Skip to content

Bump the uv group across 3 directories with 5 updates #3220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the uv group across 3 directories with 5 updates #3220

dependabot wants to merge 1 commit into from
+1,718 −360

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 16, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the uv group with 3 updates in the /src/time directory: mcp, h11 and starlette.
Bumps the uv group with 3 updates in the /src/git directory: mcp, h11 and starlette.
Bumps the uv group with 5 updates in the /src/fetch directory:

Package From To
mcp 1.2.0 1.23.0
h11 0.14.0 0.16.0
starlette 0.41.2 0.49.1
requests 2.32.3 2.32.4
urllib3 2.2.3 2.6.3

Updates mcp from 1.0.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

Updates starlette from 0.41.3 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Version 0.48.0

Added

  • Add official Python 3.14 support #3013.

Changed

New Contributors

Full Changelog: Kludex/starlette@0.47.3...0.48.0

... (truncated)

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

0.48.0 (September 13, 2025)

Added

  • Add official Python 3.14 support #3013.

Changed

0.47.3 (August 24, 2025)

Fixed

  • Use asyncio.iscoroutinefunction for Python 3.12 and older #2984.

0.47.2 (July 20, 2025)

Fixed

  • Make UploadFile check for future rollover #2962.

0.47.1 (June 21, 2025)

Fixed

  • Use Self in TestClient.__enter__ #2951.
  • Allow async exception handlers to type-check #2949.

... (truncated)

Commits

Updates mcp from 1.1.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

Updates starlette from 0.41.3 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Version 0.48.0

Added

  • Add official Python 3.14 support #3013.

Changed

New Contributors

Full Changelog: Kludex/starlette@0.47.3...0.48.0

... (truncated)

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

0.48.0 (September 13, 2025)

Added

  • Add official Python 3.14 support #3013.

Changed

0.47.3 (August 24, 2025)

Fixed

  • Use asyncio.iscoroutinefunction for Python 3.12 and older #2984.

0.47.2 (July 20, 2025)

Fixed

  • Make UploadFile check for future rollover #2962.

0.47.1 (June 21, 2025)

Fixed

  • Use Self in TestClient.__enter__ #2951.
  • Allow async exception handlers to type-check #2949.

... (truncated)

Commits

Updates mcp from 1.2.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

Updates starlette from 0.41.2 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Version 0.48.0

Added

  • Add official Python 3.14 support #3013.

Changed

New Contributors

Full Changelog: Kludex/starlette@0.47.3...0.48.0

... (truncated)

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

0.48.0 (September 13, 2025)

Added

  • Add official Python 3.14 support #3013.

Changed

0.47.3 (August 24, 2025)

Fixed

  • Use asyncio.iscoroutinefunction for Python 3.12 and older #2984.

0.47.2 (July 20, 2025)

Fixed

  • Make UploadFile check for future rollover #2962.

0.47.1 (June 21, 2025)

Fixed

  • Use Self in TestClient.__enter__ #2951.
  • Allow async exception handlers to type-check #2949.

... (truncated)

Commits

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)
Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.1...

    Description has been truncated

@dependabot
Bump the uv group across 3 directories with 5 updates
09509b3 
Bumps the uv group with 3 updates in the /src/time directory: [mcp](https://github.com/modelcontextprotocol/python-sdk), [h11](https://github.com/python-hyper/h11) and [starlette](https://github.com/Kludex/starlette).
Bumps the uv group with 3 updates in the /src/git directory: [mcp](https://github.com/modelcontextprotocol/python-sdk), [h11](https://github.com/python-hyper/h11) and [starlette](https://github.com/Kludex/starlette).
Bumps the uv group with 5 updates in the /src/fetch directory:

| Package | From | To |
| --- | --- | --- |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.2.0` | `1.23.0` |
| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |
| [starlette](https://github.com/Kludex/starlette) | `0.41.2` | `0.49.1` |
| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |



Updates `mcp` from 1.0.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.0.0...v1.23.0)

Updates `h11` from 0.14.0 to 0.16.0
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

Updates `starlette` from 0.41.3 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.41.3...0.49.1)

Updates `mcp` from 1.1.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.0.0...v1.23.0)

Updates `h11` from 0.14.0 to 0.16.0
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

Updates `starlette` from 0.41.3 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.41.3...0.49.1)

Updates `mcp` from 1.2.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.0.0...v1.23.0)

Updates `h11` from 0.14.0 to 0.16.0
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

Updates `starlette` from 0.41.2 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.41.3...0.49.1)

Updates `requests` from 2.32.3 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.32.4)

Updates `urllib3` from 2.2.3 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.3...2.6.3)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 16, 2026
@koic koic mentioned this pull request Jan 17, 2026
Merged
12 tasks
@koic
Copy link
Member

koic commented Jan 17, 2026

This build error will likely be resolved in #3222.

olaservo pushed a commit that referenced this pull request Jan 17, 2026
@koic
fix(time): Fix McpError constructor usage in time server
9c9813d 
Fixes CI failures in PR #3220.

PR #3220 updated `mcp` library from 1.0.0 to 1.23.0, which caused test
failures due to a breaking change in `McpError` constructor API.

The `McpError` constructor now expects an `ErrorData` object instead of
a plain string message. This commit fixes the usage in `get_zoneinfo()`
function to use `ErrorData(code=INVALID_PARAMS, message=...)`.

```console
Error before fix:
  AttributeError: 'str' object has no attribute 'message'
```

Also updates `mcp` dependency to >=1.23.0 in pyproject.toml to ensure
compatibility with the new API.
@olaservo
Copy link
Member

olaservo commented Jan 17, 2026

@copilot can you resolve the conflicts?

Copilot AI mentioned this pull request Jan 17, 2026
Draft
12 tasks
Copy link

Copilot AI commented Jan 17, 2026

@olaservo I've opened a new pull request, #3223, to work on those changes. Once the pull request is ready, I'll request review from you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@koic @olaservo