Skip to content

chore(deps): bump the uv group with 5 updates#169

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-e3a5249b53
Open

chore(deps): bump the uv group with 5 updates#169
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-e3a5249b53

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Bumps the uv group with 5 updates:

Package From To
json-repair 0.59.10 0.60.1
pypdfium2 5.8.0 5.9.0
transformers 5.9.0 5.10.1
ruff 0.15.14 0.15.15
ty 0.0.40 0.0.42

Updates json-repair from 0.59.10 to 0.60.1

Release notes

Sourced from json-repair's releases.

Release 0.60.1

Added

  • A potential infinite loop in schema resolution could cause an application using the library to crash if the schema was self referential

Support this project

json_repair is maintained as a side project and stays free for everyone.

If it saves you debugging time, helps you handle LLM-generated JSON, or is part of your production workflow, please consider:

Sponsorship helps justify the time spent fixing edge cases, improving performance, and keeping the library reliable.

Release 0.60.0

Added

  • Support for repairing string values that contain low smart quote spans like „... when the closing quote is emitted as ASCII " instead of Unicode ”. Issue #198

Support this project

json_repair is maintained as a side project and stays free for everyone.

If it saves you debugging time, helps you handle LLM-generated JSON, or is part of your production workflow, please consider:

Sponsorship helps justify the time spent fixing edge cases, improving performance, and keeping the library reliable.

Commits

Updates pypdfium2 from 5.8.0 to 5.9.0

Release notes

Sourced from pypdfium2's releases.

5.9.0

Changes (Release 5.9.0)

Summary (pypdfium2)

  • Finally updated native sourcebuild from pdfium 7191 to 7841. Updating the script & patches, and tracking down any issues that cropped up, adding new patches to fix them, turned out to be a great deal of work.
  • Created gn-dist project providing recent builds of GN (generate-ninja) for Linux (glibc and musl, full set of architectures). Updated pypdfium2's cibuildwheel config and workflows accordingly to use gn-dist rather than outdated distro packages of GN. Scripting to build GN from source previously included in pypdfium2's setup has moved to gn-dist. In build_native.py, patches for legacy GN are still included and enabled by default for now, but you can pass --no-legacy-gn to skip them. To make updating more straightforward, this mode will be made default and the patches will be removed in the future.
  • Workflows overhaul.
    • Deduplicated workflow_dispatch and workflow_call inputs using YAML anchors & aliases (available on GHA since 09/2025).
    • Replaced benc-uk/workflow-dispatch action with reusable workflow calls.
    • Deduplicated series of individual jobs by switching to matrices. Handle if-conditions through an input parameter to the called workflow, because (unlike jobs) matrix entries have no built-in conditionality.
    • Updated to Python 3.14 (mostly). Simplified test matrices to probe just a few Python versions (e.g. 3.8, 3.11, 3.14).
  • Limited who has maintainer access to the repo and project sites. mara004, the author and so far only active committer of pypdfium2, now is (and will remain) sole owner. Inactive co-maintainers no longer have access, but are welcome to submit PRs. In the event of the author being unable to pursue this project further, it can be forked and a new maintainer may build their own trust, but given the risks inherent to maintainer changes, it has been decided that pypdfium2 will remain mara004's personal project. The existing userbase will not be handed over to another maintainer.

Commits between 5.8.0 and 5.9.0 (latest commit first):

  • f4b4032a [autorelease main] update 5.9.0
  • 073a8730 Add another note to the changelog
  • fbcf26ce bulid_native: make --version main work (in gcc mode)
  • 22530e39 Prepare changelog for next release
  • 3628a5a0 fix typo 'pouplar' (to 'popular') (cf. #436)
  • 1838acb1 build_native.py: ack //build/toolchain/linux/unbundle
  • 6570b33b build_native: cherry-pick openjpeg security fix
  • ce1f0f77 android: set use_mold to false
  • 53c58228 justfile: open browser in background
  • 71568ff6 AutoCloseable style nit
  • af847562 correction: negative crop does not actually work
  • f729f447 pyproject.toml: align order of commented-out system libs
  • 2044a804 Make autoflake happy
  • 1da966ec Drop gn_build.patch
  • a6d1ee6a cibw/loongarch64: fix GN version
  • 9cae361a Improve gn-dist integration
  • ca980469 build_toolchained: rework GN task, call honor_gn_dist()
  • 767bd0f9 Bring recent GN to sbuild/sbuild_native workflows
  • ababbbd6 cibw: move down gn-dist handlers
  • 57f496cd cibw: spell out list of CPUs instead of using || true
  • 96f527b7 cibw: fix loongarch64 not getting gn_dist binary
  • 4cb251ee Use gn-dist (#432)

... (truncated)

Commits
  • f4b4032 [autorelease main] update 5.9.0
  • 073a873 Add another note to the changelog
  • fbcf26c bulid_native: make --version main work (in gcc mode)
  • 22530e3 Prepare changelog for next release
  • 3628a5a fix typo 'pouplar' (to 'popular') (cf. #436)
  • 1838acb build_native.py: ack //build/toolchain/linux/unbundle
  • 6570b33 build_native: cherry-pick openjpeg security fix
  • ce1f0f7 android: set use_mold to false
  • 53c5822 justfile: open browser in background
  • 71568ff AutoCloseable style nit
  • Additional commits viewable in compare view

Updates transformers from 5.9.0 to 5.10.1

Release notes

Sourced from transformers's releases.

Release v5.10.1

v5.10.0 was yanked as we publish on a corrupted branch. Sorry everyone, this happens when we rush a release!!!

New Model additions

Gemma4 unified+ Gemma4 MTP

Gemma 4 12B Unified is an encoder-free multimodal model with pretrained and instruction-tuned variants. Unlike standard Gemma 4, which uses dedicated encoder towers, Gemma 4 12B Unified projects raw inputs directly into the language model's embedding space through lightweight linear pipelines. This results in a simpler architecture while maintaining strong multimodal performance.

Key differences from standard Gemma 4:

  • No Vision Tower: Raw pixel patches are projected directly into LM space via a Dense + LayerNorm pipeline with factorized 2D positional embeddings, replacing the vision encoder.
  • No Audio Tower: Raw 16 kHz waveform samples are chunked into fixed-length frames and projected through a simple RMSNorm → Linear pipeline, replacing the mel spectrogram + Conformer encoder.
  • Shared Multimodal Pipeline: Both vision and audio use the same Gemma4UnifiedMultimodalEmbedder (RMSNorm → Linear) for the final projection to text hidden space.

You can find the original Gemma 4 12B Unified checkpoints under the Gemma 4 release.

Sapiens2

Sapiens2 is a family of high-resolution vision transformers pretrained on ~1 billion curated human images, designed for human-centric computer vision tasks including pose estimation, body-part segmentation, surface normal estimation, and pointmap estimation. The models scale from 0.4B to 5B parameters and train at native 1K resolution, with hierarchical 4K variants for extended spatial reasoning. Sapiens2 achieves substantial improvements over its predecessor with +4 mAP in pose estimation, +24.3 mIoU in body-part segmentation, and 45.6% error reduction in normal estimation.

Links: Documentation | Paper

DeepSeek-OCR-2

DeepSeek-OCR-2 is an OCR-specialized vision-language model built on a distinctive architecture that combines a SAM ViT-B vision encoder with a Qwen2 hybrid attention encoder, connected through an MLP projector to a DeepSeek-V2 Mixture-of-Experts (MoE) language model. The model features a hybrid attention mechanism that applies bidirectional attention over image tokens and causal attention over query tokens, enabling efficient and accurate document understanding. It supports both plain OCR tasks and grounding capabilities with coordinate-aware output for document conversion to markdown format.

Links: Documentation

Mellum

Mellum is a code-focused Mixture-of-Experts language model developed by JetBrains. It is derived from the Qwen3-MoE architecture with per-layer-type RoPE and interleaved sliding window attention. The model has 12B total parameters with 2.5B active parameters per token, using 64 routed experts with 8 activated per token across 28 layers.

Links: Documentation

Breaking changes

The Gemma4 vision pooler now casts inputs to float32 before scaling to prevent float16 overflow (inf saturation) with large checkpoints, which may cause minor numerical differences in outputs for users running Gemma-4 vision models in float16.

Audio Language Models (ALMs) now have a dedicated base model class without a language modeling head, aligning them with the design of Vision Language Models (VLMs); users relying on the previous model class structure should update their code to use the new base model class where appropriate.

... (truncated)

Commits

Updates ruff from 0.15.14 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

Commits
  • db5aa0a Bump 0.15.15 (#25431)
  • 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
  • e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
  • 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
  • 7e1bc1e Add agent skills for working on ty (#25422)
  • 574e107 Expand semantic syntax errors for invalid walruses (#25415)
  • 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
  • 5432709 Refine a few agents instructions (#25423)
  • 3cb09eb [ty] Support typing.TypeForm (#25334)
  • c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
  • Additional commits viewable in compare view

Updates ty from 0.0.40 to 0.0.42

Release notes

Sourced from ty's releases.

0.0.42

Release Notes

Released on 2026-06-01.

Bug fixes

  • Fix narrowing of enum literal unions by member identity (#25520)
  • Detect recursive expansion in constraint-set solving (#25442)

Core type checking

  • Support tagged-union narrowing for nominal types (#24916)
  • Extend Generator assignability workaround to Python 3.13+ (#25472)
  • Sync vendored typeshed stubs (#25514)

Performance

  • Avoid redundant work for empty collection context (#25527)
  • Deduplicate retained use-def place states (#25450)
  • Compact retained semantic maps (#25238)

Contributors

Install ty 0.0.42

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.42/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.42/ty-installer.ps1 | iex"

Download ty 0.0.42

File Platform Checksum
ty-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ty-x86_64-apple-darwin.tar.gz Intel macOS checksum
ty-aarch64-pc-windows-msvc.zip ARM64 Windows checksum

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.42

Released on 2026-06-01.

Bug fixes

  • Fix narrowing of enum literal unions by member identity (#25520)
  • Detect recursive expansion in constraint-set solving (#25442)

Core type checking

  • Support tagged-union narrowing for nominal types (#24916)
  • Extend Generator assignability workaround to Python 3.13+ (#25472)
  • Sync vendored typeshed stubs (#25514)

Performance

  • Avoid redundant work for empty collection context (#25527)
  • Deduplicate retained use-def place states (#25450)
  • Compact retained semantic maps (#25238)

Contributors

0.0.41

Released on 2026-05-31.

Bug fixes

  • Avoid panic for deferred dataclass field annotations (#25444)
  • Avoid panic from cycle in function decorator inference (#25475)
  • Ignore rejected assignments for synthesized bindings (#25340)
  • Infer bool for not applied to dynamic values (#25445)
  • Use diagnostic message as tie-breaker when sorting (#25424)

LSP server

  • Add call hierarchy support (#25338)
  • Add function parentheses completion (#25305)
  • Display docs for matching parameter when hovering over the name of an argument passed by keyword (#25283)
  • Document completeFunctionParentheses editor setting (#3513)

Diagnostics

  • Introduce opt-in missing-override-decorator rule (#25111)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the uv group with 5 updates
ecff08b 
Bumps the uv group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [json-repair](https://github.com/mangiucugna/json_repair) | `0.59.10` | `0.60.1` |
| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.8.0` | `5.9.0` |
| [transformers](https://github.com/huggingface/transformers) | `5.9.0` | `5.10.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.14` | `0.15.15` |
| [ty](https://github.com/astral-sh/ty) | `0.0.40` | `0.0.42` |


Updates `json-repair` from 0.59.10 to 0.60.1
- [Release notes](https://github.com/mangiucugna/json_repair/releases)
- [Commits](mangiucugna/json_repair@v0.59.10...v0.60.1)

Updates `pypdfium2` from 5.8.0 to 5.9.0
- [Release notes](https://github.com/pypdfium2-team/pypdfium2/releases)
- [Commits](pypdfium2-team/pypdfium2@5.8.0...5.9.0)

Updates `transformers` from 5.9.0 to 5.10.1
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.9.0...v5.10.1)

Updates `ruff` from 0.15.14 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.15)

Updates `ty` from 0.0.40 to 0.0.42
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.40...0.0.42)

---
updated-dependencies:
- dependency-name: json-repair
  dependency-version: 0.60.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: pypdfium2
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: transformers
  dependency-version: 5.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: ty
  dependency-version: 0.0.42
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 4, 2026
@dosubot dosubot Bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@WH-2099 WH-2099

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@WH-2099