Skip to content

Comments

Build(deps): Bump the uv group across 2 directories with 4 updates#222

Merged
luarss merged 1 commit intomasterfrom
dependabot/uv/backend/uv-c6541e0c24
Feb 21, 2026
Merged

Build(deps): Bump the uv group across 2 directories with 4 updates#222
luarss merged 1 commit intomasterfrom
dependabot/uv/backend/uv-c6541e0c24

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 21, 2026

Bumps the uv group with 2 updates in the /backend directory: nltk and google-cloud-aiplatform.
Bumps the uv group with 2 updates in the /frontend directory: flask and werkzeug.

Updates nltk from 3.9.1 to 3.9.2

Changelog

Sourced from nltk's changelog.

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)
  • Remove unused tool scripts (#3099)
  • Resolve XSS vulnerability in localhost WordNet Browser (#3096)
  • Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

  • Refactor dispersion plot (#3082)
  • Provide type hints for LazyCorpusLoader variables (#3081)
  • Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)

... (truncated)

Commits
  • 4e17ea3 Updates for 3.9.2
  • 77ed66b Merge pull request #3425 from ekaf/ci-blank-data
  • 13d6791 Update .github/workflows/ci.yml
  • d2cf5d4 Ensure nltk_data path is in the environment
  • 4473fde Test CI with no data
  • 1f1614b Merge pull request #3349 from ShadokDuBas/fix/bug_ccg_logic_side_effect_on_le...
  • 7e9779e Merge pull request #3419 from ekaf/hotfix-3416
  • 83bd737 Merge pull request #3423 from purificant/_dependabot
  • e96cce0 Merge pull request #3422 from purificant/_pre_commit
  • bcf6ea6 Merge pull request #3421 from purificant/_py_versions
  • Additional commits viewable in compare view

Updates google-cloud-aiplatform from 1.124.0 to 1.133.0

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.133.0

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

... (truncated)

Changelog

Sourced from google-cloud-aiplatform's changelog.

1.133.0 (2026-01-08)

Features

  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)

Bug Fixes

  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

1.132.0 (2025-12-17)

Features

  • Add Lustre support to the Vertex Training Custom Job API (71747e8)
  • Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

1.131.0 (2025-12-16)

Features

  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

  • Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
  • GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

... (truncated)

Commits
  • 78f2bdd chore(main): release 1.133.0 (#6211)
  • c8c0f0f fix: Add None check for agent_info in evals.py
  • 9952b97 chore: rollback
  • 83f4076 fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 937d5af Copybara import of the project:
  • aaaf902 chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs
  • 8c876ef fix: Replace asyncio.run with create_task in ADK async thread mains.
  • 5448f06 fix: Require uri or staging bucket configuration for saving model to Vertex E...
  • 65717fa feat: GenAI SDK client(memory): Add enable_third_person_memories
  • be2eaaa fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config
  • Additional commits viewable in compare view

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726
Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726
Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates werkzeug from 3.1.5 to 3.1.6

Release notes

Sourced from werkzeug's releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

  • safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x
Changelog

Sourced from werkzeug's changelog.

Version 3.1.6

Released 2026-02-19

  • safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Build(deps): Bump the uv group across 2 directories with 4 updates
89eacd6 
Bumps the uv group with 2 updates in the /backend directory: [nltk](https://github.com/nltk/nltk) and [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).
Bumps the uv group with 2 updates in the /frontend directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).


Updates `nltk` from 3.9.1 to 3.9.2
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.1...3.9.2)

Updates `google-cloud-aiplatform` from 1.124.0 to 1.133.0
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.124.0...v1.133.0)

Updates `flask` from 3.1.2 to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.2...3.1.3)

Updates `werkzeug` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: nltk
  dependency-version: 3.9.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: google-cloud-aiplatform
  dependency-version: 1.133.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: werkzeug
  dependency-version: 3.1.6
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 21, 2026
@luarss luarss merged commit 42dbebf into master Feb 21, 2026
1 of 2 checks passed
@dependabot dependabot bot deleted the dependabot/uv/backend/uv-c6541e0c24 branch February 21, 2026 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@luarss