-2
• Additional commits viewable in compare view

Updates pydantic-ai-slim from 1.95.0 to 1.99.0

Release notes

Sourced from pydantic-ai-slim's releases.

v1.99.0 (2026-05-19)

What's Changed

🛡️ Security

• Normalize IPv6 transition forms in URL validation by @​DouweM in pydantic/pydantic-ai#5528
  • Security advisory: SSRF cloud-metadata blocklist bypass via IPv6-encoded address forms GHSA-cqp8-fcvh-x7r3
  • You are affected only if your application explicitly opts a FileUrl into force_download='allow-local' on a URL that is, or could be, influenced by untrusted input.
  • You are not affected if you use any of the bundled integrations to ingest user input: Agent.to_web / clai web; VercelAIAdapter; AGUIAdapter / Agent.to_ag_ui

🚀 Features

• Add gemini-3.5-flash model by @​dsfaccini in pydantic/pydantic-ai#5527

🐛 Bug Fixes

• Avoid OpenAI strict schemas with regex lookarounds by @​dsfaccini in pydantic/pydantic-ai#5519

Full Changelog: pydantic/pydantic-ai@v1.98.0...v1.99.0

v1.98.0 (2026-05-18)

What's Changed

🚀 Features

• Add OpenAI Responses input token counting (OpenAIResponsesModel.count_tokens) by @​colesmcintosh in pydantic/pydantic-ai#3951
• Replace Agent tool_retries=/output_retries= with retries: int | AgentRetries by @​Kludex in pydantic/pydantic-ai#5500

🐛 Bug Fixes

• fix(mcp): Don't require fastmcp.server at runtime by @​Kymi808 in pydantic/pydantic-ai#5514

🆕 V2 Preparation

• Deprecate pydantic_ai.ext.aci (tool_from_aci and ACIToolset) by @​dsfaccini in pydantic/pydantic-ai#5510

New Contributors

• @​Kymi808 made their first contribution in pydantic/pydantic-ai#5514

Full Changelog: pydantic/pydantic-ai@v1.97.0...v1.98.0

v1.97.0 (2026-05-15)

What's Changed

🚀 Features

• feat(evals): add OnlineEvaluator.run_on_errors to opt into evaluating failed calls by @​dmontagu in pydantic/pydantic-ai#5456
• Split GoogleProvider(vertexai=True|False) into GoogleProvider + GoogleCloudProvider; rename provider ID google-gla: to google:, google-vertex: to google-cloud:; deprecate old names by @​dsfaccini in pydantic/pydantic-ai#5336
• Add MCPToolset that uses fastmcp-slim[client], deprecate MCPServer* and FastMCPToolset by @​DouweM in pydantic/pydantic-ai#5325
• Set ModelResponse.state to incomplete while response is still streaming by @​adtyavrdhn in pydantic/pydantic-ai#5455
• Move pydantic_graph.beta API out of beta, deprecate old API by @​dmontagu in pydantic/pydantic-ai#5306

🆕 V2 Preparation

• Deprecate stream_responses() for stream_response(); new singular yields ModelResponse instead of (ModelResponse, is_last) tuple by @​dsfaccini in pydantic/pydantic-ai#5296
• Deprecate Agent.to_a2a() and bundled fasta2a integration; fasta2a has been adopted by DataLayer and users can use fasta2a.pydantic_ai (requires fasta2a v0.6.1) instead by @​dsfaccini in pydantic/pydantic-ai#5426

New Contributors

... (truncated)

Commits

• 78a4d8d Avoid OpenAI strict schemas with regex lookarounds (#5519)
• e64d2bf fix: normalize IPv6 transition forms in URL validation (#5528)
• 7e6b79f Add gemini-3.5-flash model (#5527)
• 4f09bf0 Revert "Drop instrumentation v1 and default to v5" (#5522)
• b9d5bbe Drop instrumentation v1 and default to v5 (#5511)
• 23924c3 chore: add skill update guidance to Agents.md (#5520)
• 2f461ec Add OpenAI Responses input token counting (#3951)
• f458346 fix(mcp): Don't require fastmcp.server at runtime (#5514)
• 24c8cdc Replace Agent tool_retries=/output_retries= with `retries: int | AgentR...
• 8cc76d8 Deprecate pydantic_ai.ext.aci (tool_from_aci and ACIToolset) ahead of v...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.