build(deps): bump the minor-updates group across 1 directory with 7 updates

[dependabot]

Bumps the minor-updates group with 7 updates in the / directory:

Package	From	To
boto3	1.42.73	1.42.78
strands-agents	1.32.0	1.33.0
anyio	4.12.1	4.13.0
botocore	1.42.73	1.42.78
cryptography	46.0.5	46.0.6
importlib-metadata	8.7.1	8.9.0
pydantic-core	2.41.5	2.44.0

Updates boto3 from 1.42.73 to 1.42.78

Commits

• b5acf8b Merge branch 'release-1.42.78'
• 1da17a5 Bumping version to 1.42.78
• e298b64 Add changelog entries from botocore
• 48369ea Merge branch 'release-1.42.77'
• 8c30411 Merge branch 'release-1.42.77' into develop
• 4398c8e Bumping version to 1.42.77
• 7c449e2 Add changelog entries from botocore
• ee6c3e4 Merge branch 'release-1.42.76'
• a5ad9c3 Merge branch 'release-1.42.76' into develop
• 1abf640 Bumping version to 1.42.76
• Additional commits viewable in compare view

Updates strands-agents from 1.32.0 to 1.33.0

Release notes

Sourced from strands-agents's releases.

v1.33.0

Pins litellm<=1.82.6 to supply chain attack - S​upply Chain Attack in litellm 1.82.8 on PyPI

What's Changed

• fix: summarization conversation manager sometimes returns empty response by @​Unshure in strands-agents/sdk-python#1947
• fix: remove agent from swarm test to get more consistency out of it by @​Unshure in strands-agents/sdk-python#1946
• fix: CRITICAL: Hard pin litellm<=1.82.6 to mitigate supply chain attack by @​udaymehta in strands-agents/sdk-python#1961

New Contributors

• @​udaymehta made their first contribution in strands-agents/sdk-python#1961

Full Changelog: strands-agents/sdk-python@v1.32.0...v1.33.0

Commits

• 0a723bc fix: CRITICAL: Hard pin litellm<=1.82.6 to mitigate supply chain attack (#1...
• fd8168a fix: remove agent from swarm test to get more consistency out of it (#1946)
• 80fdd94 fix: summarization conversation manager sometimes returns empty response (#1947)
• See full diff in compare view

Updates anyio from 4.12.1 to 4.13.0

Release notes

Sourced from anyio's releases.

4.13.0

• Dropped support for Python 3.9
• Added a ttl parameter to the anyio.functools.lru_cache wrapper (#1073; PR by @​Graeme22)
• Widened the type annotations of file I/O streams to accept IO[bytes] instead of just BinaryIO (#1078)
• Fixed anyio.Path not being compatible with Python 3.15 due to the removal of pathlib.Path.is_reserved() and the addition of pathlib.Path.__vfspath__() (#1061; PR by @​veeceey)
• Fixed the BrokenResourceError raised by the asyncio SocketStream not having the original exception as its cause (#1055; PR by @​veeceey)
• Fixed the TypeError raised when using "func" as a parameter name in pytest.mark.parametrize when using the pytest plugin (#1068; PR by @​JohnnyDeuss)
• Fixed the pytest plugin not running tests that had the anyio marker added programmatically via pytest_collection_modifyitems (#422; PR by @​chbndrhnns)
• Fixed cancellation exceptions leaking from a CancelScope on asyncio when they are contained in an exception group alongside non-cancellation exceptions (#1091; PR by @​gschaffner)
• Fixed Condition.wait() not passing on a notification when the task is cancelled but already received a notification
• Fixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (#1074; PR by @​bysiber)

Commits

• afbe93c Bumped up the version
• 33bdf2e Rearranged the changelog entries
• 19e09e2 Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (#1074)
• 9369d80 Fixed Condition.wait() not handing over notification when cancelled
• 6f122ab Fixed cancellation exceptions leaking from a CancelScope on asyncio when th...
• beaa45a [pre-commit.ci] pre-commit autoupdate (#1097)
• 602f660 Widened type annotations to accept IO[bytes] in file streams
• b5dcd45 Added note about erasing the template
• d68670b [pre-commit.ci] pre-commit autoupdate (#1090)
• fc17a22 tweak to_thread docs about abandon_on_cancel (#1088)
• Additional commits viewable in compare view

Updates botocore from 1.42.73 to 1.42.78

Commits

• 08282cd Merge branch 'release-1.42.78'
• 059d997 Bumping version to 1.42.78
• 9e1c511 Update to latest models
• a42e6cf Merge branch 'release-1.42.77'
• ea561b3 Merge branch 'release-1.42.77' into develop
• 7906a34 Bumping version to 1.42.77
• 7f9c3cd Update endpoints model
• 1db4cef Update to latest models
• eded7ce Merge branch 'release-1.42.76'
• 85f623c Merge branch 'release-1.42.76' into develop
• Additional commits viewable in compare view

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:

Commits

• 91d7288 Cherry-pick #14542 (#14543)
• See full diff in compare view

Updates importlib-metadata from 8.7.1 to 8.9.0

Changelog

Sourced from importlib-metadata's changelog.

v8.9.0

Features

• python/cpython#110937python/cpython#140141, python/cpython#143658)

v8.8.0

Features

• Removed Python 3.9 compatibility.

Commits

• 76f03df 🚡 Toil the docs.
• 613e980 Finalize
• 349957e Add news fragment.
• 8c5d91b Improve performance of name normalization (#533)
• 27169dc Move behavior description into the docstring. Remove references to intermedia...
• cbadafc Repeat the operation to get performance visibility.
• a77d0d1 Add performance test for Prepared.normalize.
• 1b0be12 Use parameterize fixture for parameterized tests.
• 1738b20 Merge branch 'backport-cpython-140141' into maint/8.x
• 164e666 Merge branch 'backport-cpython-110937' into maint/8.x
• Additional commits viewable in compare view

Updates pydantic-core from 2.41.5 to 2.44.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions