Bump the pip group across 6 directories with 7 updates by dependabot[bot] · Pull Request #2082 · materialsproject/MPContribs

dependabot · 2026-06-23T16:16:16Z

Bumps the pip group with 4 updates in the /mpcontribs-api/requirements directory: bleach, cryptography, jupyter-server and tornado.
Bumps the pip group with 2 updates in the /mpcontribs-client/requirements directory: msgpack and ujson.
Bumps the pip group with 5 updates in the /mpcontribs-kernel-gateway/requirements directory:

Package	From	To
bleach	`6.3.0`	`6.4.0`
jupyter-server	`2.18.2`	`2.20.0`
tornado	`6.5.5`	`6.5.7`
msgpack	`1.1.2`	`1.2.1`
ujson	`5.12.1`	`5.13.0`

Bumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: pydantic-settings.
Bumps the pip group with 4 updates in the /mpcontribs-portal/requirements directory: bleach, tornado, msgpack and ujson.
Bumps the pip group with 2 updates in the /mpcontribs-serverless/dependencies directory: msgpack and ujson.

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

Dropped support for pypy 3.10. (#764)

Security fixes

Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

For example::

import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

outputs::

'Click'

See the advisory for details.

Fix GHSA-gj48-438w-jh9v.

Fix issue where URI sanitization wasn't happening in formaction attributes.

See the advisory for details.

Bug fixes

Add support for pypy 3.11. (#764)

Drop version max in tinycss2 pin. (#772)

This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits

f0355a7 fix: fix last release date in CHANGES
ae4e8a2 chore: bleach 6.4.0 and final release
970df58 fix: uri-sanitization in formaction attributes
7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
913ab75 fix: reduce redundancy in workflow jobs
218c15a fix: rework pip caching
4f0b097 fix: fix tox platform restrictions
e95a79d chore: update pytest
91539d4 Bump actions/cache from 5.0.3 to 5.0.4
cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
Additional commits viewable in compare view

Updates cryptography from 48.0.0 to 48.0.1

Changelog

Sourced from cryptography's changelog.

48.0.1 - 2026-06-09

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.

.. _v48-0-0:

Commits

de987ce 48.0.1 version bump and changelog (#14996)
See full diff in compare view

Updates jupyter-server from 2.18.2 to 2.20.0

Release notes

Sourced from jupyter-server's releases.

v2.20.0

2.20.0

(Full Changelog)

Security fixes

CVE-2026-44727 GHSA-fcw5-x6j4-ccmp

Enhancements made

Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@Yann-P, @minrk)

Add a toggle to enable curve encryption for all kernels that support it #1638 (@krassowski, @Carreau, @ianthomas23, @minrk)

Bugs fixed

Grab the port from bind_sockets in case its different #1651 (@choldgraf, @krassowski)

Maintenance and upkeep improvements

Fix test_authorizer having a spurious comma in params #1664 (@krassowski)

Add a reminder to merge GHSA before release #1659 (@Yann-P, @Carreau)

Exclude problematic pywinpty 3.0.4 version #1658 (@krassowski)

ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@Carreau, @Copilot)

Documentation improvements

Align docs for curve encryption with latest JEP version #1660 (@krassowski, @Carreau)

Remove PGP key from docs #1653 (@Yann-P, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @choldgraf (activity) | @Copilot (activity) | @ianthomas23 (activity) | @krassowski (activity) | @minrk (activity) | @Yann-P (activity)

v2.19.0

2.19.0

(Full Changelog)

Enhancements made

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.20.0

(Full Changelog)

Enhancements made

Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@Yann-P, @minrk)

Add a toggle to enable curve encryption for all kernels that support it #1638 (@krassowski, @Carreau, @ianthomas23, @minrk)

Bugs fixed

Grab the port from bind_sockets in case its different #1651 (@choldgraf, @krassowski)

Maintenance and upkeep improvements

Fix test_authorizer having a spurious comma in params #1664 (@krassowski)

Add a reminder to merge GHSA before release #1659 (@Yann-P, @Carreau)

Exclude problematic pywinpty 3.0.4 version #1658 (@krassowski)

ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@Carreau, @Copilot)

Documentation improvements

Align docs for curve encryption with latest JEP version #1660 (@krassowski, @Carreau)

Remove PGP key from docs #1653 (@Yann-P, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @choldgraf (activity) | @Copilot (activity) | @ianthomas23 (activity) | @krassowski (activity) | @minrk (activity) | @Yann-P (activity)

2.19.0

(Full Changelog)

Enhancements made

Return unresolved stanza when kernel scope is unavailable for resolvePath (instead of failing with 404) #1641 (@MUFFANUJ, @Carreau, @krassowski)

Bugs fixed

Recreate notary store on failure to prevent save deadlock and data loss #1640 (@krassowski, @Carreau)

Maintenance and upkeep improvements

... (truncated)

Commits

05a78ad Publish 2.20.0
6cbee8d Merge commit from fork
333e700 Fix test_authorizer having a spurious comma in params (#1664)
cccd543 Fix CI: explicitly pass base-setup inputs to avoid strict validation failures
cd16d71 Align docs for curve encryption with latest JEP version (#1660)
e458061 Add a toggle to enable curve encryption for all kernels that support it (#1638)
0ceeb4f Add note in RELEASE.md
b13f8a2 Markdown does not work.
e885b10 Add GHSA reminder in prep-release
0e28c90 Exclude problematic pywinpty 3.0.4 version (#1658)
Additional commits viewable in compare view

Updates tornado from 6.5.5 to 6.5.7

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits

48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
4ae1ddd Release notes and version bump for 6.5.7
3154caa curl_httpclient: Reset the curl object before putting it on the freelist
7d869c0 Merge pull request #3631 from bdarnell/cve-links
288241f docs: Use the correct link syntax
8da981c docs: Add CVE links to 6.5.6 release notes
aba2569 Merge pull request #3626 from bdarnell/fixes-656
a24b260 httpclient_test: Accept an additional error message variant
a74240a Release notes and version bump for 6.5.6.
e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
Additional commits viewable in compare view

Updates msgpack from 1.1.2 to 1.2.1

Release notes

Sourced from msgpack's releases.

v1.2.1

What's Changed

Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group by @dependabot[bot] in msgpack/msgpack-python#694

release v1.2.1 by @methane in msgpack/msgpack-python#698

Full Changelog: msgpack/msgpack-python@v1.2.0...v1.2.1

v1.2.0

What's Changed

relax setuptools version by @methane in msgpack/msgpack-python#652

update setuptools requirements to >=78.1.1 by @methane in msgpack/msgpack-python#653

cython: freethreading_compatible by @methane in msgpack/msgpack-python#654

drop Python 3.9 by @methane in msgpack/msgpack-python#656

update cython and cibuildwheel by @methane in msgpack/msgpack-python#658

ci: add riscv64 manylinux/musllinux wheels by @justeph in msgpack/msgpack-python#664

fix: check unpack_callback_uint32 result by @KowalskiThomas in msgpack/msgpack-python#666

fix: re-raise existing exception when available by @KowalskiThomas in msgpack/msgpack-python#667

fix: check return code in unpack_callback_int64 by @KowalskiThomas in msgpack/msgpack-python#665

Fixed README example by @vallsv in msgpack/msgpack-python#668

Bump the all-dependencies group with 6 updates by @dependabot[bot] in msgpack/msgpack-python#669

ci: use ubuntu-slim for lint by @methane in msgpack/msgpack-python#670

fix: enforce strict_map_key with object_pairs_hook by @KowalskiThomas in msgpack/msgpack-python#673

Raise DEFAULT_RECURSE_LIMIT from 511 to 1024 by @Copilot in msgpack/msgpack-python#676

fix: properly handle return codes in pack_timestamp by @KowalskiThomas in msgpack/msgpack-python#672

fix: avoid memory leak when decoding invalid nested arrays by @KowalskiThomas in msgpack/msgpack-python#671

Add missing autoreset in Packer.pack_ext_type by @bysiber in msgpack/msgpack-python#663

Add no-GIL interpreter support by @clin1234 in msgpack/msgpack-python#641

skip recursion limit test on free-threaded CPython builds by @methane in msgpack/msgpack-python#679

Fix Timestamp.from_datetime returning wrong value for pre-epoch datetimes by @bysiber in msgpack/msgpack-python#662

Add 3.15 to CI by @clin1234 in msgpack/msgpack-python#678

fix: use-after-free in get_data_from_buffer by @KowalskiThomas in msgpack/msgpack-python#677

change changelog format to markdown by @methane in msgpack/msgpack-python#680

Bump the all-dependencies group with 2 updates by @dependabot[bot] in msgpack/msgpack-python#684

Bump sys.setrecursionlimit within test_nest_limit_1024 by @clin1234 in msgpack/msgpack-python#682

Guard Packer buffer protocol hooks with Cython critical sections by @Copilot in msgpack/msgpack-python#686

Harden Unpacker.__init__ re-entry cleanup to prevent buffer/context leaks by @Copilot in msgpack/msgpack-python#687

release v1.2.0rc1 by @methane in msgpack/msgpack-python#681

Wheels CI hangs for MacOS Intel by @crusaderky in msgpack/msgpack-python#689

Bump pypa/cibuildwheel from 3.4.1 to 4.0.0 in the all-dependencies group by @dependabot[bot] in msgpack/msgpack-python#691

release v1.2.0 by @methane in msgpack/msgpack-python#692

New Contributors

@justeph made their first contribution in msgpack/msgpack-python#664

@KowalskiThomas made their first contribution in msgpack/msgpack-python#666

@vallsv made their first contribution in msgpack/msgpack-python#668

@dependabot[bot] made their first contribution in msgpack/msgpack-python#669

@Copilot made their first contribution in msgpack/msgpack-python#676

@bysiber made their first contribution in msgpack/msgpack-python#663

@clin1234 made their first contribution in msgpack/msgpack-python#641

... (truncated)

Changelog

Sourced from msgpack's changelog.

1.2.1

Release Date: 2026-06-19

Fix a segfault when calling Unpacker.unpack() or Unpacker.skip() after an unpacking failure. But note that reusing the same Unpacker instance after an unpacking failure is not supported. Please create a new Unpacker instance instead. GHSA-6v7p-g79w-8964

1.2.0

Release Date: 2026-06-11

Support free threaded Python. #654, #686

Dropped support for Python 3.9. #656

Fix missing error checks in C code. #665, #666, #667, #672

Fix strict_map_key option didn't work for object_pairs_hook. #673

Increase DEFAULT_RECURSE_LIMIT of Unpacker to 1024. #676

Fix memory leak when Unpacker returns error for invalid input. #671

Fix Packer.pack_ext_type() ignored autoreset option. #663

Fix Timestamp.from_datetime() returning wrong value for pre-epoch datetimes. #662

Fix use-after-free in unpackb() and Unpacker.unpack() for non-contiguous input. #677

Fix possible memory leak when calling Unpacker.__init__() several times. #687

Commits

448d43f release v1.2.1 (#698)
2c56ddb Merge commit from fork
0f4f350 Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group (#694)
11ed0a5 release v1.2.0 (#692)
c410a38 Bump pypa/cibuildwheel from 3.4.1 to 4.0.0 (#691)
97ba6ca skip ci: remove unneeded CIBW_SKIP option
cdde1b0 Wheels CI hangs for MacOS Intel (#689)
5eb57e1 release v1.2.0rc1 (#681)
77395c1 Harden Unpacker.__init__ re-entry cleanup to prevent buffer/context leaks (...
7df7136 Guard Packer buffer protocol hooks with Cython critical sections (#686)
Additional commits viewable in compare view

Updates ujson from 5.12.1 to 5.13.0

Release notes

Sourced from ujson's releases.

5.13.0

Added

Create manylinux2014 wheels (#745) @hugovk

Add support for Python 3.15 (#742) @hugovk

Disable global interpreter lock for freethreading (#737) @bwoodsend

Re-enable building GraalPy wheels on macOS arm64 (#733) @timfel

Changed

Move metadata from setup.cfg to pyproject.toml (#736) @hugovk

Fixed

Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf36b1116fece5034ee79a7a0ef3f6deedcf) @bwoodsend

Replace generated version.h with macro (#735) @hugovk

Commits

1a23a68 Create manylinux2014 wheels (#745)
bd943e8 Build separate manylinux2014 + modern wheels
87ae2df Create manylinux2014 wheels
209371e Verify expected number of dists (#743)
6392258 Also check SHA of wheels in case manylinux version changes
a00edea Verify expected number of dists
e24aeb7 Fix utf-8 test for graalpy
9122ebe Replace pre-commit with prek to fix deprecation warning (#744)
0bbf9a3 Add support for Python 3.15 (#742)
90ddea2 Replace pre-commit with prek to fix deprecation warning
Additional commits viewable in compare view

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

Dropped support for pypy 3.10. (#764)

Security fixes

Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

For example::

import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

outputs::

'Click'

See the advisory for details.

Fix GHSA-gj48-438w-jh9v.

Fix issue where URI sanitization wasn't happening in formaction attributes.

See the advisory for details.

Bug fixes

Add support for pypy 3.11. (#764)

Drop version max in tinycss2 pin. (#772)

This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits

f0355a7 fix: fix last release date in CHANGES
ae4e8a2 chore: bleach 6.4.0 and final release
970df58 fix: uri-sanitization in formaction attributes
7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
913ab75 fix: reduce redundancy in workflow jobs
218c15a fix: rework pip caching
4f0b097 fix: fix tox platform restrictions
e95a79d chore: update pytest
91539d4 Bump actions/cache from 5.0.3 to 5.0.4
cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
Additional commits viewable in compare view

Updates jupyter-server from 2.18.2 to 2.20.0

Release notes

Sourced from jupyter-server's releases.

v2.20.0

2.20.0

(Full Changelog)

Security fixes

CVE-2026-44727 GHSA-fcw5-x6j4-ccmp

Enhancements made

Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@Yann-P, @minrk)

Add a toggle to enable curve encryption for all kernels that support it #1638 (@krassowski, @Carreau, @ianthomas23, @minrk)

Bugs fixed

Grab the port from bind_sockets in case its different #1651 (@choldgraf, @krassowski)

Maintenance and upkeep improvements

Fix test_authorizer having a spurious comma in params #1664 (@krassowski)

Add a reminder to merge GHSA before release #1659 (@Yann-P, @Carreau)

Exclude problematic pywinpty 3.0.4 version #1658 (@krassowski)

ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@Carreau, @Copilot)

Documentation improvements

Align docs for curve encryption with latest JEP version #1660 (@krassowski, @Carreau)

Remove PGP key from docs #1653 (@Yann-P, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @choldgraf (activity) | @Copilot (activity) | @ianthomas23 (activity) | @krassowski (activity) | @minrk (activity) | @Yann-P (activity)

v2.19.0

2.19.0

(Full Changelog)

Enhancements made

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.20.0

(Full Changelog)

Enhancements made

Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@Yann-P, @minrk)

Add a toggle to enable curve encryption for all kernels that support it #1638 (@krassowski, @Carreau, @ianthomas23, @minrk)

Bugs fixed

Grab the port from bind_sockets in case its different #1651 (@choldgraf, @krassowski)

Maintenance and upkeep improvements

Fix test_authorizer having a spurious comma in params #1664 (@krassowski)

Add a reminder to merge GHSA before release #1659 (@Yann-P, @Carreau)

Exclude problematic pywinpty 3.0.4 version #1658 (@krassowski)

ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@Carreau, @Copilot)

Documentation improvements

Align docs for curve encryption with latest JEP version #1660 (@krassowski, @Carreau)

Remove PGP key from docs #1653 (@Yann-P, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @choldgraf (activity) | @Copilot (activity) | @ianthomas23 (activity) | @krassowski (activity) | @minrk (activity) | @Yann-P (activity)

2.19.0

(Full Changelog)

Enhancements made

Return unresolved stanza when kernel scope is unavailable for resolvePath (instead of failing with 404) #1641 (@MUFFANUJ, @Carreau, @krassowski)

Bugs fixed

Recreate notary store on failure to prevent save deadlock and data loss #1640 (@krassowski, @Carreau)

Maintenance and upkeep improvements

... (truncated)

Commits

05a78ad Publish 2.20.0
6cbee8d Merge commit from fork
333e700 Fix test_authorizer having a spurious comma in params (#1664)
cccd543 Fix CI: explicitly pass base-setup inputs to avoid strict validation failures
cd16d71 Align docs for curve encryption with latest JEP version (#1660)
e458061 Add a toggle to enable curve encryption for all kernels that support it (#1638)
0ceeb4f Add note in RELEASE.md
b13f8a2 Markdown does not work.
e885b10 Add GHSA reminder in prep-release
0e28c90 Exclude problematic pywinpty 3.0.4 version (#1658)
Additional commits viewable in compare view

Updates tornado from 6.5.5 to 6.5.7

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits

48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
4ae1ddd Release notes and version bump for 6.5.7
3154caa curl_httpclient: Reset the curl object before putting it on the freelist
7d869c0 Merge pull request #3631 from bdarnell/cve-links
288241f docs: Use the correct link syntax
8da981c docs: Add CVE links to 6.5.6 release notes
aba2569 Merge pull request #3626 from bdarnell/fixes-656
a24b260 httpclient_test: Accept an additional error message variant
a74240a Release notes and version bump for 6.5.6.
e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
Additional commits viewable in compare view

Updates msgpack from 1.1.2 to 1.2.1

Release notes

Sourced from msgpack's releases.

v1.2.1

What's Changed

Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group by @dependabot[bot] in msgpack/msgpack-python#694

release v1.2.1 by @methane in msgpack/msgpack-python#698

Full Changelog: msgpack/msgpack-python@v1.2.0...v1.2.1

v1.2.0

What's Changed

relax setuptools version by @methane in msgpack/msgpack-python#652

update setuptools requirements to >=78.1.1 by

Bumps the pip group with 4 updates in the /mpcontribs-api/requirements directory: [bleach](https://github.com/mozilla/bleach), [cryptography](https://github.com/pyca/cryptography), [jupyter-server](https://github.com/jupyter-server/jupyter_server) and [tornado](https://github.com/tornadoweb/tornado). Bumps the pip group with 2 updates in the /mpcontribs-client/requirements directory: [msgpack](https://github.com/msgpack/msgpack-python) and [ujson](https://github.com/ultrajson/ultrajson). Bumps the pip group with 5 updates in the /mpcontribs-kernel-gateway/requirements directory: | Package | From | To | | --- | --- | --- | | [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` | | [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.18.2` | `2.20.0` | | [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` | | [msgpack](https://github.com/msgpack/msgpack-python) | `1.1.2` | `1.2.1` | | [ujson](https://github.com/ultrajson/ultrajson) | `5.12.1` | `5.13.0` | Bumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: [pydantic-settings](https://github.com/pydantic/pydantic-settings). Bumps the pip group with 4 updates in the /mpcontribs-portal/requirements directory: [bleach](https://github.com/mozilla/bleach), [tornado](https://github.com/tornadoweb/tornado), [msgpack](https://github.com/msgpack/msgpack-python) and [ujson](https://github.com/ultrajson/ultrajson). Bumps the pip group with 2 updates in the /mpcontribs-serverless/dependencies directory: [msgpack](https://github.com/msgpack/msgpack-python) and [ujson](https://github.com/ultrajson/ultrajson). Updates `bleach` from 6.3.0 to 6.4.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.3.0...v6.4.0) Updates `cryptography` from 48.0.0 to 48.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@48.0.0...48.0.1) Updates `jupyter-server` from 2.18.2 to 2.20.0 - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](jupyter-server/jupyter_server@v2.18.2...v2.20.0) Updates `tornado` from 6.5.5 to 6.5.7 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.5.5...v6.5.7) Updates `msgpack` from 1.1.2 to 1.2.1 - [Release notes](https://github.com/msgpack/msgpack-python/releases) - [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md) - [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `bleach` from 6.3.0 to 6.4.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.3.0...v6.4.0) Updates `jupyter-server` from 2.18.2 to 2.20.0 - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](jupyter-server/jupyter_server@v2.18.2...v2.20.0) Updates `tornado` from 6.5.5 to 6.5.7 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.5.5...v6.5.7) Updates `msgpack` from 1.1.2 to 1.2.1 - [Release notes](https://github.com/msgpack/msgpack-python/releases) - [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md) - [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `pydantic-settings` from 2.12.0 to 2.14.2 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.12.0...v2.14.2) Updates `bleach` from 6.3.0 to 6.4.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.3.0...v6.4.0) Updates `tornado` from 6.5.5 to 6.5.7 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.5.5...v6.5.7) Updates `msgpack` from 1.1.2 to 1.2.1 - [Release notes](https://github.com/msgpack/msgpack-python/releases) - [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md) - [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1) Updates `ujson` from 5.12.1 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) Updates `msgpack` from 1.0.4 to 1.2.1 - [Release notes](https://github.com/msgpack/msgpack-python/releases) - [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md) - [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1) Updates `ujson` from 5.5.0 to 5.13.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@5.12.1...5.13.0) --- updated-dependencies: - dependency-name: bleach dependency-version: 6.4.0 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-version: 48.0.1 dependency-type: direct:production dependency-group: pip - dependency-name: jupyter-server dependency-version: 2.20.0 dependency-type: direct:production dependency-group: pip - dependency-name: tornado dependency-version: 6.5.7 dependency-type: direct:production dependency-group: pip - dependency-name: msgpack dependency-version: 1.2.1 dependency-type: direct:production dependency-group: pip - dependency-name: ujson dependency-version: 5.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: bleach dependency-version: 6.4.0 dependency-type: direct:production dependency-group: pip - dependency-name: jupyter-server dependency-version: 2.20.0 dependency-type: direct:production dependency-group: pip - dependency-name: tornado dependency-version: 6.5.7 dependency-type: direct:production dependency-group: pip - dependency-name: msgpack dependency-version: 1.2.1 dependency-type: direct:production dependency-group: pip - dependency-name: ujson dependency-version: 5.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: pydantic-settings dependency-version: 2.14.2 dependency-type: direct:production dependency-group: pip - dependency-name: bleach dependency-version: 6.4.0 dependency-type: direct:production dependency-group: pip - dependency-name: tornado dependency-version: 6.5.7 dependency-type: direct:production dependency-group: pip - dependency-name: msgpack dependency-version: 1.2.1 dependency-type: direct:production dependency-group: pip - dependency-name: ujson dependency-version: 5.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: msgpack dependency-version: 1.2.1 dependency-type: indirect dependency-group: pip - dependency-name: ujson dependency-version: 5.13.0 dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 23, 2026

dependabot Bot mentioned this pull request Jun 23, 2026

Bump the pip group across 5 directories with 5 updates #2081

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 6 directories with 7 updates#2082

Bump the pip group across 6 directories with 7 updates#2082
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/mpcontribs-api/requirements/pip-8e8bf33e80

dependabot Bot commented on behalf of github Jun 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 23, 2026

Version 6.4.0 (June 5th, 2026)

v2.20.0

2.20.0

Security fixes

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

v2.19.0

2.19.0

Enhancements made

2.20.0

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

2.19.0

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Release notes

v1.2.1

What's Changed

v1.2.0

What's Changed

New Contributors

1.2.1

1.2.0

5.13.0

Added

Changed

Fixed

Version 6.4.0 (June 5th, 2026)

v2.20.0

2.20.0

Security fixes

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

v2.19.0

2.19.0

Enhancements made

2.20.0

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

2.19.0

Enhancements made

Bugs fixed

Maintenance and upkeep improvements

Release notes

v1.2.1

What's Changed

v1.2.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants