Skip to content

Bump the python group across 1 directory with 2 updates#69

Merged
stefanvanburen merged 4 commits intomainfrom
dependabot/uv/example/python-f1929d2995
Jan 7, 2026
Merged

Bump the python group across 1 directory with 2 updates#69
stefanvanburen merged 4 commits intomainfrom
dependabot/uv/example/python-f1929d2995

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025
edited
Loading

Updates the requirements on starlette and uv-build to permit the latest version.
Updates starlette from 0.49.3 to 0.50.0

Release notes

Sourced from starlette's releases.

Version 0.50.0

Removed

  • Drop Python 3.9 support #3061.

Full Changelog: Kludex/starlette@0.49.3...0.50.0

Changelog

Sourced from starlette's changelog.

0.50.0 (November 1, 2025)

  • Drop Python 3.9 support #3061.
Commits

Updates uv-build to 0.9.18

Release notes

Sourced from uv-build's releases.

0.9.18

Release Notes

Released on 2025-12-16.

Enhancements

  • Add value hints to command line arguments to improve shell completion accuracy (#17080)
  • Improve error handling in uv publish (#17096)
  • Improve rendering of multiline error messages (#17132)
  • Support redirects in uv publish (#17130)
  • Include Docker images with the alpine version, e.g., python3.x-alpine3.23 (#17100)

Configuration

  • Accept --torch-backend in [tool.uv] (#17116)

Performance

  • Speed up uv cache size (#17015)
  • Initialize S3 signer once (#17092)

Bug fixes

  • Avoid panics due to reads on failed requests (#17098)
  • Enforce latest-version in @latest requests (#17114)
  • Explicitly set EntryType for file entries in tar (#17043)
  • Ignore pyproject.toml index username in lockfile comparison (#16995)
  • Relax error when using uv add with UV_GIT_LFS set (#17127)
  • Support file locks on ExFAT on macOS (#17115)
  • Change schema for exclude-newer into optional string (#17121)

Documentation

  • Drop arm musl caveat from Docker documentation (#17111)
  • Fix version reference in resolver example (#17085)
  • Better documentation for exclude-newer* (#17079)

Install uv 0.9.18

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.18/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.9.18/uv-installer.ps1 | iex"
</tr></table>

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.9.18

Released on 2025-12-16.

Enhancements

  • Add value hints to command line arguments to improve shell completion accuracy (#17080)
  • Improve error handling in uv publish (#17096)
  • Improve rendering of multiline error messages (#17132)
  • Support redirects in uv publish (#17130)
  • Include Docker images with the alpine version, e.g., python3.x-alpine3.23 (#17100)

Configuration

  • Accept --torch-backend in [tool.uv] (#17116)

Performance

  • Speed up uv cache size (#17015)
  • Initialize S3 signer once (#17092)

Bug fixes

  • Avoid panics due to reads on failed requests (#17098)
  • Enforce latest-version in @latest requests (#17114)
  • Explicitly set EntryType for file entries in tar (#17043)
  • Ignore pyproject.toml index username in lockfile comparison (#16995)
  • Relax error when using uv add with UV_GIT_LFS set (#17127)
  • Support file locks on ExFAT on macOS (#17115)
  • Change schema for exclude-newer into optional string (#17121)

Documentation

  • Drop arm musl caveat from Docker documentation (#17111)
  • Fix version reference in resolver example (#17085)
  • Better documentation for exclude-newer* (#17079)

0.9.17

Released on 2025-12-09.

Enhancements

  • Add torch-tensorrt and torchao to the PyTorch list (#17053)
  • Add hint for misplaced --verbose in uv tool run (#17020)
  • Add support for relative durations in exclude-newer (a.k.a., dependency cooldowns) (#16814)
  • Add support for relocatable nushell activation script (#17036)

Bug fixes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Dec 22, 2025
@dependabot
chore(deps): bump the python group across 1 directory with 2 updates
120be87 
Updates the requirements on [starlette](https://github.com/Kludex/starlette) and [uv-build](https://github.com/astral-sh/uv) to permit the latest version.

Updates `starlette` from 0.49.3 to 0.50.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.49.3...0.50.0)

Updates `uv-build` to 0.9.18
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.7.21...0.9.18)

---
updated-dependencies:
- dependency-name: starlette
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: uv-build
  dependency-version: 0.9.18
  dependency-type: direct:development
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/example/python-f1929d2995 branch from 1baa695 to 120be87 Compare December 29, 2025 08:24
@stefanvanburen stefanvanburen changed the title chore(deps): bump the python group across 1 directory with 2 updates Bump the python group across 1 directory with 2 updates Dec 29, 2025
@stefanvanburen
Run uv lock
fb8b473 
*sigh* - why can't Dependabot do this?

Signed-off-by: Stefan VanBuren <svanburen@buf.build>
@stefanvanburen stefanvanburen requested a review from a team December 29, 2025 17:51
@stefanvanburen
Copy link
Member

stefanvanburen commented Jan 5, 2026

@anuraaga not too sure if the failures here are flakes or expected with these bumps (I somewhat suspect the former, since the version bumps look fairly benign?).

@anuraaga
Tweak timeouts
343892e 
Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
@anuraaga
Revert gunicorn
dac7b0e 
Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
anuraaga
anuraaga approved these changes Jan 7, 2026
View reviewed changes
Copy link
Collaborator

@anuraaga anuraaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @stefanvanburen - I thought the timeout tests flakiness cropped up again and raised the delay, but after adding some more stress in #77 I found that there actually is a bug around response closing. I have that handled now though I am doing some more deep dive into cancellation to make sure there isn't more to fix. In the meantime, this PR is green though that hasn't been merged yet

@stefanvanburen
Copy link
Member

stefanvanburen commented Jan 7, 2026

@anuraaga thanks for taking a look — going to merge this as-is since it's green and the issues are unrelated to this PR

@stefanvanburen stefanvanburen merged commit d68832f into main Jan 7, 2026
23 checks passed
@stefanvanburen stefanvanburen deleted the dependabot/uv/example/python-f1929d2995 branch January 7, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anuraaga anuraaga anuraaga approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stefanvanburen @anuraaga