Skip to content

deps(python): Bump the python-minor group with 7 updates#7354

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-cf3b502953
Open

deps(python): Bump the python-minor group with 7 updates#7354
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-cf3b502953

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Bumps the python-minor group with 7 updates:

Package From To
fastmcp 3.2.4 3.3.1
numpy 2.4.4 2.4.6
anthropic 0.101.0 0.102.0
cachetools 7.1.1 7.1.3
ruff 0.15.12 0.15.13
selenium 4.43.0 4.44.0
webdriver-manager 4.0.2 4.1.1

Updates fastmcp from 3.2.4 to 3.3.1

Release notes

Sourced from fastmcp's releases.

v3.3.1: Loop There It Is

FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like from fastmcp.tools import tool because component modules reached auth and task primitives through fastmcp.server, pulling in the server/provider stack and exposing a circular import.

Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.

What's Changed

Fixes 🐞

Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1

v3.3.0: Slim Reaper

FastMCP 3.3 ships fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.

fastmcp-slim

The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP. fastmcp-slim is a dependency-light distribution that ships the client and transport layer without any of that.

The import namespace is unchanged:

from fastmcp import Client
async with Client("https://example.com/mcp") as client:
result = await client.call_tool("my_tool", {"arg": "value"})

Install fastmcp-slim[client] anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.

Security

The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (/../, /./) that could otherwise bypass prefix checks. And ResponseCachingMiddleware partitions its cache by access token, closing a gap where different users could see each other's cached responses.

Auth

AzureB2CProvider adds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. And OAuthProxy gains a public update_scopes() API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.

Observability

OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (list_tools, list_resources, list_prompts, list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.

Thread Affinity

Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:

... (truncated)

Commits
  • d8dcc27 Decouple component imports from server (#4150)
  • 255e3e4 fix(docs): use valid FA icon on client-only package page (#4139)
  • 73df4dc chore: Update SDK documentation (#4096)
  • ee48a0f Refine fastmcp-slim packaging (#4125)
  • bb4894d Add fastmcp-slim for client-only installs (#4122)
  • 8209093 fix(http): terminate active streamable-HTTP transports before lifespan shutdo...
  • cf59a45 Fix OCI Provider issue in 3.x version. Add OCI auth provider example … (#4116)
  • 89b99ec fix(proxy): fall back to live identifier for backend_* span attributes (#4109)
  • 310314c fix: cli option --no-banner is NOT passed to cli but server-spec in-correctly...
  • 28722f8 fix: drop exc_info for expected tool failures, remove unreachable ValidationE...
  • Additional commits viewable in compare view

Updates numpy from 2.4.4 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • !EarlMilktea
  • Charles Harris
  • Sebastian Berg
  • Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

  • #31444: MAINT: Prepare 2.4.x for further development
  • #31453: BUG: Fix regression in arr.conj()
  • #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
  • #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Aleksei Nikiforov
  • Anarion Zuo +
  • Ankit Ahlawat
  • Breno Favaretto +
  • Charles Harris
  • Igor Krivenko +
  • Ijtihed Kilani +
  • Joren Hammudoglu
  • Maarten Baert +

... (truncated)

Commits
  • b832a09 Merge pull request #31462 from charris/prepare-2.4.6
  • 57cc147 REL: Prepare for the NumPy 2.4.6 release
  • 0c72b0b Merge pull request #31459 from charris/backport-31347
  • 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
  • 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
  • bddaab7 BUG: Fix regression in arr.conj()
  • 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
  • 3c0e043 MAINT: Prepare 2.4.x for further development
  • Additional commits viewable in compare view

Updates anthropic from 0.101.0 to 0.102.0

Release notes

Sourced from anthropic's releases.

v0.102.0

0.102.0 (2026-05-13)

Full Changelog: v0.101.0...v0.102.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (3681f10)
  • api: Add support for cache diagnostics beta (db51c6c)
  • internal/types: support eagerly validating pydantic iterators (68dabb0)

Chores

Changelog

Sourced from anthropic's changelog.

0.102.0 (2026-05-13)

Full Changelog: v0.101.0...v0.102.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (3681f10)
  • api: Add support for cache diagnostics beta (db51c6c)
  • internal/types: support eagerly validating pydantic iterators (68dabb0)

Chores

Commits

Updates cachetools from 7.1.1 to 7.1.3

Changelog

Sourced from cachetools's changelog.

v7.1.3 (2026-05-18)

  • Minor type stub improvements.

  • Update build environment.

v7.1.2 (2026-05-16)

  • Minor type stub improvements.

  • Minor documentation improvements.

  • Modernize build environment.

Commits

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Commits
  • 2afb467 Bump 0.15.13 (#25157)
  • 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
  • 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
  • 2522549 Remove shellcheck from prek (#25154)
  • 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
  • bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
  • 828cdb7 [ty] Isolate file-watching test environment (#25151)
  • 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
  • 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
  • ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
  • Additional commits viewable in compare view

Updates selenium from 4.43.0 to 4.44.0

Release notes

Sourced from selenium's releases.

Selenium 4.44.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits

Updates webdriver-manager from 4.0.2 to 4.1.1

Release notes

Sourced from webdriver-manager's releases.

v4.1.1

4.1.1

This is a focused follow-up release after 4.1.0 to clean up packaging metadata and release documentation.

What’s included

  • Fixed README PyPI badges to use webdriver-manager.
  • Updated package metadata and version alignment for 4.1.1.
  • Standardized release documentation with a new RELEASING.md maintainer runbook.
  • Added Python 3.7 CI coverage to reflect the declared support policy.
  • Kept packaging behavior stable with a minimal setup.py compatibility shim and pyproject.toml as metadata source-of-truth.

Notes

  • No functional driver-resolution changes are included in this release.

v4.1.0

webdriver-manager 4.1.0

This release focuses on stability, platform compatibility, and CI reliability across Chrome/Chromium, Firefox, Edge, and Opera flows.

Highlights

Chrome / Chromium

  • Improved Chrome for Testing (CfT) resolution and fallback behavior.
  • Added robust handling for missing exact build metadata (fallback to milestone-level metadata).
  • Added safer metadata parsing paths and improved error messages.
  • Improved Windows platform selection: prefer win64 on 64-bit hosts with safe fallback to win32 when needed.

Firefox

  • Fixed Linux ARM64 (aarch64) mapping to use correct linux-aarch64 GeckoDriver artifacts.
  • Improved architecture detection stability for ARM/Linux environments.

Edge

  • Updated Edge driver source endpoint and improved OS/platform mapping behavior.

Opera

  • Fixed install flow when cache returns a direct binary path (prevents NotADirectoryError).
  • Improved cache/extraction resilience for file-vs-directory conflicts in extracted archives.

Cache / Concurrency / Download Stability

  • Reduced repeated metadata/network lookups by caching resolved driver version internally.
  • Added inter-process locking and post-lock cache recheck to prevent concurrent install races.
  • Improved extraction robustness in concurrent/busy-file scenarios.
  • Improved cache path fallback behavior for read-only/invalid HOME environments (Docker/serverless/PyInstaller-related cases).

Logger

  • set_logger() now accepts logger-like objects exposing log(level, message) (not only logging.Logger).

... (truncated)

Changelog

Sourced from webdriver-manager's changelog.

4.1.1

Packaging

  • Fixed package metadata shown on PyPI.
  • Added Python version classifiers for currently supported Python versions.
  • Removed obsolete universal wheel metadata.
  • Ensured release metadata better reflects the current Python support policy.

Docs

  • Fixed PyPI badge package name in README.
  • Updated README badges to use the published package name webdriver-manager.

Notes

  • No functional driver-resolution changes are included in this release.
  • This is a packaging and documentation cleanup release following 4.1.0.

4.1.0

Compatibility

  • Added support for Python 3.12, 3.13, and 3.14.
  • Added CI coverage for Python 3.15.0-beta.1.
  • Kept compatibility with both Selenium 3 and Selenium 4 usage patterns.
  • Improved Chrome / Chromium / Brave support for Chrome 115+ and Chrome for Testing driver resolution.
  • Improved Microsoft Edge driver resolution through updated endpoint handling and platform mapping.
  • Improved Firefox/geckodriver resolution on Linux ARM64.
  • Improved Windows browser version detection through safer PowerShell command execution.
  • Improved Docker, CI, and serverless compatibility when default cache locations are unavailable or read-only.

Fixes

  • Chrome/Chromium: improved Chrome for Testing resolution and fallbacks for missing exact build metadata, readable errors, and stable URL resolution. (#706, #685, #639)
  • Chrome on Windows: prefer win64 on 64-bit hosts with safe fallback to win32 when the win64 asset is unavailable. (#647, #686)
  • Edge: updated driver endpoint and improved OS/platform mapping for driver artifacts. (#697)
  • Firefox on Linux ARM64: prefer linux-aarch64 geckodriver to avoid architecture mismatch. (#616)
  • Windows browser version detection: switched to PowerShell -EncodedCommand flow to avoid quoting and expansion failures in browser version probes. (#625)
  • Opera driver install path handling when cache already returns a binary file path, preventing NotADirectoryError caused by directory-only assumptions. (#730)
  • Cache reliability: avoid remote version lookup when a valid browser-version cache entry already exists. (#661)
  • Cache stability: cache resolved driver version inside the cache manager to reduce repeated metadata and network requests. (#656)
  • Concurrency: added an inter-process install lock with post-lock cache recheck to prevent parallel download and unpack races such as BadZipFile and startup failures. (#700, #631)
  • Archive extraction robustness: improved zip fallback handling in concurrent or busy-file scenarios.
  • Docker/serverless cache path safety: fall back to a writable temp directory when HOME or project-root cache targets are invalid or read-only. (#636, #651, #682, #694)
  • Binary selection safety: prevent selecting non-executable companion files such as THIRD_PARTY_NOTICES.* as driver executables. (#667, #670, #683, #699)
  • Logger API: set_logger() now accepts logger-like objects exposing log(level, message), not only logging.Logger. (#688)

... (truncated)

Commits
  • 179faa0 chore(release): prepare 4.1.1 metadata/docs cleanup and release workflow upda...
  • 4af0ce1 chore(security): refresh uv lock for requests and python-dotenv (#733)
  • 4f760b4 fix deploy (#731)
  • 64dd527 chore(release): prepare 4.1.0 docs, CI and changelog (#729)
  • 8651fa2 Fix Ubuntu Opera cache extraction conflict causing NotADirectoryError (#730)
  • 5554e6d Fix 3.15 ci job (#728)
  • f5f1d2b CI: modernize release pipeline and refresh GitHub Actions versions (#727)
  • 8433db7 Allow third-party logger-like objects in set_logger (#688) (#726)
  • f00c062 fix(concurrency): add inter-process install lock and cache recheck to prevent...
  • 971da2b fix(chrome): add robust CfT JSON parsing fallback for compressed responses (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(python): Bump the python-minor group with 7 updates
147b9f5 
Bumps the python-minor group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.2.4` | `3.3.1` |
| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.101.0` | `0.102.0` |
| [cachetools](https://github.com/tkem/cachetools) | `7.1.1` | `7.1.3` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |
| [selenium](https://github.com/SeleniumHQ/Selenium) | `4.43.0` | `4.44.0` |
| [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) | `4.0.2` | `4.1.1` |


Updates `fastmcp` from 3.2.4 to 3.3.1
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.2.4...v3.3.1)

Updates `numpy` from 2.4.4 to 2.4.6
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.4...v2.4.6)

Updates `anthropic` from 0.101.0 to 0.102.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.101.0...v0.102.0)

Updates `cachetools` from 7.1.1 to 7.1.3
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v7.1.1...v7.1.3)

Updates `ruff` from 0.15.12 to 0.15.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.13)

Updates `selenium` from 4.43.0 to 4.44.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.43.0...selenium-4.44.0)

Updates `webdriver-manager` from 4.0.2 to 4.1.1
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](SergeyPirogov/webdriver_manager@v4.0.2...v4.1.1)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: numpy
  dependency-version: 2.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: anthropic
  dependency-version: 0.102.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: cachetools
  dependency-version: 7.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: ruff
  dependency-version: 0.15.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: selenium
  dependency-version: 4.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: webdriver-manager
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python labels May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants