Skip to content

chore(deps): bump the uv group across 1 directory with 10 updates#20

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-8b0c179657
Closed

chore(deps): bump the uv group across 1 directory with 10 updates#20
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-8b0c179657

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 14, 2026
edited
Loading

Bumps the uv group with 10 updates in the / directory:

Package From To
mcp 1.22.0 1.23.0
pypdf 6.0.0 6.8.0
lxml-html-clean 0.3.1 0.4.4
simpleeval 1.0.3 1.0.5
authlib 1.6.6 1.6.7
flask 3.0.3 3.1.3
langchain-text-splitters 0.3.7 0.3.9
pillow 12.1.0 12.1.1
torch 2.2.2 2.8.0
unstructured 0.16.23 0.18.18

Updates mcp from 1.22.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates pypdf from 6.0.0 to 6.8.0

Release notes

Sourced from pypdf's releases.

Version 6.8.0, 2026-03-09

What's new

Security (SEC)

New Features (ENH)

Documentation (DOC)

Full Changelog

Version 6.7.5, 2026-03-02

What's new

Security (SEC)

Full Changelog

Version 6.7.4, 2026-02-27

What's new

Security (SEC)

Robustness (ROB)

Full Changelog

Version 6.7.3, 2026-02-24

What's new

Security (SEC)

Full Changelog

Version 6.7.2, 2026-02-22

What's new

Security (SEC)

Bug Fixes (BUG)

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.8.0, 2026-03-09

Security (SEC)

  • Limit allowed /Length value of stream (#3675)

New Features (ENH)

  • Add /IRT (in-reply-to) support for markup annotations (#3631)

Documentation (DOC)

  • Avoid using PageObject.replace_contents on PdfReader (#3669)
  • Document how to disable jbig2dec calls

Full Changelog

Version 6.7.5, 2026-03-02

Security (SEC)

  • Improve the performance of the ASCIIHexDecode filter (#3666)

Full Changelog

Version 6.7.4, 2026-02-27

Security (SEC)

  • Allow limiting output length for RunLengthDecode filter (#3664)

Robustness (ROB)

  • Deal with invalid annotations in extract_links (#3659)

Full Changelog

Version 6.7.3, 2026-02-24

Security (SEC)

  • Use zlib decompression limit when retrieving XFA data (#3658)

Full Changelog

Version 6.7.2, 2026-02-22

Security (SEC)

  • Prevent infinite loop from circular xref /Prev references (#3655)

Bug Fixes (BUG)

  • Fix wrong LUT size error (#3651)
  • Fix handling of page boxes defined on /Pages (#3650)

Full Changelog

Version 6.7.1, 2026-02-17

... (truncated)

Commits
  • a869ece REL: 6.8.0
  • 3c550b3 SEC: Limit allowed /Length value of stream (#3675)
  • 5dae0e2 MAINT: Document and test XMP security (#3674)
  • b9f66ab DEV: Change to loadfile strategy for PyPy in CI (#3671)
  • 071118b MAINT: Remove excessive logging in extract_links while not clear (#3670)
  • 43add64 DEV: Timeout PyPy tests after one minute
  • 4228dd2 DOC: Avoid using PageObject.replace_contents on PdfReader (#3669)
  • 0e9792d ENH: Add /IRT (in-reply-to) support for markup annotations (#3631)
  • ede6db9 DOC: Document how to disable jbig2dec calls
  • 6d0fa2f MAINT: Move and rename _xobj_image_helpers.py (#3661)
  • Additional commits viewable in compare view

Updates lxml-html-clean from 0.3.1 to 0.4.4

Changelog

Sourced from lxml-html-clean's changelog.

0.4.4 (2026-02-26)

Bugs fixed

  • Fixed a bug where Unicode escapes in CSS were not properly decoded before security checks. This prevents attackers from bypassing filters using escape sequences. (CVE-2026-28348)
  • Fixed a security issue where <base> tags could be used for URL hijacking attacks. The <base> tag is now automatically removed whenever the <head> tag is removed (via page_structure=True or manual configuration), as <base> must be inside <head> according to HTML specifications. (CVE-2026-28350)

0.4.3 (2025-10-02)

Maintenance

  • Tests updated to work correctly with new lxml and libxml2 releases.
  • Python 3.6 and 3.7 are no longer tested.
  • Improved documentation about CSS removal behavior.

0.4.2 (2025-04-09)

Bugs fixed

  • lxml_html_clean now correctly handles HTML input as bytes as it did before the 0.2.0 release.

0.4.1 (2024-11-15)

Bugs fixed

  • Removed superfluous debug prints.

0.4.0 (2024-11-12)

Bugs fixed

  • The Cleaner() now scans for hidden JavaScript code embedded within CSS comments. In certain contexts, such as within <svg> or <math> tags,

... (truncated)

Commits
  • fd10d79 Add more tests for different combinations of backslashes and unicode
  • 5b7e228 Restore the removal of all backslashes from styles after decoding of unicode ...
  • 88da8f9 Prepare release 0.4.4
  • 9c5612c Remove <base> tags to prevent URL hijacking attacks
  • 2ef7326 Implement unicode escape decoding
  • 7c854af Add missing Python 3.14 to classifiers
  • 80cebf7 Continue using the package link
  • 1cef82e Update safe sanitizer recommendation
  • 79f35f4 CI: Drop Python 3.8, add 3.14
  • fab1dd4 Release 0.4.3
  • Additional commits viewable in compare view

Updates simpleeval from 1.0.3 to 1.0.5

Release notes

Sourced from simpleeval's releases.

1.0.5

Fixes Security issues with "dangerous" modules & functions leaking through as attributes of other names, see:

Fixes CVE-2026-32640

GHSA-44vg-5wv2-h2hg

Breaking Change:

  • Modules & Submodules now are not directly usable as names or as attributes of other items, if you still need this functionality, then use the new ModuleWrapper, or subclass SimpleEval to bypass it.
Commits
  • a4659fa Merge pull request #171 from danthedeckie/remove-module-access
  • 7c9180c version number bump
  • cffa9f6 Much stricter lockdown via _check_disallowed_items plus adding ModuleWrapper
  • 4e7f4b8 Add ByamB4 to contributors list
  • 1654cbf Disallow module access & disallowed function access via attributes.
  • 9cb4a7b Add a few additional DISALLOW_FUNCTIONS
  • 0425898 Merge pull request #169 from danthedeckie/update-readme
  • 618bcf4 update build tools / config
  • 8828943 bump version, and update copyright year
  • 97570fe lint string joining fixes
  • Additional commits viewable in compare view

Updates authlib from 1.6.6 to 1.6.7

Release notes

Sourced from authlib's releases.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.7.0

Unreleased

  • Add support for OpenID Connect RP-Initiated Logout 1.0 <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>_. See :ref:specs/rpinitiated for details. :issue:500
  • Per RFC 6749 Section 3.3, the scope parameter is now optional at both authorization and token endpoints. client.get_allowed_scope() is called to determine the default scope when omitted. :issue:845
  • Stop support for Python 3.9, start support Python 3.14. :pr:850
  • Allow AuthorizationServerMetadata.validate() to compose with RFC extension classes.
  • Fix expires_at=0 being incorrectly treated as None. :issue:530
  • Allow ResourceProtector decorator to be used without parentheses. :issue:604
  • Implement RFC9700 PKCE downgrade countermeasure.
  • Set User-Agent header when fetching server metadata and JWKs. :issue:704

Upgrade Guide: :ref:joserfc_upgrade.

Commits

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

  • stream_with_context does not fail inside async views. #5774
  • When using follow_redirects in the test client, the final state of session is correct. #5786
  • Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. #5645
  • flask --help loads the app and plugins first to make sure all commands are shown. #5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

  • Drop support for Python 3.8. #5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
  • Provide a configuration option to control automatic option responses. #5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636
Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

  • stream_with_context does not fail inside async views. :issue:5774
  • When using follow_redirects in the test client, the final state of session is correct. :issue:5786
  • Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates langchain-text-splitters from 0.3.7 to 0.3.9

Commits
  • 77c9819 fix(text-splitters): update langchain-core version to 0.3.72
  • 7f015b6 fix(text-splitters): update lock for release
  • 71ad451 Merge branch 'master' of github.com:langchain-ai/langchain
  • 2c42893 fix(langchain): update langchain-core version to 0.3.72
  • 0e139fb release(langchain): 0.3.27 (#32227)
  • 622bb05 fix(langchain): class HTMLSemanticPreservingSplitter ignores the text inside ...
  • 56dde3a feat(langchain): v1 scaffolding (#32166)
  • bd3d649 release(core): 0.3.72 (#32214)
  • fb5da83 fix(core): Dereference Refs for pydantic schema fails in tool schema generati...
  • a7d0e42 docs: fix typos in documentation (#32201)
  • Additional commits viewable in compare view

Updates pillow from 12.1.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

Commits

Updates torch from 2.2.2 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Updates unstructured from 0.16.23 to 0.18.18

Release notes

Sourced from unstructured's releases.

0.18.18

Fixes

  • Prevent path traversal in email MSG attachment filenames Fixed a security vulnerability (GHSA-gm8q-m8mv-jj5m) where malicious attachment filenames containing path traversal sequences could write files outside the intended directory. The fix normalizes both Unix and Windows path separators before sanitizing filenames, preventing cross-platform path traversal attacks in partition_msg functions

0.18.17

Enhancement

Features

Fixes

0.18.16

Enhancement

  • Speed up function _assign_hash_ids by 34% (codeflash)

Features

Fixes

0.18.15

What's Changed

New Contributors

Full Changelog: Unstructured-IO/unstructured@0.18.14...0.18.15

0.18.14

Enhancements

  • Speed up function sentence_count by 59% (codeflash)

  • Speed up function check_for_nltk_package by 111% (codeflash)

... (truncated)

Changelog

Sourced from unstructured's changelog.

0.18.18

Fixes

  • Prevent path traversal in email MSG attachment filenames Fixed a security vulnerability (GHSA-gm8q-m8mv-jj5m) where malicious attachment filenames containing path traversal sequences could write files outside the intended directory. The fix normalizes both Unix and Windows path separators before sanitizing filenames, preventing cross-platform path traversal attacks in partition_msg functions

0.18.17

Enhancement

Features

Fixes

0.18.16

Enhancement

  • Speed up function _assign_hash_ids by 34% (codeflash)

Features

Fixes

0.18.15

Enhancements

  • Speed up function ElementHtml._get_children_html by 234% (codeflash)
  • Speed up function group_broken_paragraphs by 30% (codeflash)

Features

Fixes

  • Bumped dependencies via pip-compile to address the crit CVE in:

0.18.14

Enhancements

  • Speed up function sentence_count by 59% (codeflash)
  • Speed up function check_for_nltk_package by 111% (codeflash)
  • Speed up function under_non_alpha_ratio by 76% (codeflash)

... (truncated)

Commits
  • b01d35b fix: sanitize MSG attachment filenames to prevent path traversal (GHS… (#4117)
  • 1c519ef Security Fixes - CVE Remediation (#4115)
  • c79cf3a updated dependancies to resolve open CVEs and cut a new version (#4108)
  • 8fd07fd feat: Add simple script to sync fork with local branch (#4102)
  • ef68384 enhancement: Speed up function _assign_hash_ids by 34% (#4101)
  • 2d44d73 Luke/sept16 CVE (#4094)
  • ab55d86 ⚡️ Speed up method ElementHtml._get_children_html by 234% (#4087)
  • 6aee131 ⚡️ Speed up function group_broken_paragraphs by 30% (#4088)
  • 1030a69 fix: update deps to resolve cve (#4093)
  • e3854d2 Setup Codeflash Github Actions to optimize all future code (#4082)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 14, 2026
@dependabot
chore(deps): bump the uv group across 1 directory with 10 updates
46eed75 
Bumps the uv group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.22.0` | `1.23.0` |
| [pypdf](https://github.com/py-pdf/pypdf) | `6.0.0` | `6.8.0` |
| [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) | `0.3.1` | `0.4.4` |
| [simpleeval](https://github.com/danthedeckie/simpleeval) | `1.0.3` | `1.0.5` |
| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` |
| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |
| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `0.3.9` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.1.1` |
| [torch](https://github.com/pytorch/pytorch) | `2.2.2` | `2.8.0` |
| [unstructured](https://github.com/Unstructured-IO/unstructured) | `0.16.23` | `0.18.18` |



Updates `mcp` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.22.0...v1.23.0)

Updates `pypdf` from 6.0.0 to 6.8.0
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.0.0...6.8.0)

Updates `lxml-html-clean` from 0.3.1 to 0.4.4
- [Changelog](https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst)
- [Commits](fedora-python/lxml_html_clean@0.3.1...0.4.4)

Updates `simpleeval` from 1.0.3 to 1.0.5
- [Release notes](https://github.com/danthedeckie/simpleeval/releases)
- [Commits](danthedeckie/simpleeval@1.0.3...1.0.5)

Updates `authlib` from 1.6.6 to 1.6.7
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.6...v1.6.7)

Updates `flask` from 3.0.3 to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.0.3...3.1.3)

Updates `langchain-text-splitters` from 0.3.7 to 0.3.9
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-text-splitters==0.3.7...langchain-text-splitters==0.3.9)

Updates `pillow` from 12.1.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.0...12.1.1)

Updates `torch` from 2.2.2 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.2.2...v2.8.0)

Updates `unstructured` from 0.16.23 to 0.18.18
- [Release notes](https://github.com/Unstructured-IO/unstructured/releases)
- [Changelog](https://github.com/Unstructured-IO/unstructured/blob/main/CHANGELOG.md)
- [Commits](Unstructured-IO/unstructured@0.16.23...0.18.18)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pypdf
  dependency-version: 6.8.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: lxml-html-clean
  dependency-version: 0.4.4
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: simpleeval
  dependency-version: 1.0.5
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.7
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langchain-text-splitters
  dependency-version: 0.3.9
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: unstructured
  dependency-version: 0.18.18
  dependency-type: direct:production
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/uv-8b0c179657 branch from 676402b to 46eed75 Compare March 14, 2026 06:21
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 26, 2026

Superseded by #42.

@dependabot dependabot Bot closed this Mar 26, 2026
@dependabot dependabot Bot deleted the dependabot/uv/uv-8b0c179657 branch March 26, 2026 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants