Skip to content

chore(deps): bump the uv group across 13 directories with 9 updates#1205

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python/agents/brand-aligner/uv-1e86a97cda
Closed

chore(deps): bump the uv group across 13 directories with 9 updates#1205
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python/agents/brand-aligner/uv-1e86a97cda

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the uv group with 1 update in the /python/agents/brand-aligner directory: pillow.
Bumps the uv group with 2 updates in the /python/agents/brand-search-optimization directory: pillow and nltk.
Bumps the uv group with 1 update in the /python/agents/camel directory: pillow.
Bumps the uv group with 5 updates in the /python/agents/currency-agent directory:

Package From To
google-cloud-aiplatform 1.111.0 1.133.0
mcp 1.13.1 1.23.0
sqlparse 0.5.3 0.5.4
starlette 0.47.3 0.49.1
werkzeug 3.1.1 3.1.6

Bumps the uv group with 3 updates in the /python/agents/currency-agent/mcp-server directory: mcp, starlette and werkzeug.
Bumps the uv group with 1 update in the /python/agents/data-engineering directory: nltk.
Bumps the uv group with 6 updates in the /python/agents/hierarchical-workflow-automation directory:

Package From To
google-cloud-aiplatform 1.118.0 1.133.0
mcp 1.13.1 1.23.0
sqlparse 0.5.3 0.5.4
starlette 0.47.3 0.49.1
langchain-core 0.3.76 1.2.11
langgraph-checkpoint 2.1.1 4.0.0

Bumps the uv group with 1 update in the /python/agents/llm-auditor directory: nltk.
Bumps the uv group with 1 update in the /python/agents/machine-learning-engineering directory: nltk.
Bumps the uv group with 2 updates in the /python/agents/parallel_task_decomposition_execution directory: google-cloud-aiplatform and mcp.
Bumps the uv group with 1 update in the /python/agents/policy-as-code directory: google-cloud-aiplatform.
Bumps the uv group with 2 updates in the /python/agents/retail-ai-location-strategy directory: google-cloud-aiplatform and starlette.
Bumps the uv group with 1 update in the /python/agents/safety-plugins directory: pillow.

Updates pillow from 12.1.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

Commits

Updates pillow from 11.3.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

Commits

Updates nltk from 3.9.2 to 3.9.3

Changelog

Sourced from nltk's changelog.

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)

... (truncated)

Commits
  • 4154eb8 Merge pull request #3503 from ekaf/hotfix-3501
  • 7a710cb Prepare release 3.9.3
  • 1056b32 Merge pull request #3468 from HyperPS/fix/secure-unzip-rce
  • 7dc5baa Resolve merge conflict in tag mapping using normalized nltk resource URL
  • 7ef38b8 Merge pull request #3467 from HyperPS/develop
  • b2e1164 Merge pull request #3485 from HyperPS/fix-filestring-sandbox-update
  • ac0ce55 Merge pull request #3480 from HyperPS/fix/filesystem-sandbox-security
  • 603e34d Merge pull request #3479 from HyperPS/fix/corpusreader-path-traversal
  • b63a501 Merge pull request #3477 from HyperPS/fix/stanford-segmenter-rce-sha256
  • df38955 Merge pull request #3494 from ekaf/ewnv
  • Additional commits viewable in compare view

Updates pillow from 12.1.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

Commits

Updates google-cloud-aiplatform from 1.111.0 to 1.133.0

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.133.0

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

... (truncated)

Changelog

Sourced from google-cloud-aiplatform's changelog.

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)
  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

  • Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
  • GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

... (truncated)

Commits
  • 78f2bdd chore(main): release 1.133.0 (#6211)
  • c8c0f0f fix: Add None check for agent_info in evals.py
  • 9952b97 chore: rollback
  • 83f4076 fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 937d5af Copybara import of the project:
  • aaaf902 chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs
  • 8c876ef fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 5448f06 fix: Require uri or staging bucket configuration for saving model to Vertex E...
  • 65717fa feat: GenAI SDK client(memory): Add enable_third_person_memories
  • be2eaaa fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config
  • Additional commits viewable in compare view

Updates mcp from 1.13.1 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates sqlparse from 0.5.3 to 0.5.4

Changelog

Sourced from sqlparse's changelog.

Release 0.5.4 (Nov 28, 2025)

Enhancements

  • Add support for Python 3.14.
  • Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
  • Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
  • Add ATTACH and DETACH to PostgreSQL keywords (pr808).
  • Add INTERSECT to close keywords in WHERE clause (pr820).
  • Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

  • Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
  • Remove shebang from cli.py and remove executable flag (pr818).
  • Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
  • Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
  • Fix splitting on semicolons inside BEGIN...END blocks (issue809).
Commits
  • 14e300b Bump version.
  • 96a67e2 Code cleanup.
  • 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
  • e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
  • 149bebf Update Changelog.
  • 561a67e Update AUTHORS.
  • 73c8ba3 bugfix ISSUE_801; Remove all comments when only comments
  • 1b32387 Update action to run on all prs.
  • 31903e0 Add pre-commit hook support (fixes #537)
  • 1357726 docs: add AGENTS.md for project guidance and development commands
  • Additional commits viewable in compare view

Updates starlette from 0.47.3 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Version 0.48.0

Added

  • Add official Python 3.14 support #3013.

Changed

New Contributors

Full Changelog: Kludex/starlette@0.47.3...0.48.0

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

0.48.0 (September 13, 2025)

Added

  • Add official Python 3.14 support #3013.

Changed

Commits

Updates werkzeug from 3.1.1 to 3.1.6

Release notes

Sourced from werkzeug's releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

  • safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x

3.1.5

This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.5/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5 Milestone: https://github.com/pallets/werkzeug/milestone/43?closed=1

  • safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. GHSA-87hc-h4r5-73f7
  • The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. #3065 #3077
  • Fix AttributeError when initializing DebuggedApplication with pin_security=False. #3075

3.1.4

This is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.4/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4 Milestone: https://github.com/pallets/werkzeug/milestone/42?closed=1

  • safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. ghsa-hgf8-39gv-g3f2
  • The debugger pin fails after 10 attempts instead of 11. #3020
  • The multipart form parser handles a \r\n sequence at a chunk boundary. #3065
  • Improve CPU usage during Watchdog reloader. #3054
  • Request.json annotation is more accurate. #3067
  • Traceback rendering handles when the line number is beyond the available source lines. #3044
  • HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. #3056

3.1.3

This is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.3/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3 Milestone: https://github.com/pallets/werkzeug/milestone/41?closed=1

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. #2994
  • When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. #2993

3.1.2

This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.2/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.1.6

Released 2026-02-19

  • safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x

Version 3.1.5

Released 2026-01-08

  • safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. :ghsa:87hc-h4r5-73f7
  • The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. :issue:3065 :issue:3077
  • Fix AttributeError when initializing DebuggedApplication with pin_security=False. :issue:3075

Version 3.1.4

Released 2025-11-28

  • safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. :ghsa:hgf8-39gv-g3f2
  • The debugger pin fails after 10 attempts instead of 11. :pr:3020
  • The multipart form parser handles a \r\n sequence at a chunk boundary. :issue:3065
  • Improve CPU usage during Watchdog reloader. :issue:3054
  • Request.json annotation is more accurate. :issue:3067
  • Traceback rendering handles when the line number is beyond the available source lines. :issue:3044
  • HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. :issue:3056

Version 3.1.3

Released 2024-11-08

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be

... (truncated)

Commits

Updates mcp from 1.13.1 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

@dependabot
chore(deps): bump the uv group across 13 directories with 9 updates
51a1ae2 
Bumps the uv group with 1 update in the /python/agents/brand-aligner directory: [pillow](https://github.com/python-pillow/Pillow).
Bumps the uv group with 2 updates in the /python/agents/brand-search-optimization directory: [pillow](https://github.com/python-pillow/Pillow) and [nltk](https://github.com/nltk/nltk).
Bumps the uv group with 1 update in the /python/agents/camel directory: [pillow](https://github.com/python-pillow/Pillow).
Bumps the uv group with 5 updates in the /python/agents/currency-agent directory:

| Package | From | To |
| --- | --- | --- |
| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.111.0` | `1.133.0` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.13.1` | `1.23.0` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.5.3` | `0.5.4` |
| [starlette](https://github.com/Kludex/starlette) | `0.47.3` | `0.49.1` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |

Bumps the uv group with 3 updates in the /python/agents/currency-agent/mcp-server directory: [mcp](https://github.com/modelcontextprotocol/python-sdk), [starlette](https://github.com/Kludex/starlette) and [werkzeug](https://github.com/pallets/werkzeug).
Bumps the uv group with 1 update in the /python/agents/data-engineering directory: [nltk](https://github.com/nltk/nltk).
Bumps the uv group with 6 updates in the /python/agents/hierarchical-workflow-automation directory:

| Package | From | To |
| --- | --- | --- |
| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.118.0` | `1.133.0` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.13.1` | `1.23.0` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.5.3` | `0.5.4` |
| [starlette](https://github.com/Kludex/starlette) | `0.47.3` | `0.49.1` |
| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.76` | `1.2.11` |
| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.1.1` | `4.0.0` |

Bumps the uv group with 1 update in the /python/agents/llm-auditor directory: [nltk](https://github.com/nltk/nltk).
Bumps the uv group with 1 update in the /python/agents/machine-learning-engineering directory: [nltk](https://github.com/nltk/nltk).
Bumps the uv group with 2 updates in the /python/agents/parallel_task_decomposition_execution directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [mcp](https://github.com/modelcontextprotocol/python-sdk).
Bumps the uv group with 1 update in the /python/agents/policy-as-code directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).
Bumps the uv group with 2 updates in the /python/agents/retail-ai-location-strategy directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [starlette](https://github.com/Kludex/starlette).
Bumps the uv group with 1 update in the /python/agents/safety-plugins directory: [pillow](https://github.com/python-pillow/Pillow).


Updates `pillow` from 12.1.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

Updates `pillow` from 11.3.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

Updates `nltk` from 3.9.2 to 3.9.3
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.2...3.9.3)

Updates `pillow` from 12.1.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

Updates `google-cloud-aiplatform` from 1.111.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.111.0...v1.133.0)

Updates `mcp` from 1.13.1 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.13.1...v1.23.0)

Updates `sqlparse` from 0.5.3 to 0.5.4
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.5.3...0.5.4)

Updates `starlette` from 0.47.3 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.47.3...0.49.1)

Updates `werkzeug` from 3.1.1 to 3.1.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.1...3.1.6)

Updates `mcp` from 1.13.1 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.13.1...v1.23.0)

Updates `starlette` from 0.46.2 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.47.3...0.49.1)

Updates `werkzeug` from 3.1.1 to 3.1.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.1...3.1.6)

Updates `nltk` from 3.9.2 to 3.9.3
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.2...3.9.3)

Updates `google-cloud-aiplatform` from 1.118.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.111.0...v1.133.0)

Updates `mcp` from 1.13.1 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.13.1...v1.23.0)

Updates `sqlparse` from 0.5.3 to 0.5.4
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.5.3...0.5.4)

Updates `starlette` from 0.47.3 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.47.3...0.49.1)

Updates `langchain-core` from 0.3.76 to 1.2.11
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==0.3.76...langchain-core==1.2.11)

Updates `langgraph-checkpoint` from 2.1.1 to 4.0.0
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@checkpoint==2.1.1...checkpoint==4.0.0)

Updates `nltk` from 3.9.2 to 3.9.3
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.2...3.9.3)

Updates `nltk` from 3.9.2 to 3.9.3
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.2...3.9.3)

Updates `google-cloud-aiplatform` from 1.128.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.111.0...v1.133.0)

Updates `mcp` from 1.21.2 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.13.1...v1.23.0)

Updates `google-cloud-aiplatform` from 1.130.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.111.0...v1.133.0)

Updates `google-cloud-aiplatform` from 1.129.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.111.0...v1.133.0)

Updates `starlette` from 0.48.0 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.47.3...0.49.1)

Updates `pillow` from 12.1.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.9.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: sqlparse
  dependency-version: 0.5.4
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: werkzeug
  dependency-version: 3.1.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: werkzeug
  dependency-version: 3.1.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.9.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: sqlparse
  dependency-version: 0.5.4
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langchain-core
  dependency-version: 1.2.11
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langgraph-checkpoint
  dependency-version: 4.0.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.9.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: nltk
  dependency-version: 3.9.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 4, 2026
@eliasecchig eliasecchig closed this Mar 5, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 5, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/uv/python/agents/brand-aligner/uv-1e86a97cda branch March 5, 2026 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eliasecchig