Skip to content

chore(deps): bump the uv group across 1 directory with 2 updates#313

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-12284d4b00
Open

chore(deps): bump the uv group across 1 directory with 2 updates#313
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-12284d4b00

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 2 updates in the / directory: langsmith and vcrpy.

Updates langsmith from 0.8.0 to 0.8.18

Release notes

Sourced from langsmith's releases.

v0.8.18

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.8.17...v0.8.18

v0.8.17

What's Changed

New Contributors

Full Changelog: langchain-ai/langsmith-sdk@v0.8.16...v0.8.17

v0.8.16

What's Changed

... (truncated)

Commits
  • 31c2bf6 release(py): 0.8.18 (#3063)
  • 8955b68 chore: reconcile bumpversion config and mandate release process for agents (#...
  • 411401f test(python): fix integration assertions for updated attachment error message...
  • 9c55156 Merge commit from fork
  • 5b2bd8d chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates ...
  • d8642f9 chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates ...
  • 953c2e5 chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python (#3044)
  • 5513699 chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python (#3039)
  • 8becdef chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python (#3038)
  • 1a9c522 chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python (#3037)
  • Additional commits viewable in compare view

Updates vcrpy from 8.1.1 to 8.2.1

Release notes

Sourced from vcrpy's releases.

v8.2.1

What's Changed

  • SECURITY: Cassettes are now loaded with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded. Previously a crafted cassette containing a Python object tag (e.g. !!python/object/apply:os.system) would execute code on load, including via the normal vcr.use_cassette() path. Existing cassettes (including file-upload/streaming bodies) continue to load. Advisory: GHSA-rpj2-4hq8-938g — thanks @​RamiAltai and @​EQSTLab for the reports.
  • Validate record_mode and raise a clear error on an invalid value (#208)
  • Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

Full Changelog: kevin1024/vcrpy@v8.2.0...v8.2.1

v8.2.0

What's Changed

  • Add support for httpx 2.x (#993) - thanks @​dsfaccini
  • Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
  • Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
  • Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
  • Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
  • Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
  • Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
  • Add env proxy cassette regression test (#994) - thanks @​tine1117
  • Remove milestone references from docs (#984) - thanks @​Polandia94
  • CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

Full Changelog: kevin1024/vcrpy@v8.1.1...v8.2.0

Changelog

Sourced from vcrpy's changelog.

Changelog

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

  • 8.2.1

    • SECURITY: Load cassettes with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded (GHSA-rpj2-4hq8-938g) - thanks @​RamiAltai and @​EQSTLab
    • Validate record_mode and raise a clear error on an invalid value (#208)
    • Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

  • 8.2.0

    • Add support for httpx 2.x (#993) - thanks @​dsfaccini
    • Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
    • Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
    • Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
    • Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
    • Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
    • Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
    • Add env proxy cassette regression test (#994) - thanks @​tine1117
    • Remove milestone references from docs (#984) - thanks @​Polandia94
    • CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

  • 8.1.1

    • Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
    • CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

  • 8.1.0

  • 8.0.0

    • BREAKING: Drop support for Python 3.9 (major version bump) - thanks @​jairhenrique
    • BREAKING: Drop support for urllib3 < 2 - fixes CVE warnings from urllib3 1.x (#926, #880) - thanks @​jairhenrique
    • New feature: drop_unused_requests option to remove unused interactions from cassettes (#763) - thanks @​danielnsilva
    • Rewrite httpx support to patch httpcore instead of httpx (#943) - thanks @​seowalex
      • Fixes httpx.ResponseNotRead exceptions (#832, #834)
      • Fixes KeyError: 'follow_redirects' (#945)
      • Adds support for custom httpx transports
    • Fix HTTPS proxy handling - proxy address no longer ends up in cassette URIs (#809, #914) - thanks @​alga
    • Fix iscoroutinefunction deprecation warning on Python 3.14 - thanks @​kloczek
    • Only log message if response is appended - thanks @​talfus-laddus
    • Optimize urllib.parse calls - thanks @​Martin-Brunthaler
    • Fix CI for Ubuntu 24.04 - thanks @​hartwork
    • Various CI improvements: migrate to uv, update GitHub Actions - thanks @​jairhenrique
    • Various linting and test improvements - thanks @​jairhenrique and @​hartwork

... (truncated)

Commits
  • 8531203 Release v8.2.1
  • 045acb1 Use a safe YAML loader for cassettes to prevent code execution
  • de43f46 Fix lint failures from merged PRs (codespell + ruff UP032)
  • 514c374 Validate record_mode and raise a clear error on invalid values
  • b736cad docs: recommend pytest-recording over unmaintained pytest-vcr
  • 06758c9 Release v8.2.0
  • 6554837 Add env proxy cassette regression test (#994)
  • 62cf5e1 Accounting for modified requests when storing played cassettes, with a test (...
  • 13f201a make url available in VCRHTTPResponse (#976)
  • d57b553 improve error message on repeated requestt (#985)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the uv group across 1 directory with 2 updates
340e3ae 
Bumps the uv group with 2 updates in the / directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [vcrpy](https://github.com/kevin1024/vcrpy).


Updates `langsmith` from 0.8.0 to 0.8.18
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.8.0...v0.8.18)

Updates `vcrpy` from 8.1.1 to 8.2.1
- [Release notes](https://github.com/kevin1024/vcrpy/releases)
- [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst)
- [Commits](kevin1024/vcrpy@v8.1.1...v8.2.1)

---
updated-dependencies:
- dependency-name: langsmith
  dependency-version: 0.8.18
  dependency-type: indirect
  dependency-group: uv
- dependency-name: vcrpy
  dependency-version: 8.2.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants