Skip to content

Build(deps): Bump the python-packages group across 1 directory with 7 updates#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-packages-40391eaa82
Open

Build(deps): Bump the python-packages group across 1 directory with 7 updates#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-packages-40391eaa82

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 7 updates in the / directory:

Package From To
fastmcp 3.1.1 3.4.2
beautifulsoup4 4.14.3 4.15.0
pytest 9.0.2 9.0.3
pytest-asyncio 1.3.0 1.4.0
inline-snapshot 0.32.5 0.34.1
ruff 0.15.8 0.15.16
pre-commit 4.5.1 4.6.0

Updates fastmcp from 3.1.1 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

Security 🔒

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

v3.4.0: Remote Control

FastMCP 3.4 is about reaching servers that live somewhere else. The headline is fastmcp-remote, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on — making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to.

fastmcp-remote

Some MCP hosts still insist on launching a local stdio command, even when the server you want is already running over HTTP. FastMCP could already proxy a remote URL through fastmcp run, but that pulls in the full server-runner surface. fastmcp-remote is the small, single-purpose version: one URL in, one local stdio proxy out.

{
  "mcpServers": {
    "linear": {
      "command": "uvx",
      "args": ["fastmcp-remote", "https://mcp.linear.app/mcp"]
    }
  }
}

OAuth is enabled automatically for HTTPS servers, with support for explicit bearer tokens and custom headers when you need them. The implementation stays on FastMCP primitives — Client, OAuth, create_proxy, and stdio — and credits the original npm mcp-remote project for the command shape.

... (truncated)

Commits

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

Commits

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates inline-snapshot from 0.32.5 to 0.34.1

Release notes

Sourced from inline-snapshot's releases.

0.34.1

Fixed

  • Fixed snapshot_arg() to use the fix category (instead of create) when creating an argument with an existing non-ellipsis default argument value.

0.34.0

Added

  • get_snapshot_value() now accepts a which parameter ("new" or "old") to select whether to return the new (just-compared) or the old (previously stored) snapshot value (#336).

Fixed

  • Example.run_pytest: deterministic test order by using -p no:ranodmly

0.33.0

Added

  • snapshot_arg(), which lets you move snapshot() calls from the call site into the helper function itself.

  • Example.format(): new method to format a Python file in the example using Black.

  • Example.is_formatted(): new method to check whether a Python file in the example is already Black-formatted.

Changed

  • Example.run_inline: exception strings in raises are now formatted the same way inline_snapshot.extra.raises does, which is shorter for small assertions like raises=snapshot("UsageError: default value cannot be a Custom value").

  • Example.run_inline: the raises, stderr, and changed_files arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site. raises defaults to "<no exception>" and changed_files defaults to {}.

  • Example.run_inline: the reported_categories argument is now handled with snapshot_arg() and its type changed from list[Category] to set[Category]. It is now only asserted when the reported categories differ from the CLI flags passed via args.

  • Example.run_pytest: the returncode, error, stderr, changed_files, and outcomes arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site. returncode defaults to 0, changed_files defaults to {}, and outcomes defaults to {"passed": 1}.

  • Example.run_pytest: the error assertion is now only performed on Python ≥ 3.11.

  • Example.run_pytest: stdout and stderr are now printed as Rich panels instead of plain text.

  • extra.raises: the exception argument is now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.prints: the stdout and stderr arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.warns: the expected_warnings argument is now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.Transformed and extra.transformation: the value argument is now handled with snapshot_arg().

Fixed

  • Fixed repr(external_file(...)) to use a path relative to the calling file instead of the absolute path, which also fixes incorrect reprs on Windows.

0.32.7

... (truncated)

Changelog

Sourced from inline-snapshot's changelog.

0.34.1 — 2026-06-05

Fixed

  • Fixed snapshot_arg() to use the fix category (instead of create) when creating an argument with an existing non-ellipsis default argument value.

0.34.0 — 2026-05-29

Added

  • get_snapshot_value() now accepts a which parameter ("new" or "old") to select whether to return the new (just-compared) or the old (previously stored) snapshot value (#336).

Fixed

  • Example.run_pytest: deterministic test order by using -p no:ranodmly

0.33.0 — 2026-05-12

Added

  • snapshot_arg(), which lets you move snapshot() calls from the call site into the helper function itself.

  • Example.format(): new method to format a Python file in the example using Black.

  • Example.is_formatted(): new method to check whether a Python file in the example is already Black-formatted.

Changed

  • Example.run_inline: exception strings in raises are now formatted the same way inline_snapshot.extra.raises does, which is shorter for small assertions like raises=snapshot("UsageError: default value cannot be a Custom value").

  • Example.run_inline: the raises, stderr, and changed_files arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site. raises defaults to "<no exception>" and changed_files defaults to {}.

  • Example.run_inline: the reported_categories argument is now handled with snapshot_arg() and its type changed from list[Category] to set[Category]. It is now only asserted when the reported categories differ from the CLI flags passed via args.

  • Example.run_pytest: the returncode, error, stderr, changed_files, and outcomes arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site. returncode defaults to 0, changed_files defaults to {}, and outcomes defaults to {"passed": 1}.

  • Example.run_pytest: the error assertion is now only performed on Python ≥ 3.11.

  • Example.run_pytest: stdout and stderr are now printed as Rich panels instead of plain text.

  • extra.raises: the exception argument is now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.prints: the stdout and stderr arguments are now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.warns: the expected_warnings argument is now handled with snapshot_arg(), so snapshot() is no longer needed at the call site.

  • extra.Transformed and extra.transformation: the value argument is now handled with snapshot_arg().

... (truncated)

Commits
  • c70375e bump: version 0.34.0 → 0.34.1
  • cea2a7f fix: snapshot_arg() to use the fix category (instead of create) when cr...
  • daf1a1f bump: version 0.33.0 → 0.34.0
  • 7abd077 feat: added old/new option to get_snapshot_value (#367)
  • 80197bb refactor: removed old_value and new_value from Change classes (#366)
  • 0a346fd docs: add stacked parametrize howto examples (#365)
  • d2d43f5 bump: version 0.32.7 → 0.33.0
  • 679cbfa feat: snapshot arg (#352)
  • c2e7209 bump: version 0.32.6 → 0.32.7
  • b6d7d88 Merge pull request #364 from 15r10nk/fix-dataclasses-as-dict-keys
  • Additional commits viewable in compare view

Updates ruff from 0.15.8 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

0.15.15

... (truncated)

Commits

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Build(deps): Bump the python-packages group across 1 directory with 7…
c279edb 
… updates

Bumps the python-packages group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.1.1` | `3.4.2` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |
| [inline-snapshot](https://github.com/15r10nk/inline-snapshot) | `0.32.5` | `0.34.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.16` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |



Updates `fastmcp` from 3.1.1 to 3.4.2
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.1.1...v3.4.2)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `inline-snapshot` from 0.32.5 to 0.34.1
- [Release notes](https://github.com/15r10nk/inline-snapshot/releases)
- [Changelog](https://github.com/15r10nk/inline-snapshot/blob/main/CHANGELOG.md)
- [Commits](15r10nk/inline-snapshot@0.32.5...0.34.1)

Updates `ruff` from 0.15.8 to 0.15.16
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.8...0.15.16)

Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: inline-snapshot
  dependency-version: 0.34.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants