Skip to content

build(deps): bump the uv group across 1 directory with 5 updates#187

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-4c10ed0f92
Open

build(deps): bump the uv group across 1 directory with 5 updates#187
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-4c10ed0f92

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 21, 2026

Bumps the uv group with 5 updates in the / directory:

Package From To
dnspython 2.0.0 2.6.1
sentry-sdk 1.5.12 1.45.1
memray 1.17.2 1.19.2
pyasn1 0.6.1 0.6.3
urllib3 2.5.0 2.6.3

Updates dnspython from 2.0.0 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.4.2

This is a bug fix release, see the What's New page in the documentation for a summary.

Thanks to the people who reported the bugs and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

  • The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

  • As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

    This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

  • Added support for the NSID EDNS option.

  • Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

  • The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

2.5.0

  • Dnspython now uses hatchling for builds.

  • Asynchronous destinationless sockets now work on Windows.

  • Cython is no longer supported due to various typing issues.

  • Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary.

  • The number of messages in a section can be retrieved with section_count().

  • Truncation preferences for messages can be specified.

  • The length of a message can be automatically prepended when rendering.

... (truncated)

Commits
  • 0a742b9 update CI
  • 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
  • f12d398 2.6.1 version prep
  • cecb853 Further improve CVE fix coverage to 100% for sync and async.
  • 7952e31 test IgnoreErrors
  • e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
  • 3af9f78 2.6.0 versioning
  • ca63d95 Require cryptography >=41 instead of 42.
  • 902cbf3 Create CODE_OF_CONDUCT.md
  • ed9795f github contributing and pull request template
  • Additional commits viewable in compare view

Updates sentry-sdk from 1.5.12 to 1.45.1

Release notes

Sourced from sentry-sdk's releases.

1.45.1

This is a security backport release.

1.45.0

This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.

Various fixes & improvements

  • Allow to upsert monitors (#2929) by @​sentrivana

    It's now possible to provide monitor_config to the monitor decorator/context manager directly:

    from sentry_sdk.crons import monitor
All keys except schedule are optional
monitor_config = {
"schedule": {"type": "crontab", "value": "0 0 * * *"},
"timezone": "Europe/Vienna",
"checkin_margin": 10,
"max_runtime": 10,
"failure_issue_threshold": 5,
"recovery_threshold": 5,
}
@​monitor(monitor_slug='<monitor-slug>', monitor_config=monitor_config)
def tell_the_world():
print('My scheduled task...')

    Check out the cron docs for details.

  • Add Django signals_denylist to filter signals that are attached to by signals_spans (#2758) by @​lieryan

    If you want to exclude some Django signals from performance tracking, you can use the new signals_denylist Django option:

    import django.db.models.signals
import sentry_sdk
sentry_sdk.init(
...
integrations=[
DjangoIntegration(
...
signals_denylist=[

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

1.45.1

This is a security backport release.

1.45.0

This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.

Various fixes & improvements

  • Allow to upsert monitors (#2929) by @​sentrivana

    It's now possible to provide monitor_config to the monitor decorator/context manager directly:

    from sentry_sdk.crons import monitor
All keys except schedule are optional
monitor_config = {
"schedule": {"type": "crontab", "value": "0 0 * * *"},
"timezone": "Europe/Vienna",
"checkin_margin": 10,
"max_runtime": 10,
"failure_issue_threshold": 5,
"recovery_threshold": 5,
}
@​monitor(monitor_slug='<monitor-slug>', monitor_config=monitor_config)
def tell_the_world():
print('My scheduled task...')

    Check out the cron docs for details.

  • Add Django signals_denylist to filter signals that are attached to by signals_spans (#2758) by @​lieryan

    If you want to exclude some Django signals from performance tracking, you can use the new signals_denylist Django option:

    import django.db.models.signals
import sentry_sdk
sentry_sdk.init(
...
integrations=[
DjangoIntegration(

... (truncated)

Commits

Updates memray from 1.17.2 to 1.19.2

Release notes

Sourced from memray's releases.

v1.19.2

What's Changed

New Contributors

Full Changelog: bloomberg/memray@v1.19.1...v1.19.2

v1.19.1

What's Changed

Full Changelog: bloomberg/memray@v1.19.0...v1.19.1

v1.19.0

What's Changed

Full Changelog: bloomberg/memray@v1.18.0...v1.19.0

v1.18.0

What's Changed

... (truncated)

Changelog

Sourced from memray's changelog.

memray 1.19.2 (2026-03-12)

Bug Fixes


- Add support for Python 3.14's tail call interpreter. Memray now correctly identifies Python frame boundaries in native stack traces when Python 3.14 is built with the tail call interpreter enabled (``--with-tail-call-interp``), recognizing LLVM-generated tail call functions alongside traditional ``_PyEval_EvalFrameDefault`` functions. ([#836](https://github.com/bloomberg/memray/issues/836))
- Prevent an ``AssertionError`` when the tracked process exits after the live TUI was closed. ([#849](https://github.com/bloomberg/memray/issues/849))
- Ensure the command line is properly HTML escaped when writing it into flamegraph and table reports. ([#885](https://github.com/bloomberg/memray/issues/885))
- Fix the ``--no-web`` option for ``memray flamegraph``, which was generating broken flame graphs. ([#876](https://github.com/bloomberg/memray/issues/876))

memray 1.19.1 (2025-09-29)


    

  • Fix a bug that caused Memray to refuse to produce stack traces for pymalloc allocations when --trace-python-allocators was used. (#832)
    • 



memray 1.19.0 (2025-09-26)


Features



- Add a mode that can be used in Python 3.13.3 and newer where Memray will track Python object creation and destruction events, which can be used to find leaked objects (ones that were created during a tracking session and not destroyed before the end of that tracking session). ([#752](https://github.com/bloomberg/memray/issues/752))
- Added ``--no-web`` flag to ``flamegraph`` and ``table`` commands for offline HTML report generation. When this flag is specified, memray bundles all external dependencies (Bootstrap, jQuery, D3, DataTables, Plotly.js) directly into the generated HTML files instead of loading them from CDNs. This enables memray to generate fully functional HTML reports on airgapped systems without internet connectivity. ([#790](https://github.com/bloomberg/memray/issues/790))
- Reduced memory profiling overhead and capture file size by changing how
  Python code locations are recorded. This makes allocation tracking
  faster, produces smaller capture files, and improves the accuracy of
  reports that group allocations by source location. ([#801](https://github.com/bloomberg/memray/issues/801))

Bug Fixes

</code></pre>

<ul>

<li>Fix a crash that could occur if tracking was started in one thread while another thread was inside of a trace function installed with <code>sys.settrace</code>. This crash wasn't possible to hit with <code>memray run</code>, but could happen when using <code>pytest-memray</code> and <code>pytest-cov</code> together. (<a href="https://redirect.github.com/bloomberg/memray/issues/823&quot;&gt;#823&lt;/a&gt;)&lt;/li>

<li>Fix timestamps on the heap usage line chart when Memray is run on a 32-bit platform. (<a href="https://redirect.github.com/bloomberg/memray/issues/826&quot;&gt;#826&lt;/a&gt;)&lt;/li>

</ul>

<h2>memray 1.18.0 (2025-08-07)</h2>

<p>Features</p>

<pre><code>


    

  • Add a button to the flame graph and table reports for downloading a CSV of the source data of the graph showing RSS and heap memory usage over time. (#769)
    • 

  • Peak memory usage is now included in the stats reporter. (#771)
    • 

  • Python 3.14 is now supported. (#804)
    • 

  • memray attach now supports attaching to a process using the new built-in sys.remote_exec when running in Python 3.14, rather than needing to use a debugger to inject itself. Since this is faster and safer, it is the new default, but you can still use the old methods by passing --method=gdb or --method=lldb to memray attach. (#805)
    • 

  • Free-threaded builds of Python 3.14 are now supported. (#808)
    
&lt;/tr&gt;&lt;/table&gt;
    
</code></pre>
    
</blockquote>
    
<p>... (truncated)</p>
    
</details>
    
<details>
    
<summary>Commits</summary>
    • 



<ul>

<li><a href="https://github.com/bloomberg/memray/commit/87e7f620583329f548c71f2e455160538b9b9afc&quot;&gt;&lt;code&gt;87e7f62&lt;/code&gt;&lt;/a> Prepare for 1.19.2 release</li>

<li><a href="https://github.com/bloomberg/memray/commit/ba6e4e2e9930f9641bed7adfdf43c8e2545ce249&quot;&gt;&lt;code&gt;ba6e4e2&lt;/code&gt;&lt;/a> Fix escaping in HTML reports</li>

<li><a href="https://github.com/bloomberg/memray/commit/f4e7128acaf3bb8800e6f9ca87c81e6c2ac44347&quot;&gt;&lt;code&gt;f4e7128&lt;/code&gt;&lt;/a> docs: Document more caveats for attaching</li>

<li><a href="https://github.com/bloomberg/memray/commit/cb93af08a75b9cae30ab1739287ef6a2bf228f51&quot;&gt;&lt;code&gt;cb93af0&lt;/code&gt;&lt;/a> Format flamegraph tooltip asset with prettier</li>

<li><a href="https://github.com/bloomberg/memray/commit/73c372623a5475f1c168f4dcfb3d61b33b9a6a8a&quot;&gt;&lt;code&gt;73c3726&lt;/code&gt;&lt;/a> Fix strict mypy errors in IPython flamegraph magic</li>

<li><a href="https://github.com/bloomberg/memray/commit/c39776cffd53f147dea98f71917e01847369855d&quot;&gt;&lt;code&gt;c39776c&lt;/code&gt;&lt;/a> Relax no-web flamegraph d3 asset assertion</li>

<li><a href="https://github.com/bloomberg/memray/commit/385a06bf89c752309e00b11b0cb0e0dc54e1174b&quot;&gt;&lt;code&gt;385a06b&lt;/code&gt;&lt;/a> Upgrade d3 v4 to v7</li>

<li><a href="https://github.com/bloomberg/memray/commit/76737ea96ed7b96690bb34a5dd0e7573f623c72c&quot;&gt;&lt;code&gt;76737ea&lt;/code&gt;&lt;/a> Regenerate flamegraph template assets</li>

<li><a href="https://github.com/bloomberg/memray/commit/d0d4da5e0758d9ce825cd44941473066481c89c4&quot;&gt;&lt;code&gt;d0d4da5&lt;/code&gt;&lt;/a> Replace d3-tip with floating-ui tooltips</li>

<li><a href="https://github.com/bloomberg/memray/commit/d73cce4b9cba6b3d75b50980f53d227c40c3b90a&quot;&gt;&lt;code&gt;d73cce4&lt;/code&gt;&lt;/a> build(deps): bump serialize-javascript, copy-webpack-plugin and terser-webpac...</li>

<li>Additional commits viewable in <a href="https://github.com/bloomberg/memray/compare/v1.17.2...v1.19.2&quot;&gt;compare view</a></li>

</ul>

</details>


<br />


Updates pyasn1 from 0.6.1 to 0.6.3



Release notes

Sourced from pyasn1's releases.




Release 0.6.3


It's a minor release.


    

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
    • 

  • Fixed OverflowError from oversized BER length field.
    • 

  • Fixed DeprecationWarning stacklevel for deprecated attributes.
    • 

  • Fixed asDateTime incorrect fractional seconds parsing.
    • 



All changes are noted in the CHANGELOG.


Release 0.6.2


It's a minor release.


    

  • Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
    • 

  • Added support for Python 3.14.
    • 

  • Added SECURITY.md policy.
    • 

  • Migrated to pyproject.toml packaging.
    • 



All changes are noted in the CHANGELOG.







Changelog

Sourced from pyasn1's changelog.




Revision 0.6.3, released 16-03-2026



Revision 0.6.2, released 16-01-2026








Commits

    

  • af65c3b Prepare release 0.6.3
    • 

  • 5a49bd1 Merge commit from fork
    • 

  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
    • 

  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
    • 

  • d7cb42d Fix OverflowError from oversized BER length field (#100)
    • 

  • e7356f8 Prepare release 0.6.2
    • 

  • 3908f14 Merge commit from fork
    • 

  • 0a7e067 Add support for Python 3.14 (#97)
    • 

  • 33656e9 Create Security Policy
    • 

  • fa62307 fix for issue #91: unit tests failing due to missing code (#92)
    • 

  • Additional commits viewable in compare view
    • 







Updates urllib3 from 2.5.0 to 2.6.3



Release notes

Sourced from urllib3's releases.




2.6.3


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Changes


    

  • Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by @​D47A, 8.9 High, GHSA-38jv-5279-wg99)
    • 

  • Started treating Retry-After times greater than 6 hours as 6 hours by default. (urllib3/urllib3#3743)
    • 

  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. (urllib3/urllib3#3752)
    • 



2.6.2


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Changes


    

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)
    • 



2.6.1


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Changes


    

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)
    • 



2.6.0


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Security


    

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
    • 

  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)
    • 





[!IMPORTANT]


    

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  urllib3[brotli] to install a compatible Brotli package automatically.
    • 








... (truncated)





Changelog

Sourced from urllib3's changelog.




2.6.3 (2026-01-07)


    

  • Fixed a high-severity security issue where decompression-bomb safeguards of
the streaming API were bypassed when HTTP redirects were followed.
(GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
    • 

  • Started treating Retry-After times greater than 6 hours as 6 hours by
default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
    • 

  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten.
([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)
    • 



2.6.2 (2025-12-11)


    

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in
the decoder's buffer when reading compressed chunked responses.
([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)
    • 



2.6.1 (2025-12-08)


    

  • Restore previously removed HTTPResponse.getheaders() and
HTTPResponse.getheader() methods.
([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)
    • 



2.6.0 (2025-12-05)


Security


    

  • Fixed a security issue where streaming API could improperly handle highly
compressed HTTP content ("decompression bombs") leading to excessive resource
consumption even when a small amount of data was requested. Reading small
chunks of compressed data is safer and much more efficient now.
(GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
    • 

  • Fixed a security issue where an attacker could compose an HTTP response with
virtually unlimited links in the Content-Encoding header, potentially
leading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to 5.
(GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)
    • 



.. caution::


    

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but
your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
benefit from the security fixes and avoid warnings. Prefer using
    • 






... (truncated)





Commits

    

  • 0248277 Release 2.6.3
    • 

  • 8864ac4 Merge commit from fork
    • 

  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
    • 

  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
    • 

  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
    • 

  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
    • 

  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
    • 

  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
    • 

  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
    • 

  • 34284cb Mention experimental features in the security policy (#3746)
    • 

  • Additional commits viewable in compare view
    • 







Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:


    

  • @dependabot rebase will rebase this PR
    • 

  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • 

  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • 

  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
    • 

  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
    • 

  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    
You can disable automated security fix PRs for this repo from the Security Alerts page.
    •

@dependabot
build(deps): bump the uv group across 1 directory with 5 updates
0ce085e 
Bumps the uv group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dnspython](https://github.com/rthalley/dnspython) | `2.0.0` | `2.6.1` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `1.5.12` | `1.45.1` |
| [memray](https://github.com/bloomberg/memray) | `1.17.2` | `1.19.2` |
| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |



Updates `dnspython` from 2.0.0 to 2.6.1
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.0.0...v2.6.1)

Updates `sentry-sdk` from 1.5.12 to 1.45.1
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/1.45.1/CHANGELOG.md)
- [Commits](getsentry/sentry-python@1.5.12...1.45.1)

Updates `memray` from 1.17.2 to 1.19.2
- [Release notes](https://github.com/bloomberg/memray/releases)
- [Changelog](https://github.com/bloomberg/memray/blob/main/NEWS.rst)
- [Commits](bloomberg/memray@v1.17.2...v1.19.2)

Updates `pyasn1` from 0.6.1 to 0.6.3
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.6.1...v0.6.3)

Updates `urllib3` from 2.5.0 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: dnspython
  dependency-version: 2.6.1
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: sentry-sdk
  dependency-version: 1.45.1
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: memray
  dependency-version: 1.19.2
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 21, 2026
@dependabot dependabot bot requested review from a team, EXBreder, ayubun, haileyok and vinaysrao1 as code owners March 21, 2026 22:03
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayubun ayubun Awaiting requested review from ayubun ayubun is a code owner

@EXBreder EXBreder Awaiting requested review from EXBreder EXBreder is a code owner

@haileyok haileyok Awaiting requested review from haileyok haileyok is a code owner

@vinaysrao1 vinaysrao1 Awaiting requested review from vinaysrao1 vinaysrao1 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants