chore(deps): bump the security-updates group across 1 directory with 2 updates by dependabot[bot] · Pull Request #5993 · crewAIInc/crewAI

dependabot · 2026-06-01T07:14:16Z

Bumps the security-updates group with 2 updates in the / directory: chromadb and authlib.

Updates chromadb from 1.1.1 to 1.5.9

Release notes

1.5.9

Version: 1.5.9 Git ref: refs/tags/1.5.9 Build Date: 2026-05-05T05:55 PIP Package: chroma-1.5.9.tar.gz Github Container Registry Image: :1.5.9 DockerHub Image: :1.5.9

What's Changed

ENH: block functions on topology dbs by @rescrv in chroma-core/chroma#6836

ENH: Add Tilt fault injection CLI by @rescrv in chroma-core/chroma#6881

[CHORE] Debug TimeoutError in test_add.py by @rescrv in chroma-core/chroma#6905

[ENH]: Enable rebuilds for sharded collections by @tanujnay112 in chroma-core/chroma#6916

[ENH]: Group by support with sharding by @sanketkedia in chroma-core/chroma#6909

[CHORE]: Denormalize tenant and database into collection_compaction_cursors table by @tanujnay112 in chroma-core/chroma#6940

[CHORE] Use normalized record sets for test add by @rescrv in chroma-core/chroma#6935

[ENH]: Add workflow to build and publish service container images by @jasonvigil in chroma-core/chroma#6944

[ENH] - Updates language around Chroma Cloud to be more representative. by @tjkrusinskichroma in chroma-core/chroma#6952

[ENH]: Add change stream to collection compaction cursors by @tanujnay112 in chroma-core/chroma#6955

[BUG] Switch to storing DOCKERHUB_USERNAME as var by @jasonvigil in chroma-core/chroma#6962

[CHORE]: Standardize Tilt CI image build on root docker-bake.hcl by @jasonvigil in chroma-core/chroma#6958

[BUG]: Rename database on soft delete by @tanujnay112 in chroma-core/chroma#6943

Revert "[CHORE]: Standardize Tilt CI image build on root docker-bake.hcl" by @jasonvigil in chroma-core/chroma#6965

ENH: name and size all worker threads by @rescrv in chroma-core/chroma#6936

BUG: simplify flaky indexing progress test by @rescrv in chroma-core/chroma#6968

[CHORE] stabilize Tilt dev environment configs by @rescrv in chroma-core/chroma#6937

BUG: use correct version file per collection in ancestor walk by @rescrv in chroma-core/chroma#6970

[ENH] Add SparsePostingBlock by @HammadB in chroma-core/chroma#6823

[ENH] Add basic maxscore writer/reader by @HammadB in chroma-core/chroma#6825

[ENH] Add maxscore lazy cursor by @HammadB in chroma-core/chroma#6829

[ENH] Add SIMD for maxscore by @Sicheng-Pan in chroma-core/chroma#6865

[ENH] Benchmark maxscore by @Sicheng-Pan in chroma-core/chroma#6866

[ENH] Add maxscore option in schema by @Sicheng-Pan in chroma-core/chroma#6878

[ENH] Add maxscore index to metadata segment by @Sicheng-Pan in chroma-core/chroma#6880

[ENH] Wire maxscore reader in search by @Sicheng-Pan in chroma-core/chroma#6899

[PERF] Batch load lazy cursor by @Sicheng-Pan in chroma-core/chroma#6974

ENH: add MCMR support for log GC by @rescrv in chroma-core/chroma#6946

ENH: parameterize multi-region config by @rescrv in chroma-core/chroma#6951

[CHORE] fix merge conflict in main by @rescrv in chroma-core/chroma#6986

[ENH]: Refactor offset_id to be a mutable AtomicU32 in record by @tanujnay112 in chroma-core/chroma#6922

ENH: add spanner-cli wrapper binary by @rescrv in chroma-core/chroma#6959

BUG: preserve legacy hnsw: metadata keys by @rescrv in chroma-core/chroma#6953

[TST] refactor repair collection log offset test by @rescrv in chroma-core/chroma#6954

TST: add MCMR hard delete test by @rescrv in chroma-core/chroma#6947

ENH: defer Spanner init to first use by @rescrv in chroma-core/chroma#6915

[CHORE]: Denormalize is_deleted in mcmr by @tanujnay112 in chroma-core/chroma#6989

[BUG] Reject NaN/Infinity in base64-encoded embeddings by @philipithomas in chroma-core/chroma#6664

Revert "TST: add MCMR hard delete test" by @rescrv in chroma-core/chroma#6992

[ENH] Verify file path for compaction by @Sicheng-Pan in chroma-core/chroma#6991

[DOC]: Document file-upload sync API, AWS credential reuse, and EU region by @philipithomas in chroma-core/chroma#6988

... (truncated)

Commits

11f3c74 [RELEASE] CLI 1.4.4 Python 1.5.9 JS 3.4.5 (#7018)
f16d06a [ENH]: add client header to Gemini embedding functions (#6990)
b7cb6ac [CHORE]: Remove foundation/ from chroma (#7017)
bec3105 ENH: Add login, logout, and whoami commands (#7007)
1251ff7 [DOC] Add CLAUDE.md, AGENTS.md, scoped Rust rule (#7010)
f4bbbf2 [BLD] Add foundation CLI install script (#7005)
2c8f49f ENH: move foundation/ to top-level so rust/** filters skip it (#7008)
51eebdb [ENH] scaffold foundation CLI project (#6999)
874b700 ENH: GC empty MCMR collections (#6961)
aedf9a6 ENH: Add read-only backend failover (#6985)
Additional commits viewable in compare view

Updates authlib from 1.6.11 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.6.12

Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant. Full Changelog: authlib/authlib@v1.6.11...v1.6.12

Changelog

Sourced from authlib's changelog.

Version 1.6.12

Released on may 4, 2026

Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Commits

e46e515 chore: bump to 1.6.12
9babc13 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
See full diff in compare view

…2 updates Bumps the security-updates group with 2 updates in the / directory: [chromadb](https://github.com/chroma-core/chroma) and [authlib](https://github.com/authlib/authlib). Updates `chromadb` from 1.1.1 to 1.5.9 - [Release notes](https://github.com/chroma-core/chroma/releases) - [Changelog](https://github.com/chroma-core/chroma/blob/main/RELEASE_PROCESS.md) - [Commits](chroma-core/chroma@1.1.1...1.5.9) Updates `authlib` from 1.6.11 to 1.6.12 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.11...1.6.12) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.6.12 dependency-type: indirect dependency-group: security-updates - dependency-name: chromadb dependency-version: 1.5.9 dependency-type: direct:production dependency-group: security-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-03T16:49:23Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 1, 2026

github-actions Bot added the size/XS label Jun 1, 2026

dependabot Bot force-pushed the dependabot/uv/security-updates-4c1dfa05c0 branch 2 times, most recently from 8b2710e to 450af33 Compare June 2, 2026 17:06

dependabot Bot force-pushed the dependabot/uv/security-updates-4c1dfa05c0 branch from 450af33 to 11565ad Compare June 2, 2026 22:40

dependabot Bot closed this Jun 3, 2026

dependabot Bot deleted the dependabot/uv/security-updates-4c1dfa05c0 branch June 3, 2026 16:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the security-updates group across 1 directory with 2 updates#5993

chore(deps): bump the security-updates group across 1 directory with 2 updates#5993
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/security-updates-4c1dfa05c0

dependabot Bot commented on behalf of github Jun 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.5.9

What's Changed

v1.6.12

Version 1.6.12

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 1, 2026 •

edited

Loading