chore(deps): bump the minor-and-patch group across 1 directory with 4 updates (ty held back)

[dependabot]

Bumps the minor-and-patch group with 5 updates in the /libs/sdk-py directory:

Package	From	To
orjson	3.11.7	3.11.8
ruff	0.15.6	0.15.12
mypy	1.19.1	1.20.2
ty	0.0.23	0.0.32
pydantic	2.12.5	2.13.3

Updates orjson from 3.11.7 to 3.11.8

Release notes

Sourced from orjson's releases.

3.11.8

Changed

• Build and compatibility improvements.

Changelog

Sourced from orjson's changelog.

3.11.8 - 2026-03-31

Changed

• Build and compatibility improvements.

Commits

• 5cbb3d0 3.11.8
• 4195d7f writer::half
• d00641b writer::uuid
• c84d9b4 build and compatibility misc
• 4547234 ffi::numpy
• 0d4a5ad datetime PyRef idiom
• e93a13d Cross-compile avoids maturin v1.12 build-details.json error
• See full diff in compare view

Updates ruff from 0.15.6 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates mypy from 1.19.1 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates ty from 0.0.23 to 0.0.32

Release notes

Sourced from ty's releases.

0.0.32

Release Notes

Released on 2026-04-20.

Bug fixes

• Fix panic when __get__ uses Concatenate self-type and wraps a __call__ (#24692)
• Avoid panicking on overloaded Callable type context (#24661)
• Expand class bases in per-base lint checks (#24695, #24699)
• Fix stack overflow for binary operator inference involving recursive types (#24551)

LSP server

• Dim out unreachable code in IDEs (#24580)
• Do not suggest argument completion when typing the value of a keyword argument (#24669)
• Retrieve the docstring from the overload implementation if an @overload-decorated function has no docstring (#23920)

Core type checking

• Allow if statements in TypedDict bodies (#24702)
• Disallow @disjoint_base on TypedDicts and Protocols (#24671)
• Do not consider a subclass of a @dataclass_transform-decorated class to have dataclass-like semantics if it has type in its MRO (#24679)
• Reject using properties with Never setters or deleters (#24510)
• Sync vendored typeshed stubs (#24646). Typeshed diff

Diagnostics

• Show error context for assignability diagnostics (#24309)
• Use partially qualified names when reporting diagnostics regarding bad calls to methods (#24560)
• Reduce source code context window to zero (#24689)
• Merge same-file annotations if there is only a single line separating them (#24694)

Performance

• Memoize binary operator return types (#24700)
• Gate protocol compatibility on member count (#24684)

Contributors

• @​JelleZijlstra
• @​kc0506
• @​denyszhak
• @​carljm
• @​dcreager
• @​AlexWaygood
• @​dylwil3
• @​charliermarsh
• @​sharkdp
• @​ibraheemdev

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.32

Released on 2026-04-20.

Bug fixes

• Fix panic when __get__ uses Concatenate self-type and wraps a __call__ (#24692)
• Avoid panicking on overloaded Callable type context (#24661)
• Expand class bases in per-base lint checks (#24695, #24699)
• Fix stack overflow for binary operator inference involving recursive types (#24551)

LSP server

• Dim out unreachable code in IDEs (#24580)
• Do not suggest argument completion when typing the value of a keyword argument (#24669)
• Retrieve the docstring from the overload implementation if an @overload-decorated function has no docstring (#23920)

Core type checking

• Allow if statements in TypedDict bodies (#24702)
• Disallow @disjoint_base on TypedDicts and Protocols (#24671)
• Do not consider a subclass of a @dataclass_transform-decorated class to have dataclass-like semantics if it has type in its MRO (#24679)
• Reject using properties with Never setters or deleters (#24510)
• Sync vendored typeshed stubs (#24646). Typeshed diff

Diagnostics

• Show error context for assignability diagnostics (#24309)
• Use partially qualified names when reporting diagnostics regarding bad calls to methods (#24560)
• Reduce source code context window to zero (#24689)
• Merge same-file annotations if there is only a single line separating them (#24694)

Performance

• Memoize binary operator return types (#24700)
• Gate protocol compatibility on member count (#24684)

Contributors

• @​JelleZijlstra
• @​kc0506
• @​denyszhak
• @​carljm
• @​dcreager
• @​AlexWaygood
• @​dylwil3
• @​charliermarsh
• @​sharkdp
• @​ibraheemdev

... (truncated)

Commits

• 4d1e1fc Bump version to 0.0.32 (#3302)
• a537bde Update PyO3/maturin-action action to v1.51.0 (#3300)
• 81e4125 Update actions/upload-artifact action to v7.0.1 (#3296)
• a9dd1cb Update docker/build-push-action action to v7.1.0 (#3299)
• ef0a7dd Update actions/github-script action to v9 (#3301)
• 74f0583 Update astral-sh/setup-uv action to v8.1.0 (#3298)
• 82799cc Update prek dependencies (#3297)
• daaa404 Bump version to 0.0.31 (#3280)
• 12e86b5 Bump version to 0.0.30 (#3270)
• 67077ad Reorder sections in FAQ (#3267)
• Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

... (truncated)

Commits

• 9e9a111 Fix backported test
• 1ec8c6a Prepare release v2.13.3
• fb4f204 Handle AttributeError subclasses with from_attributes
• ca3ddd1 Prepare release v2.13.2
• 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
• d45d8be Prepare release 2.13.1
• 54aca60 Fix ValidationInfo.data missing with model_validate_json()
• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[John Kennedy (jkennedyvz)]

Pushed a follow-up that holds back the ty bump (0.0.23 → 0.0.32) while keeping the other four updates in this group (orjson, ruff, mypy, pydantic).

Why: ty is pre-1.0 (0.0.x) and the 0.23 → 0.32 jump introduces 22 new diagnostics across langgraph_sdk/ and tests/ — including breakages on lines that already carry # type: ignore[...] suppressions. That's out of scope for a Dependabot bump and was failing the cd libs/sdk-py / lint #3.12 check.

Verified locally: uv run --frozen --group lint ty check . and ruff check . both pass with ty==0.0.23.

Note: A subsequent @dependabot rebase will overwrite this commit. The ty bump can come through separately once the new diagnostics are triaged.