Skip to content

Bump the production-dependencies group with 10 updates#122

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-ecebd9eb76
Open

Bump the production-dependencies group with 10 updates#122
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-ecebd9eb76

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the production-dependencies group with 10 updates:

Package From To
rdflib 7.5.0 7.6.0
crewai 1.8.1 1.9.3
rich 13.9.4 14.3.4
weave 0.51.59 0.52.38
mlflow 3.5.0 3.11.1
poetry 2.2.1 2.3.4
spacy 3.8.11 3.8.14
litellm 1.53.3 1.75.3
transformers 4.45.2 4.46.3
torch 2.10.0 2.11.0

Updates rdflib from 7.5.0 to 7.6.0

Release notes

Sourced from rdflib's releases.

2026-02-13 RELEASE 7.6.0

This release introduces a new major feature: GraphDB integration via the Python GraphDB Client. Users can now manage GraphDB instances and perform administrative tasks directly from Python. As GraphDB also supports the RDF4J REST API, users may utilize the recently released RDF4J Client and Store with GraphDB instances. For more details, see the new RDFLib GraphDB documentation under the extras section of the RDFLib documentation.

This release also includes a number of fixes to Graph.cbd() and Turtle-related serializers. Thanks to @​mgberg and @​lisat-dstg, the affected code is now more standards-compliant.

At the request of users, the recently introduced CLI tool sq has been renamed to sparqlquery to avoid conflicts with existing well-known packages.

Other maintenance tasks include updating all CI actions to the latest versions and adding a compatibility layer for pyparsing v3 to remove deprecation warnings.

See the CHANGELOG.md for more details.

Changelog

Sourced from rdflib's changelog.

2025-10-30 RELEASE 7.4.0

This release addresses a couple of bugs and improves the testing matrix by adding python 3.12, 3.13 and 3.14 to the test matrix.

This is also the first RDFLib release to use MkDocs for documentation.

Pull requests merged:

2025-10-24 RELEASE 7.3.0

This release delivers several important fixes and enhancements to RDFLib’s Dataset implementation, resolving long-standing issues and improving consistency across serialization and SPARQL operations. It also introduces new deprecation notices for certain Dataset methods and attributes, which will be removed in the next major release. In addition, this version includes a range of improvements to SPARQL result parsing, typing, and literal handling.

Features

  • Added Dataset.__iadd__ support
  • Dataset's default serialize format is now trig
  • Datasets can now add graphs backed by different stores

Fixes and Improvements

  • Fixed an issue where the RecursiveSerializer would output undeclared prefixes for predicates that contained the base as a substring
  • Prevented prefix generation for predicates corresponding to the base namespace
  • SPARQL Update now correctly inserts into the default graph
  • Dataset.parse now returns Self
  • N-Quads serialization no longer includes the RDFLib internal default graph identifier
  • Static type checkers can now infer the type of Term.__new__
  • Removed automatic date conversion for gYear and gYearMonth literals
  • Optional clauses in SPARQL queries can now bind variables
  • Fixed reevaluation logic in SPARQL Update between update loops

Maintenance

  • Added deprecation notices to certain Dataset methods and attributes
    • Use Dataset.graphs instead of Dataset.contexts method
    • Use Dataset.default_graph instead of Dataset.default_context
    • Deprecate Dataset.identifier entirely.
  • Updated type hints for Graph.open() with SPARQLUpdateStore configuration
  • SPARQL Result Parsing Improvements
    • Simplified and modernized the SPARQL result parsing system:
    • These changes maintain backward compatibility while making the SPARQL API more flexible and extensible.

Pull requests merged:

  • feat: add Dataset __iadd__ support by @​edmondchuc in #3268
  • fix: RecursiveSerializer- outputs undeclared prefix for predicates that contains the base as a substring by @​edmondchuc in #3267

... (truncated)

Commits

Updates crewai from 1.8.1 to 1.9.3

Release notes

Sourced from crewai's releases.

1.9.3

What's Changed

Features

  • feat: add a2a liteagent, auth, transport negotiation, and file support

Bug Fixes:

  • fix: improve output handling and response model integration in agents

1.9.2

What's Changed

  • fix: ensure verbosity flag is applied b
  • fix: use response_json_schema
  • fix: tool response pt2

1.9.1

What's Changed

Features

  • Implement before and after tool call hooks in CrewAgentExecutor
  • Add structured outputs and response_format support across providers

Bug Fixes

  • Correct tool-calling content handling and schema serialization

Contributors

@​greysonlalonde, @​lorenzejay

1.9.0

What's Changed

Features

  • Add structured outputs and response_format support across providers
  • Add response_id in streaming response
  • Add event ordering and parent-child hierarchy
  • Add Keycloak SSO provider support
  • Add native multimodal file handling; OpenAI responses API
  • Add a2a task execution utilities
  • Add a2a server config and agent card generation
  • Add additional a2a events and enrich event metadata
  • Add additional a2a transports
  • Add Galileo to integrations page
  • Improved tool calling

Bug Fixes

  • Enhance file store with fallback memory cache
  • Ensure document list is not empty
  • Ensure Bedrock client handles stop sequences properly

... (truncated)

Commits
  • 63a508f feat: bump versions to 1.9.3 (#4316)
  • 102b6ae feat: add a2a liteagent, auth, transport negotiation, and file support
  • 19ce560 fix: improve output handling and response model integration in agents (#4307)
  • 85f3145 docs link
  • 6fcf748 refactor: update Flow HITL Management documentation to emphasize email-first ...
  • 38065e2 updating docs
  • e291a97 chore: update version to 1.9.2 across all relevant files (#4299)
  • 2d05e59 Lorenze/improve tool response pt2 (#4297)
  • a731efa fix: improve structured output handling across providers and agents
  • 1e27cf3 fix: ensure verbosity flag is applied
  • Additional commits viewable in compare view

Updates rich from 13.9.4 to 14.3.4

Release notes

Sourced from rich's releases.

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

... (truncated)

Changelog

Sourced from rich's changelog.

[14.3.4] - 2026-04-11

Changed

[14.3.3] - 2026-02-19

Fixed

[14.3.2] - 2026-02-01

Fixed

[14.3.1] - 2026-01-24

Fixed

[14.3.0] - 2026-01-24

Fixed

Added

Changed

... (truncated)

Commits

Updates weave from 0.51.59 to 0.52.38

Release notes

Sourced from weave's releases.

v0.52.37

What's Changed

... (truncated)

Commits
  • 734d4b0 Release version: 0.52.38-dev0 → 0.52.38
  • 3ff7548 feat(weave): Add GEPA integration (#6637)
  • f3f2579 fix(weave): treat partial obj value-row miss as not-found (#6725)
  • 0343d8a fix(weave): handle error in OpenAI raw-response unwrap (#6721)
  • 23f8775 chore(weave): truncate clickhouse test tables synchronously (#6722)
  • 6e31beb chore(weave-ts): npm trusted publishing (#6714)
  • e8166f7 chore(weave): Remote scorer class (#6688)
  • 09ef256 fix(weave): # Weave Node SDK — clean up src/esm/instrument.ts comment and i...
  • 2df8ab6 chore(weave): fix flaky call link capture test (#6705)
  • 34958de chore(weave): fix flaky call query filters (#6711)
  • Additional commits viewable in compare view

Updates mlflow from 3.5.0 to 3.11.1

Release notes

Sourced from mlflow's releases.

v3.11.1

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

  • 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
  • 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
  • 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
  • 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
  • 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
  • Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
  • 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

  • ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing@mlflow/core, mlflow-openai@mlflow/openai, mlflow-anthropic@mlflow/anthropic, mlflow-gemini@mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
  • Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
  • Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
  • Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.11.1 (2026-04-07)

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

  • 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
  • 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
  • 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
  • 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
  • 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
  • Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
  • 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

  • ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing@mlflow/core, mlflow-openai@mlflow/openai, mlflow-anthropic@mlflow/anthropic, mlflow-gemini@mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
  • Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
  • Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
  • Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

... (truncated)

Commits
  • 09179c6 Bump version to 3.11.1 (#22400)
  • 38d75c2 Fix DatabricksProvider to use OpenAI-compatible endpoint URLs (#22393)
  • 0734e56 fix
  • 46a2d4d fix
  • 7a6b01b format
  • 8b71fa7 Fix _lookup_model_info all-provider scan causing network latency (#22369)
  • deaffc1 Update model catalog CI workflow to use update_model_catalog.py (#22261)
  • 1b87ff3 Add aiohttp as a core dependency of mlflow (#22189)
  • 7f08e88 Normalize get_provider_name() to align with `model_prices_and_context_windo...
  • bd3114b Move LLM calling utilities to mlflow/genai/utils/llm_utils.py (#22234)
  • Additional commits viewable in compare view

Updates poetry from 2.2.1 to 2.3.4

Release notes

Sourced from poetry's releases.

2.3.4

Fixed

@dependabot
Bump the production-dependencies group with 10 updates
963ba1c 
Bumps the production-dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [rdflib](https://github.com/RDFLib/rdflib) | `7.5.0` | `7.6.0` |
| [crewai](https://github.com/crewAIInc/crewAI) | `1.8.1` | `1.9.3` |
| [rich](https://github.com/Textualize/rich) | `13.9.4` | `14.3.4` |
| [weave](https://github.com/wandb/weave) | `0.51.59` | `0.52.38` |
| [mlflow](https://github.com/mlflow/mlflow) | `3.5.0` | `3.11.1` |
| [poetry](https://github.com/python-poetry/poetry) | `2.2.1` | `2.3.4` |
| [spacy](https://github.com/explosion/spaCy) | `3.8.11` | `3.8.14` |
| [litellm](https://github.com/BerriAI/litellm) | `1.53.3` | `1.75.3` |
| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.46.3` |
| [torch](https://github.com/pytorch/pytorch) | `2.10.0` | `2.11.0` |


Updates `rdflib` from 7.5.0 to 7.6.0
- [Release notes](https://github.com/RDFLib/rdflib/releases)
- [Changelog](https://github.com/RDFLib/rdflib/blob/main/CHANGELOG.md)
- [Commits](RDFLib/rdflib@7.5.0...7.6.0)

Updates `crewai` from 1.8.1 to 1.9.3
- [Release notes](https://github.com/crewAIInc/crewAI/releases)
- [Commits](crewAIInc/crewAI@1.8.1...1.9.3)

Updates `rich` from 13.9.4 to 14.3.4
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v13.9.4...v14.3.4)

Updates `weave` from 0.51.59 to 0.52.38
- [Release notes](https://github.com/wandb/weave/releases)
- [Changelog](https://github.com/wandb/weave/blob/master/dev_docs/RELEASE.md)
- [Commits](wandb/weave@v0.51.59...v0.52.38)

Updates `mlflow` from 3.5.0 to 3.11.1
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v3.5.0...v3.11.1)

Updates `poetry` from 2.2.1 to 2.3.4
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.2.1...2.3.4)

Updates `spacy` from 3.8.11 to 3.8.14
- [Release notes](https://github.com/explosion/spaCy/releases)
- [Commits](explosion/spaCy@release-v3.8.11...release-v3.8.14)

Updates `litellm` from 1.53.3 to 1.75.3
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](https://github.com/BerriAI/litellm/commits)

Updates `transformers` from 4.45.2 to 4.46.3
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.45.2...v4.46.3)

Updates `torch` from 2.10.0 to 2.11.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: rdflib
  dependency-version: 7.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: crewai
  dependency-version: 1.9.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: rich
  dependency-version: 14.3.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: weave
  dependency-version: 0.52.38
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: mlflow
  dependency-version: 3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: poetry
  dependency-version: 2.3.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: spacy
  dependency-version: 3.8.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: litellm
  dependency-version: 1.75.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: transformers
  dependency-version: 4.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: torch
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants