Skip to content

chore(deps): bump the uv group across 5 directories with 6 updates#3828

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/packages/opentelemetry-instrumentation-crewai/uv-a3a3fe4330
Open

chore(deps): bump the uv group across 5 directories with 6 updates#3828
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/packages/opentelemetry-instrumentation-crewai/uv-a3a3fe4330

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps the uv group with 4 updates in the /packages/opentelemetry-instrumentation-crewai directory: langgraph, orjson, pyasn1 and pypdf.
Bumps the uv group with 1 update in the /packages/opentelemetry-instrumentation-mcp directory: authlib.
Bumps the uv group with 1 update in the /packages/opentelemetry-instrumentation-voyageai directory: orjson.
Bumps the uv group with 3 updates in the /packages/opentelemetry-instrumentation-writer directory: orjson, authlib and black.
Bumps the uv group with 4 updates in the /packages/sample-app directory: langgraph, pyasn1, pypdf and authlib.

Updates langgraph from 1.0.6 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

  • release: Candidate (#6947)
  • Merge commit from fork
  • chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
  • chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

  • release: langgraph + prebuilt (#6875)
  • fix: sequential interrupt handling w/ functional API (#6863)
  • chore: state_updated_at sort by (#6857)
  • chore: bump orjson (#6852)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
  • chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
  • chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
  • chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
  • chore: server runtime type (#6774)
  • refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph==1.0.8

Changes since 1.0.7

  • release(langgraph): 1.0.8 (#6757)
  • chore: shallow copy futures (#6755)
  • fix: pydantic messages double streaming (#6753)
  • chore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (#6673)
  • chore: Omit lock when using connection pool (#6734)
  • docs: enhance Runtime and ToolRuntime class descriptions for clarity (#6689)
  • docs: add clarity to use of thread_id (#6515)
  • docs: add docstrings to add_node overloads (#6514)
  • docs: update notebook links and add archival notices for examples (#6720)
  • release(cli): 0.4.12 (#6716)

langgraph-prebuilt==1.0.8

Changes since prebuilt==1.0.7

  • release: langgraph + prebuilt (#6875)
  • fix: inject ToolRuntime for dynamically registered tools (#6874)
  • chore: bump orjson (#6852)
  • chore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (#6849)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (#6810)
  • chore: server runtime type (#6774)
  • docs(prebuilt): update warning for create_react_agent (#6760)
  • release(langgraph): 1.0.8 (#6757)

... (truncated)

Commits
  • a04ec5d release: Candidate (#6947)
  • 50df7d4 Merge commit from fork
  • c4a4a46 chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • f178eb8 fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...
  • 48167d7 chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (#6920)
  • 806878a chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...
  • 8087e6a docs(sdk-py): update auth docstrings to default-deny pattern (#6933)
  • 8fbdb14 release(sdk-py): 0.3.9 (#6932)
  • 5093802 chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...
  • b89ef60 feat(sdk-py): add extract parameter to threads.search() (#6880)
  • Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates pyasn1 from 0.6.2 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
  • Fixed OverflowError from oversized BER length field.
  • Fixed DeprecationWarning stacklevel for deprecated attributes.
  • Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

Commits
  • af65c3b Prepare release 0.6.3
  • 5a49bd1 Merge commit from fork
  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
  • d7cb42d Fix OverflowError from oversized BER length field (#100)
  • See full diff in compare view

Updates pypdf from 6.7.4 to 6.9.1

Release notes

Sourced from pypdf's releases.

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

Full Changelog

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Performance Improvements (PI)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681) by @​stefan6419846
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @​j-t-1

Full Changelog

Version 6.8.0, 2026-03-09

What's new

Security (SEC)

New Features (ENH)

Documentation (DOC)

Full Changelog

Version 6.7.5, 2026-03-02

What's new

Security (SEC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.9.1, 2026-03-17

Security (SEC)

  • Improve performance and limit length of array-based content streams (#3686)

Full Changelog

Version 6.9.0, 2026-03-15

New Features (ENH)

  • Expose /Perms verification result on Encryption object (#3672)

Performance Improvements (PI)

  • Fix O(n²) performance in NameObject read/write (#3679)
  • Batch-parse all objects in ObjStm on first access (#3677)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681)
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529)

Full Changelog

Version 6.8.0, 2026-03-09

Security (SEC)

  • Limit allowed /Length value of stream (#3675)

New Features (ENH)

  • Add /IRT (in-reply-to) support for markup annotations (#3631)

Documentation (DOC)

  • Avoid using PageObject.replace_contents on PdfReader (#3669)
  • Document how to disable jbig2dec calls

Full Changelog

Version 6.7.5, 2026-03-02

Security (SEC)

  • Improve the performance of the ASCIIHexDecode filter (#3666)

Full Changelog

Commits
  • 0e5157c REL: 6.9.1
  • 0b5d05d SEC: Improve performance and limit length of array-based content streams (#3686)
  • 87aa1d4 DEV: Remove unused reverse encoding dicts (#3685)
  • 84f5266 MAINT: Use placeholder-based approach for logger_error (#3673)
  • 8f1f4aa REL: 6.9.0
  • 5a9a0da BUG: Avoid sharing array-based content streams between pages (#3681)
  • a3451e8 ENH: Expose /Perms verification result on Encryption object (#3672)
  • 3a4e913 PI: Fix O(n²) performance in NameObject read/write (#3679)
  • cf2e518 PI: Batch-parse all objects in ObjStm on first access (#3677)
  • 2cfcd7e BUG: Avoid accessing invalid page when inserting blank page under some condit...
  • Additional commits viewable in compare view

Updates authlib from 1.6.6 to 1.6.9

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

  • Add EdDSA to default jwt instance.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.7.0

Unreleased

  • Add support for OpenID Connect RP-Initiated Logout 1.0 <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>_. See :ref:specs/rpinitiated for details. :issue:500
  • Per RFC 6749 Section 3.3, the scope parameter is now optional at both authorization and token endpoints. client.get_allowed_scope() is called to determine the default scope when omitted. :issue:845
  • Stop support for Python 3.9, start support Python 3.14. :pr:850
  • Allow AuthorizationServerMetadata.validate() to compose with RFC extension classes.
  • Fix expires_at=0 being incorrectly treated as None. :issue:530
  • Allow ResourceProtector decorator to be used without parentheses. :issue:604
  • Implement RFC9700 PKCE downgrade countermeasure.
  • Set User-Agent header when fetching server metadata and JWKs. :issue:704
  • RFC7523 accepts the issuer URL as a valid audience. :issue:730

Upgrade Guide: :ref:joserfc_upgrade.

Commits
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • 5be3c51 fix(jose): add ES256K into default jwt algorithms
  • 48b345f fix(jose): remove deprecated algorithm from default registry
  • a5d4b2d fix(jose): do not use header's jwk automatically
  • a769f34 chore: release 1.6.8
  • 84f3fa2 fix: add EdDSA to default jwt algorithms
  • 38e872a chore: release 1.6.7
  • b87c32e fix: remove "none" algorithm from default jwt instance
  • See full diff in compare view

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates authlib from 1.6.7 to 1.6.9

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

  • Add EdDSA to default jwt instance.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.7.0

Unreleased

  • Add support for OpenID Connect RP-Initiated Logout 1.0 <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>_. See :ref:specs/rpinitiated for details. :issue:500
  • Per RFC 6749 Section 3.3, the scope parameter is now optional at both authorization and token endpoints. client.get_allowed_scope() is called to determine the default scope when omitted. :issue:845
  • Stop support for Python 3.9, start support Python 3.14. :pr:850
  • Allow AuthorizationServerMetadata.validate() to compose with RFC extension classes.
  • Fix expires_at=0 being incorrectly treated as None. :issue:530
  • Allow ResourceProtector decorator to be used without parentheses. :issue:604
  • Implement RFC9700 PKCE downgrade countermeasure.
  • Set User-Agent header when fetching server metadata and JWKs. :issue:704
  • RFC7523 accepts the issuer URL as a valid audience. :issue:730

Upgrade Guide: :ref:joserfc_upgrade.

Commits
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • 5be3c51 fix(jose): add ES256K into default jwt algorithms
  • 48b345f fix(jose): remove deprecated algorithm from default registry
  • a5d4b2d fix(jose): do not use header's jwk automatically
  • a769f34 chore: release 1.6.8
  • 84f3fa2 fix: add EdDSA to default jwt algorithms
  • 38e872a chore: release 1.6.7
  • b87c32e fix: remove "none" algorithm from default jwt instance
  • See full diff in compare view

Updates black from 25.12.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

... (truncated)

Commits

Updates langgraph from 1.0.7 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

  • release: Candidate (#6947)
  • Merge commit from fork
  • chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
  • chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

  • release: langgraph + prebuilt (#6875)
  • fix: sequential interrupt handling w/ functional API (#6863)
  • chore: state_updated_at sort by (#6857)
  • chore: bump orjson (#6852)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
  • chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
  • chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
  • chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
  • chore: server runtime type (#6774)
  • refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph==1.0.8

Changes since 1.0.7

  • release(langgraph): 1.0.8 (#6757)
  • chore: shallow copy futures (#6755)
  • fix: pydantic messages double streaming (#6753)
  • chore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (#6673)
  • chore: Omit lock when using connection pool (#6734)
  • docs: enhance Runtime and ToolRuntime class descriptions for clarity (#6689)
  • docs: add clarity to use of thread_id (#6515)
  • docs: add docstrings to add_node overloads (#6514)
  • docs: update notebook links and add archival notices for examples (#6720)
  • release(cli): 0.4.12 (#6716)

langgraph-prebuilt==1.0.8

Changes since prebuilt==1.0.7

  • release: langgraph + prebuilt (#6875)
  • fix: inject ToolRuntime for dynamically registered tools (#6874)
  • chore: bump orjson (#6852)
  • chore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (#6849)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (#6810)
  • chore: server runtime type (#6774)
  • docs(prebuilt): update warning for create_react_agent (#6760)
  • release(langgraph): 1.0.8 (#6757)

... (truncated)

Commits
  • a04ec5d release: Candidate (#6947)
  • 50df7d4 Merge commit from fork
  • c4a4a46 chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • f178eb8 fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...
  • 48167d7 chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (#6920)
  • 806878a chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...
  • 8087e6a docs(sdk-py): update auth docstrings to default-deny pattern (#6933)
  • 8fbdb14 release(sdk-py): 0.3.9 (#6932)
  • 5093802 chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...
  • b89ef60 feat(sdk-py): add extract parameter to threads.search() (#6880)
  • Additional commits viewable in compare view

Updates pyasn1 from 0.6.2 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
  • Fixed OverflowError from oversized BER length field.
  • Fixed DeprecationWarning stacklevel for deprecated attributes.
  • Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

Commits
  • af65c3b Prepare release 0.6.3
  • 5a49bd1 Merge commit from fork
  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
  • d7cb42d Fix OverflowError from oversized BER length field (#100)
  • See full diff in compare view

Updates pypdf from 6.7.4 to 6.9.1

Release notes

Sourced from pypdf's releases.

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

Full Changelog

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Performance Improvements (PI)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681) by @​stefan6419846
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @​j-t-1

Full Changelog

Version 6.8.0, 2026-03-09

What's new

Security (SEC)

New Features (ENH)

Documentation (DOC)

Full Changelog

Version 6.7.5, 2026-03-02

What's new

Security (SEC)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.9.1, 2026-03-17

Security (SEC)

  • Improve performance and limit length of array-based content streams (#3686)

Full Changelog

Version 6.9.0, 2026-03-15

New Features (ENH)

  • Expose /Perms verification result on Encryption object (#3672)

Performance Improvements (PI)

  • Fix O(n²) performance in NameObject read/write (#3679)
  • Batch-parse all objects in ObjStm on first access (#3677)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681)
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529)

Full Changelog

Version 6.8.0, 2026-03-09

Security (SEC)

  • Limit allowed /Length value of stream (#3675)

New Features (ENH)

  • Add /IRT (in-reply-to) support for markup annotations (#3631)

Documentation (DOC)

  • Avoid using PageObject.replace_contents on PdfReader (#3669)
  • Document how to disable jbig2dec calls

Full Changelog

Version 6.7.5, 2026-03-02

Security (SEC)

  • Improve the performance of the ASCIIHexDecode filter (#3666)
    • Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
@dependabot
chore(deps): bump the uv group across 5 directories with 6 updates
bb7f5da 
Bumps the uv group with 4 updates in the /packages/opentelemetry-instrumentation-crewai directory: [langgraph](https://github.com/langchain-ai/langgraph), [orjson](https://github.com/ijl/orjson), [pyasn1](https://github.com/pyasn1/pyasn1) and [pypdf](https://github.com/py-pdf/pypdf).
Bumps the uv group with 1 update in the /packages/opentelemetry-instrumentation-mcp directory: [authlib](https://github.com/authlib/authlib).
Bumps the uv group with 1 update in the /packages/opentelemetry-instrumentation-voyageai directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 3 updates in the /packages/opentelemetry-instrumentation-writer directory: [orjson](https://github.com/ijl/orjson), [authlib](https://github.com/authlib/authlib) and [black](https://github.com/psf/black).
Bumps the uv group with 4 updates in the /packages/sample-app directory: [langgraph](https://github.com/langchain-ai/langgraph), [pyasn1](https://github.com/pyasn1/pyasn1), [pypdf](https://github.com/py-pdf/pypdf) and [authlib](https://github.com/authlib/authlib).


Updates `langgraph` from 1.0.6 to 1.0.10rc1
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@1.0.6...1.0.10rc1)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `pyasn1` from 0.6.2 to 0.6.3
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.6.2...v0.6.3)

Updates `pypdf` from 6.7.4 to 6.9.1
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.4...6.9.1)

Updates `authlib` from 1.6.6 to 1.6.9
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.6...v1.6.9)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `authlib` from 1.6.7 to 1.6.9
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.6...v1.6.9)

Updates `black` from 25.12.0 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.12.0...26.3.1)

Updates `langgraph` from 1.0.7 to 1.0.10rc1
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@1.0.6...1.0.10rc1)

Updates `pyasn1` from 0.6.2 to 0.6.3
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.6.2...v0.6.3)

Updates `pypdf` from 6.7.4 to 6.9.1
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.4...6.9.1)

Updates `authlib` from 1.6.6 to 1.6.9
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.6...v1.6.9)

---
updated-dependencies:
- dependency-name: langgraph
  dependency-version: 1.0.10rc1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pypdf
  dependency-version: 6.9.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
  dependency-group: uv
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
  dependency-group: uv
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
  dependency-group: uv
- dependency-name: langgraph
  dependency-version: 1.0.10rc1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: pypdf
  dependency-version: 6.9.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/packages/opentelemetry-instrumentation-crewai/uv-a3a3fe4330 branch from 6b243bf to bb7f5da Compare March 19, 2026 16:53
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 19, 2026

Dependabot can't resolve your Python dependency files. Because of this, Dependabot cannot update this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants