deps(deps): bump the python-minor-updates group with 25 updates by dependabot[bot] · Pull Request #27 · MarwaBS/ResumeForge

dependabot · 2026-04-27T06:44:37Z

Bumps the python-minor-updates group with 25 updates:

Package	From	To
pypandoc	`1.14`	`1.17`
pymongo	`4.10.1`	`4.17.0`
click	`8.1.7`	`8.3.3`
joblib	`1.4.2`	`1.5.3`
scikit-learn	`1.5.2`	`1.8.0`
faiss-cpu	`1.9.0.post1`	`1.13.2`
spacy	`3.7.6`	`3.8.14`
rapidfuzz	`3.10.1`	`3.14.5`
uvicorn	`0.34.0`	`0.46.0`
pydantic	`2.10.4`	`2.13.3`
pydantic-settings	`2.7.1`	`2.14.0`
email-validator	`2.2.0`	`2.3.0`
prometheus-client	`0.21.1`	`0.25.0`
opentelemetry-api	`1.29.0`	`1.41.1`
opentelemetry-sdk	`1.29.0`	`1.41.1`
opentelemetry-instrumentation-fastapi	`0.50b0`	`0.62b1`
opentelemetry-exporter-otlp-proto-grpc	`1.29.0`	`1.41.1`
arq	`0.26.1`	`0.28.0`
hiredis	`3.1.1`	`3.3.1`
python-docx	`1.1.2`	`1.2.0`
ruff	`0.8.6`	`0.15.12`
bandit	`1.8.3`	`1.9.4`
mypy	`1.14.1`	`1.20.2`
locust	`2.32.6`	`2.43.4`
pip-audit	`2.8.0`	`2.10.0`

Updates pypandoc from 1.14 to 1.17

Release notes

Sourced from pypandoc's releases.

Latest Development Version

Commits

7e33806: Bump astral-sh/setup-uv from 5 to 7 (dependabot[bot]) #432

4d162e9: Bump docker/setup-qemu-action from 3 to 4 (dependabot[bot]) #433

5ee338d: Merge branch 'master' into dependabot/github_actions/docker/setup-qemu-action-4 (Jessica Tegner) #433

Commits

51af11f Skip delocate repair for macOS binary wheels
a19984f Fix cibuildwheel version tag to v3.4.0
b30f851 Upgrade cibuildwheel from v2 to v3
52ef402 Merge pull request #431 from JessicaTegner/improve_download
e1926a2 Move GITHUB_TOKEN to workflow-level env
dd1d123 Fix incomplete URL substring sanitization (CodeQL)
69bddd0 [pre-commit.ci] auto fixes from pre-commit.com hooks
009df66 Add tests for pandoc download retry and auth behavior
16fb5e4 Fix GitHub 429 rate limit errors in pandoc download
497e395 Merge pull request #427 from JessicaTegner/issue423
Additional commits viewable in compare view

Updates pymongo from 4.10.1 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

refactor(ci): replace shell=True and awk pipes with native Python by @RinZ27 in mongodb/mongo-python-driver#2671

PYTHON-5697 - Migrate 8.0+ tests to Windows 2022 by @NoahStapp in mongodb/mongo-python-driver#2681

[Spec Resync] 01-19-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2680

Bump pyright from 1.1.407 to 1.1.408 by @dependabot[bot] in mongodb/mongo-python-driver#2675

PYTHON-5692 - [Infrastructure] Improve dependabot version updates by @NoahStapp in mongodb/mongo-python-driver#2682

PYTHON-5605 - Drop usage of Ubuntu 20 by @NoahStapp in mongodb/mongo-python-driver#2683

PYTHON-5699 & PYTHON-5698 [Spec Resync] 01-26-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2685

PYTHON-5703 Use Ubuntu24 for AWS Auth tests by @blink1073 in mongodb/mongo-python-driver#2686

PYTHON-5704 Skip free-threading for enterprise auth builds by @blink1073 in mongodb/mongo-python-driver#2687

Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in the actions group across 1 directory by @dependabot[bot] in mongodb/mongo-python-driver#2684

Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2692

PYTHON-1357 - Refactor Cursor and CommandCursor by @NoahStapp in mongodb/mongo-python-driver#2691

[Spec Resync] 02-02-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2694

PYTHON-5467 Add codecov integration by @blink1073 in mongodb/mongo-python-driver#2690

Bump astral-sh/setup-uv from 7.2.0 to 7.2.1 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2700

PYTHON-XXXX Fixed typo in Running Tests Locally section. by @caseyclements in mongodb/mongo-python-driver#2698

PYTHON-5467 Fix codecov upload by @blink1073 in mongodb/mongo-python-driver#2701

PYTHON-5467 Fix codecov upload on Evergreen by @blink1073 in mongodb/mongo-python-driver#2702

PYTHON-5715 Add appName to OIDC test failpoints by @blink1073 in mongodb/mongo-python-driver#2697

PYTHON-5705 Improve fallback for PyOpenSSL windows system certs loading by @blink1073 in mongodb/mongo-python-driver#2688

PYTHON-3898 Add coverage to all variants by @blink1073 in mongodb/mongo-python-driver#2705

PYTHON-5729 Pin setuptools when using older gevent by @blink1073 in mongodb/mongo-python-driver#2708

Bump the actions group with 2 updates by @dependabot[bot] in mongodb/mongo-python-driver#2711

PYTHON-5708 Temporarily skip some BSON encryption tests by @blink1073 in mongodb/mongo-python-driver#2709

PYTHON-5732 Use mongodb-runner in Evergreen Tests by @blink1073 in mongodb/mongo-python-driver#2703

PYTHON-5731 - Server selection deprioritization only for overload errors on replica sets by @NoahStapp in mongodb/mongo-python-driver#2710

PYTHON-5737 - BSON encoding/decoding performance improvements by @NoahStapp in mongodb/mongo-python-driver#2715

[Spec Resync] 03-02-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2716

Python 4542 - Improved sessions API by @NoahStapp in mongodb/mongo-python-driver#2712

PYTHON-5742 - Add Copilot instructions by @NoahStapp in mongodb/mongo-python-driver#2717

PYTHON-5747 Add jira link to spec resync PR by @sleepyStick in mongodb/mongo-python-driver#2723

PYTHON-5114 Test suite reduce killAllSessions calls by @ShaneHarvey in mongodb/mongo-python-driver#2721

PYTHON-5748 Remove unused SpecRunner class by @ShaneHarvey in mongodb/mongo-python-driver#2725

PYTHON-5754 Fix USE_ACTIVE_VENV support by @aclark4life in mongodb/mongo-python-driver#2728

PYTHON-5753 Add just recipes for running coverage tests locally by @aclark4life in mongodb/mongo-python-driver#2727

PYTHON-5758 Remove unused validation functions by @aclark4life in mongodb/mongo-python-driver#2733

PYTHON-5757 Deprecate Python 2 methods in SON by @aclark4life in mongodb/mongo-python-driver#2732

PYTHON-5766 Add codecov badge to readme by @aclark4life in mongodb/mongo-python-driver#2737

Bump the actions group across 1 directory with 4 updates by @dependabot[bot] in mongodb/mongo-python-driver#2736

[Spec Resync] 03-30-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2741

Bump astral-sh/setup-uv from 7.3.0 to 7.6.0 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2740

PYTHON-5401: Add AI Generated Contributions Policy by @Jibola in mongodb/mongo-python-driver#2696

PYTHON-5768 Add AGENTS.md w/copilot instructions by @aclark4life in mongodb/mongo-python-driver#2744

PYTHON-5791 - test_list_database_names should not check ordering by @NoahStapp in mongodb/mongo-python-driver#2751

PYTHON-5668 - Merge backpressure branch into mainline by @NoahStapp in mongodb/mongo-python-driver#2729

PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md by @aclark4life in mongodb/mongo-python-driver#2756

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.17.0 (2026/04/20)

PyMongo 4.17 brings a number of changes including:

has_key, iterkeys and itervalues in :class:bson.son.SON have been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator in and the keys() and values() methods, respectively.

Added the :meth:~pymongo.asynchronous.client_session.AsyncClientSession.bind and :meth:~pymongo.client_session.ClientSession.bind methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See the Transactions docs <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/crud/transactions/#methods>_ for examples and more information.

Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. See the IWM <https://www.mongodb.com/docs/atlas/intelligent-workload-management>_ or Overload Errors <https://www.mongodb.com/docs/atlas/overload-errors/?interface=driver&language=python>_ docs for more information.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.

PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.

Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.

Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.

Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.

Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.

Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Changes in Version 4.15.5 (2025/12/02)

Version 4.15.5 is a bug fix release.

Fixed a bug that could cause AutoReconnect("connection pool paused") errors when cursors fetched more documents from the database after SDAM heartbeat failures.

Changes in Version 4.15.4 (2025/10/21)

Version 4.15.4 is a bug fix release.

Relaxed the callback type of :meth:~pymongo.asynchronous.client_session.AsyncClientSession.with_transaction to allow the broader Awaitable type rather than only Coroutine objects.

Added the missing Python 3.14 trove classifier to the package metadata.

... (truncated)

Commits

f2103a9 Prep branch v4.17
3491c08 PYTHON-5801 - Update changelog for 4.17 release (#2762)
912ef33 PYTHON-5798 - Overload retargeting prose tests do not ensure that sec… (#2760)
b4e2c03 PYTHON-5800 - Simple collation is included in index information (#2761)
f31ba09 PYTHON-5797 - Add IWM and Overload Error links to changelog (#2757)
5da9183 PYTHON-5794 - Add prose tests to verify correct retry behavior when a… (#2755)
35e51a5 Revert "PYTHON-5768 Add AGENTS.md w/copilot instructions" (#2744) (#2754)
f41dd5c PYTHON-5772 Increase _gcp_helpers.py coverage (#2749)
49e7a05 PYTHON-5760 Increase _azure_helpers.py coverage (#2747)
a2b0cd8 PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md (#2756)
Additional commits viewable in compare view

Updates click from 8.1.7 to 8.3.3

Release notes

Sourced from click's releases.

8.3.3

This is the Click 8.3.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.3/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-3 Milestone: https://github.com/pallets/click/milestone/30

Use :func:shlex.split to split pager and editor commands into argv lists for :class:subprocess.Popen, removing shell=True. #1026 #1477 #2775

Fix TypeError when rendering help for an option whose default value is an object that doesn't support equality comparison with strings, such as semver.Version. #3298 #3299

Fix pager test pollution under parallel execution by using pytest's tmp_path fixture instead of a shared temporary file path. #3238

Treat Sentinel.UNSET values in a default_map as absent, so they fall through to the next default source instead of being used as the value. #3224 #3240

Patch pdb.Pdb in CliRunner isolation so pdb.set_trace(), breakpoint(), and debuggers subclassing pdb.Pdb (ipdb, pdbpp) can interact with the real terminal instead of the captured I/O streams. #654 #824 #843 #951 #3235

Add optional randomized parallel test execution using pytest-randomly and pytest-xdist to detect test pollution and race conditions. #3151

Add contributor documentation for running stress tests, randomized parallel tests, and Flask smoke tests. #3151 #3177

Show custom show_default string in prompts, matching the existing help text behavior. #2836 #2837 #3165 #3262 #3280 #3328

Fix default=True with boolean flag_value always returning the flag_value instead of True. The default=True to flag_value substitution now only applies to non-boolean flags, where True acts as a sentinel meaning "activate this flag by default". For boolean flags, default=True is returned as a literal value. #3111 #3239

Mark make_default_short_help as private API. #3189 #3250

CliRunner's redirected streams now expose the original file descriptor via fileno(), so that faulthandler, subprocess, and other C-level consumers no longer crash with io.UnsupportedOperation. #2865

Change :class:ParameterSource to an :class:~enum.IntEnum and reorder its members from most to least explicit, so values can be compared to check whether a parameter was explicitly provided. #2879 #3248

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.3

Released 2026-04-20

Use :func:shlex.split to split pager and editor commands into argv lists for :class:subprocess.Popen, removing shell=True. :issue:1026 :pr:1477 :pr:2775

Fix TypeError when rendering help for an option whose default value is an object that doesn't support equality comparison with strings, such as semver.Version. :issue:3298 :pr:3299

Fix pager test pollution under parallel execution by using pytest's tmp_path fixture instead of a shared temporary file path. :pr:3238

Treat Sentinel.UNSET values in a default_map as absent, so they fall through to the next default source instead of being used as the value. :issue:3224 :pr:3240

Patch pdb.Pdb in CliRunner isolation so pdb.set_trace(), breakpoint(), and debuggers subclassing pdb.Pdb (ipdb, pdbpp) can interact with the real terminal instead of the captured I/O streams. :issue:654 :issue:824 :issue:843 :pr:951 :pr:3235

Add optional randomized parallel test execution using pytest-randomly and pytest-xdist to detect test pollution and race conditions. :pr:3151

Add contributor documentation for running stress tests, randomized parallel tests, and Flask smoke tests. :pr:3151 :pr:3177

Show custom show_default string in prompts, matching the existing help text behavior. :issue:2836 :pr:2837 :pr:3165 :pr:3262 :pr:3280 :pr:3328

Fix default=True with boolean flag_value always returning the flag_value instead of True. The default=True to flag_value substitution now only applies to non-boolean flags, where True acts as a sentinel meaning "activate this flag by default". For boolean flags, default=True is returned as a literal value. :issue:3111 :pr:3239

Mark make_default_short_help as private API. :issue:3189 :pr:3250

CliRunner's redirected streams now expose the original file descriptor via fileno(), so that faulthandler, subprocess, and other C-level consumers no longer crash with io.UnsupportedOperation. :issue:2865

Change :class:ParameterSource to an :class:~enum.IntEnum and reorder its members from most to least explicit, so values can be compared to check whether a parameter was explicitly provided. :issue:2879 :pr:3248

Version 8.3.2

Released 2026-04-02

Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152

Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224

... (truncated)

Commits

c06d2d0 Release 8.3.3
f1f191e Apply format guidelines to commits since latest 8.3.2 release (#3343)
bb59ba0 Apply format guidelines to commits since latest 8.3.2 release
4a35225 Reduce blast-radius of UNSET in default_map (#3240)
c07bb93 Merge branch 'stable' into unset-in-default-map
c7e1ba8 Reorder ParameterSource (#3248)
76552ff Show default string in prompt (#3328)
ac5cec5 Reorder ParameterSource from most to least explicit
8c452e0 Merge branch 'stable' into show-default-string-in-prompt
8c95c73 Reconcile default value passing and default activation (#3239)
Additional commits viewable in compare view

Updates joblib from 1.4.2 to 1.5.3

Changelog

Sourced from joblib's changelog.

Release 1.5.3 - 2025/12/15

The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. joblib/joblib#1742

Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. joblib/joblib#1744

Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+.

Release 1.5.2 - 2025/08/27

Vendor loky3.5.6 fixing the resource tracker for python 3.13.7+ joblib/joblib#1740

Memory:
- Ensure that temporary files managed by the ``Memory`` object do not collide
  when using the same cache directory when the cache directory is accessed
  concurrently from different nodes on a cluster with a shared filesystem.
  https://github.com/joblib/joblib/pull/1656
Release 1.5.1 - 2025/05/23


Fix backend hints causing errors when no multiprocessing is present

joblib/joblib#1721


Vendor loky3.5.5 fixing the resource_tracker clean up with earlier Python

versions. joblib/joblib#1724


Release 1.5.0 -- 2025/05/03
Memory:
Enforce age_limit is a positive timedelta for Memory.reduce_size, to avoid silently ignoring it. joblib/joblib#1613

Remove deprecated bytes_limit argument for Memory, which should

... (truncated)

Commits

40cd002 RELEASE 1.5.3 (#1765)
f05be67 MNT Remove last usage of distutils (#1760)
4273f39 MNT bump actions/checkout from 5 to 6 in the github-actions group (#1762)
f465f02 FIX don't overwrite existing .gitignore (#1742)
cca7d87 MNT bump sklearn test on python 3.12 (#1759)
f7775ad MNT remove deprecated pytest feature (#1757)
3c58aab Add Python 3.14 and 3.14t to the testing (#1747)
9b96664 Bump cloudpickle to 3.1.2 (#1752)
c3bdbd9 Bump the github-actions group with 5 updates (#1749)
a09bb30 Keep GitHub Actions up to date with GitHub's Dependabot (#1748)
Additional commits viewable in compare view

Updates scikit-learn from 1.5.2 to 1.8.0

Release notes

Sourced from scikit-learn's releases.

Release 1.8.0

We're happy to announce the 1.8.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_8_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.8.html

This version supports Python versions 3.11 to 3.14 and features support of free-threaded CPython.

You can upgrade with pip as usual:
pip install -U scikit-learn
The conda-forge builds can be installed using:
conda install -c conda-forge scikit-learn
Scikit-learn 1.7.2

We're happy to announce the 1.7.2 release.

This release contains a few bug fixes and is the first version supporting Python 3.14.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-2

You can upgrade with pip as usual:
pip install -U scikit-learn
The conda-forge builds can be installed using:
conda install -c conda-forge scikit-learn
Thanks to everyone who contributed to this release !

Scikit-learn 1.7.1

We're happy to announce the 1.7.1 release.

This release contains fixes for a few regressions introduced in 1.7.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-1

You can upgrade with pip as usual:
</tr></table> 

... (truncated)

Commits

646da0f [cd build]
4f4f283 Generate changelog
967dcde Set version
cb1424b DOC Release highlights for 1.8 (#32809)
5645b27 🔒 🤖 CI Update lock files for main CI build(s) 🔒 🤖 (#32859)
6b9fb11 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
a0f6d88 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
c1de8fc FIX Make get_namespace handle pandas dataframe input (#32838)
764249a Fix _safe_indexing with non integer arrays on array API inputs (#32840)
eca5e0a FIX Add new default max_samples=None in Bagging estimators (#32825)
Additional commits viewable in compare view

Updates faiss-cpu from 1.9.0.post1 to 1.13.2

Release notes

Sourced from faiss-cpu's releases.

v1.13.2

What's Changed

Bump faiss version to v1.13.2 by @kyamagu in faiss-wheels/faiss-wheels#149

Full Changelog: faiss-wheels/faiss-wheels@v1.13.1...v1.13.2

v1.13.1

What's Changed

Release v1.13.1 by @kyamagu in faiss-wheels/faiss-wheels#148

Full Changelog: faiss-wheels/faiss-wheels@v1.13.0...v1.13.1

v1.13.0

What's Changed

support FlexiBLAS as an alternative to OpenBLAS by @goneri in faiss-wheels/faiss-wheels#138

Migrate to scikit-build-core by @kyamagu in faiss-wheels/faiss-wheels#141

Revise README.md for improved clarity and formatting by @kyamagu in faiss-wheels/faiss-wheels#142

Update README.md by @kyamagu in faiss-wheels/faiss-wheels#144

Upgrade faiss to v1.13.0 by @kyamagu in faiss-wheels/faiss-wheels#146

New Contributors

@goneri made their first contribution in faiss-wheels/faiss-wheels#138

Full Changelog: faiss-wheels/faiss-wheels@v1.12.0...v1.13.0

v1.12.0

What's Changed

Explicitly add OpenBLAS submodule, change the license terms to MIT/BSD dual, and CI config updates by @kyamagu in kyamagu/faiss-wheels#135

v1.12.0 by @kyamagu in kyamagu/faiss-wheels#137

Full Changelog: faiss-wheels/faiss-wheels@v1.11.0.post1...v1.12.0

v1.11.0.post1

This is a maintenance release to update the cibuildwheel configuration, and there is no functionality change since the v1.11.0 release. This release adds support for Windows ARM64 wheels.

What's Changed

Add support for building faiss_cpu wheels on WoA by @lowkeyrossi in kyamagu/faiss-wheels#130

Update cibuildwheel to 3.0.1 by @kyamagu in kyamagu/faiss-wheels#132

v1.11.0.post1 release by @kyamagu in kyamagu/faiss-wheels#133

New Contributors

@lowkeyrossi made their first contribution in kyamagu/faiss-wheels#130

Full Changelog: faiss-wheels/faiss-wheels@v1.11.0...v1.11.0.post1

v1.11.0

What's Changed

Update docs by @kyamagu in kyamagu/faiss-wheels#121

... (truncated)

Commits

1fe76d3 Merge pull request #149 from faiss-wheels/release/v1.13.2
0f4d909 Skip failing musllinux tests on CI
f535686 Disable test_flat_l2_panorama.py::TestIndexFlatL2Panorama::test_merge_from fo...
0f27240 Bump faiss version to v1.13.2
54f5aeb Release v1.13.1 (#148)
7fc0151 Upgrade faiss to v1.13.0 (#146)
85d5f26 Update README.md (#144)
b51087a Revise README.md for improved clarity and formatting (#142)
2e51022 Migrate to scikit-build-core (#141)
f8d28b7 support FlexiBLAS as an alternative to OpenBLAS (#138)
Additional commits viewable in compare view

Updates spacy from 3.7.6 to 3.8.14

Release notes

Sourced from spacy's releases.

v3.8.14: Bug fix for model downloading in environments without pip on PATH

Fix spacy download failing in environments where pip is not on PATH but is available as a Python module (e.g., some virtual environments and containers)

v3.8.13: Pin confection to new version

The v3.8.12 release didn't update the confection pin, which meant that if you did an upgrade-install models wouldn't load.

v3.8.12

Use confection v1.3 and Thinc v8.3.13, which implement custom validation logic in place of Pydantic, allowing us to properly adopt Pydantic v2 and provide full Python 3.14 support.

Our dependency tree used Pydantic v1 in unusual ways, and relied on behaviours that Pydantic v2 reformed. In the time since Pydantic v2 was released there were a few attempts to migrate over to it, but the task has been complicated by the fact that the confection library has a fairly tangled implementation and I had reduced availability for open-source work in 2024 and 2025.

Specifically, our library confection provides the extensible configuration system we use in spaCy and Thinc. The config system allows you to refer to values that will be supplied by arbitrary functions, that e.g. define some neural network model or its sublayers. The functionality in confection is complicated because we aggressively prioritised user experience in the specification, even if it required increased implementation complexity.

Confection's original implementation built a dynamic Pydantic v1 schema for function-supplied values ("promises"). We validate the schema before calling any promises, and then validate the schema again after calling all the promises and substituting in their values. The variable-interpolation system adds further difficulties to the implementation, and we have to do it all subclassing the Python built-in configparser, which ties us to implementation choices I'd do differently if I had a clean slate.

Here's one summary of Pydantic v1-specific behaviours that the migration to v2 particularly difficult for us. This particular summary was produced during a session with Claude Code Opus 4.6, so nuances of it might be wrong. The full history of attempts at doing this spans over different refactors separated by a few months at a time, so I don't have a full record of all the things that I struggled with. It's possible some details of this summary are incorrect though.

The core problem we kept hitting: Pydantic v2 compiles validation schemas upfront and has much stricter immutability. The whole session has been a series of workarounds for this:
 1. Schema mutation — v1 let you mutate __fields__ in place; v2 needs model_rebuild() which loses forward ref namespaces, or create_model subclasses which don't propagate to parent schemas.
 2. model_dump vs dict — v2 converts dataclasses to dicts, breaking resolved objects. Needed a custom _model_to_dict helper.
 3. model_construct drops extras — v2 silently drops fields with extra="forbid", needed manual workarounds.
 4. Strict coercion — v2 coerces ndarray to List[Floats1d] via iteration, needed strict=True.
 5. Forward refs — Every schema with TYPE_CHECKING imports needs model_rebuild() with the right namespace, and that breaks when confection re-rebuilds later.
In order to adjust for behavioural differences like this, I'd refactored confection to build the different versions of the schema in multiple passes, instead of building all the representations together as we'd been doing. However this refactor itself had problems, further complicating the migration.
I've now bitten the bullet and rolled back the refactor I'd been attempting of confection, and instead replaced the Pydantic validation with custom logic. This allows Confection to remove Pydantic as a dependency entirely.~ Update: Actually I went back and got the refactor working. All much nicer now.

I've taken some lengths to explain this because migrating off a dependency after breaking changes can be a sensitive topic. I want to stress that the changes Pydantic made from v1 to v2 are very good, and I greatly appreciate them as a user of FastAPI in our services. It would be very bad for the ecosystem if Pydantic pinned themselves to exactly matching the behaviours they had in v1 just to avoid breaking support for the sort of thing we'd been doing. Instead users who were relying on those behaviours like us should just find some way to adapt --- either vendor the v1 version we need, or change our behaviours, or implement an alternative. I would have liked to do this sooner but we've ultimately gone with the third option.

v3.8.11: Add Windows ARM wheels

Add wheels for Python 3.11, 3.12, 3.13 and 3.14 for Windows ARM. Windows ARM wheels for Python 3.10 and earlier are not available in numpy, so aren't provided.

v3.8.3: Improve memory zone stability

Fix bug in memory zones when non-transient strings were added to the StringStore inside a memory zone. This caused a bug in the morphological analyser that caused string not found errors when applied during a memory zone.

v3.8: Memory management for persistent services, numpy 2.0 support

Optional memory management for persistent services

Support a new context manager method Language.memory_zone(), to allow long-running services to avoid growing memory usage from cached entries in the Vocab or StringStore. Once the memory zone block ends, spaCy will evict Vocab and StringStore entries that were added during the block, freeing up memory. Doc objects created inside a memory zone block should not be accessed outside the block.

The current implementation disables population of the tokenizer cache inside the memory zone, resulting in some performance impact. The performance difference will likely be negligible if you're running a full pipeline, but if you're only running the tokenizer, it'll be much slower. If this is a problem, you can mitigate it by warming the cache first, by processing the first few batches of text without creating a memory zone. Support for memory zones in the tokenizer will be added in a future update.

The Language.memory_zone() context manager also checks for a memory_zone() method on pipeline components, so that components can perform similar memory management if necessary. None of the built-in components currently require this.

If you component needs to add non-transient entries to the StringStore or Vocab, you can pass the allow_transient=False flag to the Vocab.add() or StringStore.add() components.

Example usage:

... (truncated)

Commits

0069cf9 Set version to 3.8.14
5603226 fix: check pip module availability instead of PATH binary in download (#13947)
d4bb796 Add least-privilege permissions to CI workflow
9d29209 Pass github context via stdin instead of CLI arg
4216738 Pin GitHub Actions to commit SHAs for supply chain security
297938e Add smoke test and upgrade test to release build workflow
fdca647 Set version to 3.8.13
0d94a9d Pin confection>=1.3.2 — older versions crash with pydantic v2
f175a51 Fully migrate to Pydantic v2 (#13940)
24255bd Fix import sorting for ruff isort compliance
Additional commits viewable in compare view

Updates rapidfuzz from 3.10.1 to 3.14.5

Release notes

Sourced from rapidfuzz's releases.

Release 3.14.5

Fixed

fix release ci attempting to upload a pyodide wheel

Release 3.14.4

Added

add risc64 wheels

add support for taskflow 4.0.0

Changed

upgrade to Cython==3.2.4.

Fixed

fix type hints for extractOne when no score_cutoff is provided

Release 3.14.3

Fixed

add missing pypy and freethreaded linux wheels

Removed

drop s390x and ppc64le wheels since they are virtually unused and require extremely long to build under emulation

Release 3.14.2

Changed

upgrade to Cython==3.1.6

enable free threading

Release 3.14.1

Fixed

Fully disable line tracing in release builds

Release 3.14.0

Changed

upgrade to Cython==3.1.3. This enables compilation with free threaded python.

upgrade to rapidfuzz-cpp==3.3

Added

add support for freethreaded Python

add python 3.14 wheels

Removed

dropped support for Python3.9

drop 32 bit linux wheels

Fixed

remove unused hook-dirs from pyinstaller config to fix a warning

fixed WRatio for a length ratio of exactly 8.0

Release 3.13.0

Added

... (truncated)

Changelog

Sourced from rapidfuzz's changelog.

Changelog

[3.14.5] - 2026-08-07 ^^^^^^^^^^^^^^^^^^^^^ Fixed

* fix release ci attempting to upload a pyodide wheel
[3.14.4] - 2026-04-06
^^^^^^^^^^^^^^^^^^^^^
Added

add risc64 wheels
add support for taskflow 4.0.0

Changed

* upgrade to ``Cython==3.2.4``.
Fixed
* fix type hints for extractOne when no score_cutoff is provided
[3.14.3] - 2025-11-01

^^^^^^^^^^^^^^^^^^^^^

Fixed



add missing pypy and freethreaded linux wheels

Removed

drop s390x and ppc64le wheels since they are virtuall...
Description has been truncated

Bumps the python-minor-updates group with 25 updates: | Package | From | To | | --- | --- | --- | | [pypandoc](https://github.com/JessicaTegner/pypandoc) | `1.14` | `1.17` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.10.1` | `4.17.0` | | [click](https://github.com/pallets/click) | `8.1.7` | `8.3.3` | | [joblib](https://github.com/joblib/joblib) | `1.4.2` | `1.5.3` | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.5.2` | `1.8.0` | | [faiss-cpu](https://github.com/kyamagu/faiss-wheels) | `1.9.0.post1` | `1.13.2` | | [spacy](https://github.com/explosion/spaCy) | `3.7.6` | `3.8.14` | | [rapidfuzz](https://github.com/rapidfuzz/RapidFuzz) | `3.10.1` | `3.14.5` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.34.0` | `0.46.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.10.4` | `2.13.3` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.7.1` | `2.14.0` | | [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` | | [prometheus-client](https://github.com/prometheus/client_python) | `0.21.1` | `0.25.0` | | [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.29.0` | `1.41.1` | | [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.29.0` | `1.41.1` | | [opentelemetry-instrumentation-fastapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.50b0` | `0.62b1` | | [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.29.0` | `1.41.1` | | [arq](https://github.com/python-arq/arq) | `0.26.1` | `0.28.0` | | [hiredis](https://github.com/redis/hiredis-py) | `3.1.1` | `3.3.1` | | [python-docx](https://github.com/python-openxml/python-docx) | `1.1.2` | `1.2.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.8.6` | `0.15.12` | | [bandit](https://github.com/PyCQA/bandit) | `1.8.3` | `1.9.4` | | [mypy](https://github.com/python/mypy) | `1.14.1` | `1.20.2` | | [locust](https://github.com/locustio/locust) | `2.32.6` | `2.43.4` | | [pip-audit](https://github.com/pypa/pip-audit) | `2.8.0` | `2.10.0` | Updates `pypandoc` from 1.14 to 1.17 - [Release notes](https://github.com/JessicaTegner/pypandoc/releases) - [Changelog](https://github.com/JessicaTegner/pypandoc/blob/master/release.md) - [Commits](JessicaTegner/pypandoc@v1.14...v1.17) Updates `pymongo` from 4.10.1 to 4.17.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.10.1...4.17.0) Updates `click` from 8.1.7 to 8.3.3 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.1.7...8.3.3) Updates `joblib` from 1.4.2 to 1.5.3 - [Release notes](https://github.com/joblib/joblib/releases) - [Changelog](https://github.com/joblib/joblib/blob/main/CHANGES.rst) - [Commits](joblib/joblib@1.4.2...1.5.3) Updates `scikit-learn` from 1.5.2 to 1.8.0 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.5.2...1.8.0) Updates `faiss-cpu` from 1.9.0.post1 to 1.13.2 - [Release notes](https://github.com/kyamagu/faiss-wheels/releases) - [Commits](faiss-wheels/faiss-wheels@v1.9.0.post1...v1.13.2) Updates `spacy` from 3.7.6 to 3.8.14 - [Release notes](https://github.com/explosion/spaCy/releases) - [Commits](explosion/spaCy@release-v3.7.6...release-v3.8.14) Updates `rapidfuzz` from 3.10.1 to 3.14.5 - [Release notes](https://github.com/rapidfuzz/RapidFuzz/releases) - [Changelog](https://github.com/rapidfuzz/RapidFuzz/blob/main/CHANGELOG.rst) - [Commits](rapidfuzz/RapidFuzz@v3.10.1...v3.14.5) Updates `uvicorn` from 0.34.0 to 0.46.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.34.0...0.46.0) Updates `pydantic` from 2.10.4 to 2.13.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.10.4...v2.13.3) Updates `pydantic-settings` from 2.7.1 to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.7.1...v2.14.0) Updates `email-validator` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/JoshData/python-email-validator/releases) - [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md) - [Commits](JoshData/python-email-validator@v2.2.0...v2.3.0) Updates `prometheus-client` from 0.21.1 to 0.25.0 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.21.1...v0.25.0) Updates `opentelemetry-api` from 1.29.0 to 1.41.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.29.0...v1.41.1) Updates `opentelemetry-sdk` from 1.29.0 to 1.41.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.29.0...v1.41.1) Updates `opentelemetry-instrumentation-fastapi` from 0.50b0 to 0.62b1 - [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits) Updates `opentelemetry-exporter-otlp-proto-grpc` from 1.29.0 to 1.41.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.29.0...v1.41.1) Updates `arq` from 0.26.1 to 0.28.0 - [Release notes](https://github.com/python-arq/arq/releases) - [Changelog](https://github.com/python-arq/arq/blob/main/HISTORY.rst) - [Commits](python-arq/arq@v0.26.1...v0.28.0) Updates `hiredis` from 3.1.1 to 3.3.1 - [Release notes](https://github.com/redis/hiredis-py/releases) - [Changelog](https://github.com/redis/hiredis-py/blob/master/CHANGELOG.md) - [Commits](redis/hiredis-py@v3.1.1...v3.3.1) Updates `python-docx` from 1.1.2 to 1.2.0 - [Changelog](https://github.com/python-openxml/python-docx/blob/master/HISTORY.rst) - [Commits](python-openxml/python-docx@v1.1.2...v1.2.0) Updates `ruff` from 0.8.6 to 0.15.12 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.8.6...0.15.12) Updates `bandit` from 1.8.3 to 1.9.4 - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.8.3...1.9.4) Updates `mypy` from 1.14.1 to 1.20.2 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.14.1...v1.20.2) Updates `locust` from 2.32.6 to 2.43.4 - [Release notes](https://github.com/locustio/locust/releases) - [Changelog](https://github.com/locustio/locust/blob/master/CHANGELOG.md) - [Commits](locustio/locust@2.32.6...2.43.4) Updates `pip-audit` from 2.8.0 to 2.10.0 - [Release notes](https://github.com/pypa/pip-audit/releases) - [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md) - [Commits](pypa/pip-audit@v2.8.0...v2.10.0) --- updated-dependencies: - dependency-name: pypandoc dependency-version: '1.17' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: pymongo dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: click dependency-version: 8.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: joblib dependency-version: 1.5.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: scikit-learn dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: faiss-cpu dependency-version: 1.13.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: spacy dependency-version: 3.8.14 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: rapidfuzz dependency-version: 3.14.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: uvicorn dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: pydantic dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: email-validator dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: prometheus-client dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: opentelemetry-api dependency-version: 1.41.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: opentelemetry-sdk dependency-version: 1.41.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: opentelemetry-instrumentation-fastapi dependency-version: 0.62b1 dependency-type: direct:production dependency-group: python-minor-updates - dependency-name: opentelemetry-exporter-otlp-proto-grpc dependency-version: 1.41.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: arq dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: hiredis dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: python-docx dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: ruff dependency-version: 0.15.12 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: mypy dependency-version: 1.20.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: locust dependency-version: 2.43.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-updates - dependency-name: pip-audit dependency-version: 2.10.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-27T06:44:37Z

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the python-minor-updates group with 25 updates#27

deps(deps): bump the python-minor-updates group with 25 updates#27
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/python-minor-updates-0e92016d0a

dependabot Bot commented on behalf of github Apr 27, 2026

Release 1.5.1 - 2025/05/23

Release 1.5.0 -- 2025/05/03

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026

Latest Development Version

Commits

PyMongo 4.17.0

What's Changed

Changes in Version 4.17.0 (2026/04/20)

Changes in Version 4.16.0 (2026/01/07)

Changes in Version 4.15.5 (2025/12/02)

Changes in Version 4.15.4 (2025/10/21)

8.3.3

8.3.2

Version 8.3.3

Version 8.3.2

Release 1.5.3 - 2025/12/15

Release 1.5.2 - 2025/08/27

Release 1.5.1 - 2025/05/23

Release 1.5.0 -- 2025/05/03

Release 1.8.0

Scikit-learn 1.7.2

Scikit-learn 1.7.1

v1.13.2

What's Changed

v1.13.1

What's Changed

v1.13.0

What's Changed

New Contributors

v1.12.0

What's Changed

v1.11.0.post1

What's Changed

New Contributors

v1.11.0

What's Changed

v3.8.14: Bug fix for model downloading in environments without pip on PATH

v3.8.13: Pin confection to new version

v3.8.12

v3.8.11: Add Windows ARM wheels

v3.8.3: Improve memory zone stability

v3.8: Memory management for persistent services, numpy 2.0 support

Optional memory management for persistent services

Release 3.14.5

Fixed

Release 3.14.4

Added

Changed

Fixed

Release 3.14.3

Fixed

Removed

Release 3.14.2

Changed

Release 3.14.1

Fixed

Release 3.14.0

Changed

Added

Removed

Fixed

Release 3.13.0

Added

Changelog

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants