chore(deps-dev): bump the gha group across 1 directory with 6 updates

[dependabot]

Bumps the gha group with 6 updates in the /packages/opentelemetry-instrumentation-llamaindex directory:

Package	From	To
llama-parse	0.5.20	0.6.90
ruff	0.14.11	0.14.12
chromadb	0.5.23	1.4.1
onnxruntime	1.19.2	1.20.1
pytest-asyncio	0.23.8	1.2.0
vcrpy	6.0.2	7.0.0

Updates llama-parse from 0.5.20 to 0.6.90

Updates ruff from 0.14.11 to 0.14.12

Changelog

Sourced from ruff's changelog.

0.14.12

Released on 2026-01-15.

Preview features

• [flake8-blind-except] Allow more logging methods (BLE001) (#22057)
• [ruff] Respect lint.pydocstyle.property-decorators in RUF066 (#22515)

Bug fixes

• Fix configuration path in --show-settings (#22478)
• Respect fmt: skip for multiple statements on the same logical line (#22119)

Rule changes

• [pydocstyle] Update Rust crate imperative to v1.0.7 (D401) (#22519)
• [isort] Insert imports in alphabetical order (I002) (#22493)

Documentation

• Add llms.txt support for documentation (#22463)
• Use prek in documentation and CI (#22505)
• [flake8-pytest-style] Add check parameter example to PT017 docs (#22546)
• [ruff] Make example error out-of-the-box (RUF103) (#22558)
• [ruff] document RUF100 trailing comment fix behavior (#22479)

Other changes

• wasm: Require explicit logging initialization (#22587)

Contributors

• @​terror
• @​harupy
• @​Jkhall81
• @​dhruvmanila
• @​lubaskinc0de
• @​zanieb
• @​MeGaGiGaGon
• @​charliermarsh
• @​renovate
• @​dylwil3
• @​MichaReiser
• @​11happy

Commits

• See full diff in compare view

Updates chromadb from 0.5.23 to 1.4.1

Release notes

Sourced from chromadb's releases.

1.4.1

Version: 1.4.1 Git ref: refs/tags/1.4.1 Build Date: 2026-01-14T19:19 PIP Package: chroma-1.4.1.tar.gz Github Container Registry Image: :1.4.1 DockerHub Image: :1.4.1

What's Changed

• [ENH]: Sysdb + migration service connect to real spanner in gcp by @​sanketkedia in chroma-core/chroma#6084
• [CHORE]: Update google cloud spanner dependency + update rust version by @​sanketkedia in chroma-core/chroma#6086
• [CHORE]: Remove unstable feature by @​sanketkedia in chroma-core/chroma#6087
• [BUG]: Scorecard before stateful quotas by @​sanketkedia in chroma-core/chroma#6089
• [ENH]: e2e tenant and database operations in rust sysdb by @​sanketkedia in chroma-core/chroma#6088
• [ENH] Drop block ref when copy to end by @​Sicheng-Pan in chroma-core/chroma#6101
• [ENH]: Make hashes in spanner migrations rolling by @​tanujnay112 in chroma-core/chroma#6097
• [CHORE] move spanner-migrations to rust/ top level by @​rescrv in chroma-core/chroma#6085
• [BUG] await auth on delete_database in single-node Chroma by @​philipithomas in chroma-core/chroma#6106
• [ENH][spanner-migrations]: add clap CLI and support for multiple migration directories by @​rescrv in chroma-core/chroma#6091
• [ENH] Commit eagerly in ordered blockfile writer by @​Sicheng-Pan in chroma-core/chroma#6109
• [BUG]: Fix service name extraction logic in go by @​tanujnay112 in chroma-core/chroma#6111
• [ENH]: fixes broken llama index links by @​tjkrusinskichroma in chroma-core/chroma#6112
• [ENH]: Fixes typo by @​tjkrusinskichroma in chroma-core/chroma#6113
• [ENH]: fixes missing $ in operator example by @​tjkrusinskichroma in chroma-core/chroma#6114
• [BUG]: Collection affinity not working by @​sanketkedia in chroma-core/chroma#6115
• [ENH] Add a catch to purge cursors that have been reinserted a suspicious number of times. by @​rescrv in chroma-core/chroma#6094
• [ENH] Multi-region, multi-cloud configuration. by @​rescrv in chroma-core/chroma#6092
• [ENH][wal3]: add quorum_writer for parallel future coordination by @​rescrv in chroma-core/chroma#6095
• [ENH]: Add frontend logic for indexing status by @​tanujnay112 in chroma-core/chroma#6127
• [CHORE][spanner-migrations]: extract core logic into library by @​rescrv in chroma-core/chroma#6125
• [ENH] Add the schema for Rust Log Service in Spanner. by @​rescrv in chroma-core/chroma#6096
• [CHORE] Bump version of tonic to 0.14 and shake out the damage. by @​rescrv in chroma-core/chroma#6100
• [CHORE] Fix the MCMR memberlists in Tilt. by @​rescrv in chroma-core/chroma#6099
• [ENH] Explicitly define docs site metadata for Google by @​kylediaz in chroma-core/chroma#6136
• [CHORE] configure gtm on docs by @​philipithomas in chroma-core/chroma#6139
• Revert "[CHORE] configure gtm on docs" by @​philipithomas in chroma-core/chroma#6140
• [ENH] add gtm to docs by @​philipithomas in chroma-core/chroma#6141
• [ENH]: Python client changes for indexing status by @​tanujnay112 in chroma-core/chroma#6130
• [ENH] Eventual consistency in query nodes by @​HammadB in chroma-core/chroma#5945
• [CHORE][wal3] encapsulate fragment reading in FragmentConsumer trait by @​rescrv in chroma-core/chroma#6107
• [ENH]: Database and Tenant Crud enhancements by @​sanketkedia in chroma-core/chroma#6119
• [ENH]: Metering for indexing_status by @​tanujnay112 in chroma-core/chroma#6128
• [ENH]: Globalize dead letter queue in SysDB by @​tanujnay112 in chroma-core/chroma#6003
• [ENH]: Spanner collection and segments Schemas by @​sanketkedia in chroma-core/chroma#6123
• [ENH] Add eventual consistency to the frontend by @​HammadB in chroma-core/chroma#5946
• [ENH] wal3 replicated interfaces by @​rescrv in chroma-core/chroma#6102
• [CHORE] Bump rust client version to 0.11.x by @​rescrv in chroma-core/chroma#6150
• [ENH]: Add indexing_status changes to typescript and rust clients by @​tanujnay112 in chroma-core/chroma#6143
• [CHORE] Make spanner optional for types by @​rescrv in chroma-core/chroma#6151
• [ENH]: Wrap spanner Row to a new type by @​sanketkedia in chroma-core/chroma#6152

... (truncated)

Commits

• 8487322 [RELEASE] CLI 1.3.1 Python 1.4.1 JS 3.2.1 (#6155)
• 0f189eb [CHORE] Set version numbers for 0.12 client release (#6156)
• 4e0b278 [TST] Add basic readlevel test (#6154)
• a1de20b [ENH] Add support for indexing status to rust (#6153)
• 8635550 [ENH]: Wrap spanner Row to a new type (#6152)
• d80358a [CHORE] Make spanner optional for types (#6151)
• e7365e0 [ENH]: Add indexing_status changes to typescript and rust clients (#6143)
• 254ddc7 [CHORE] Bump rust client version to 0.11.x (#6150)
• 95b62a0 [ENH] wal3 replicated interfaces (#6102)
• 8d71ef1 [ENH] Add eventual consistency to the frontend (#5946)
• Additional commits viewable in compare view

Updates onnxruntime from 1.19.2 to 1.20.1

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.20.1

What's new?

Python Quantization Tool

• Prevent int32 quantized bias from clipping by adjusting the weight's scale (#22020) - @​adrianlizarraga
• Update QDQ Pad, Slice, Softmax (#22676) - @​adrianlizarraga
• Introduce get_qdq_config() helper to get QDQ configurations (#22677) - @​adrianlizarraga
• Add reduce_range option to get_qdq_config() (#22782) - @​adrianlizarraga
• Flaky test due to Pad reflect bug (#22798) - @​adrianlizarraga

CPU EP

• Refactor SkipLayerNorm implementation to address issues (#22719, #22862) - @​amarin16, @​liqunfu

QNN EP

• Add QNN SDK v2.28.2 support (#22724, #22844) - @​HectorSVC, @​adrianlizarraga

TensorRT EP

• Exclude DDS ops from running on TRT (#22875) - @​chilo-ms

Packaging

• Rework the native library usage so that a pre-built ORT native package can be easily used (#22345) - @​skottmckay
• Fix Maven Sha256 Checksum Issue (#22600) - @​idiskyle

Contributions

Big thank you to the release manager @​yf711, along with @​adrianlizarraga, @​HectorSVC, @​jywu-msft, and everyone else who helped to make this patch release process a smooth one!

ONNX Runtime v1.20.0

Release Manager: @​apsonawane

Announcements

• All ONNX Runtime Training packages have been deprecated. ORT 1.19.2 was the last release for which onnxruntime-training (PyPI), onnxruntime-training-cpu (PyPI), Microsoft.ML.OnnxRuntime.Training (Nuget), onnxruntime-training-c (CocoaPods), onnxruntime-training-objc (CocoaPods), and onnxruntime-training-android (Maven Central) were published.
• ONNX Runtime packages will stop supporting Python 3.8 and Python 3.9. This decision aligns with NumPy Python version support. To continue using ORT with Python 3.8 and Python 3.9, you can use ORT 1.19.2 and earlier.
• ONNX Runtime 1.20 CUDA packages will include new dependencies that were not required in 1.19 packages. The following dependencies are new: libcudnn_adv.so.9, libcudnn_cnn.so.9, libcudnn_engines_precompiled.so.9, libcudnn_engines_runtime_compiled.so.9, libcudnn_graph.so.9, libcudnn_heuristic.so.9, libcudnn_ops.so.9, libnvrtc.so.12, and libz.so.1.

Build System & Packages

• Python 3.13 support is included in PyPI packages.
• ONNX 1.17 support will be delayed until a future release, but the ONNX version used by ONNX Runtime has been patched to include a shape inference change to the Einsum op.
• DLLs in the Maven build are now digitally signed (fix for issue reported here).
• (Experimental) vcpkg support added for the CPU EP. The DML EP does not yet support vcpkg, and other EPs have not been tested.

Core

• MultiLoRA support.
• Reduced memory utilization.
  • Fixed alignment that was causing mmap to fail for external weights.
  • Eliminated double allocations when deserializing external weights.
  • Added ability to serialize pre-packed weights so that they don’t cause an increase in memory utilization when the model is loaded.
• Support bfloat16 and float8 data types in python I/O binding API.

Performance

• INT4 quantized embedding support on CPU and CUDA EPs.

... (truncated)

Commits

• 5c1b7cc [ORT 1.20.1 Release] Cherry pick 2nd round (#22845)
• c6156c1 [ORT 1.20.1 Release] Cherry pick 1st round (#22785)
• c4fb724 ORT 1.20.0 release preparation: Cherry pick round 2 (#22643)
• 2d00351 ORT 1.20.0 Release: Cherry pick round 1 (#22526)
• f9e623e Update CMake to 3.31.0rc1 (#22433)
• 691de83 Enable BrowserStack tests (#22457)
• bf60442 [ROCm] Update ROCm Nuget pipeline to ROCm 6.2 (#22461)
• 2b8fc55 Enable RunMatMulTest all test cases support FP16 (#22440)
• af00a20 Change ORT nightly python packages' name (#22450)
• a5e85a9 Fix training artifacts for 2GB+ models and MSELoss (#22414)
• Additional commits viewable in compare view

Updates pytest-asyncio from 0.23.8 to 1.2.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.2.0

1.2.0 - 2025-09-12

Added

• --asyncio-debug CLI option and asyncio_debug configuration option to enable asyncio debug mode for the default event loop. (#980)
• A pytest.UsageError for invalid configuration values of asyncio_default_fixture_loop_scope and asyncio_default_test_loop_scope. (#1189)
• Compatibility with the Pyright type checker (#731)

Fixed

• RuntimeError: There is no current event loop in thread 'MainThread' when any test unsets the event loop (such as when using asyncio.run and asyncio.Runner). (#1177)
• Deprecation warning when decorating an asynchronous fixture with @pytest.fixture in [strict]{.title-ref} mode. The warning message now refers to the correct package. (#1198)

Notes for Downstream Packagers

• Bump the minimum required version of tox to v4.28. This change is only relevant if you use the tox.ini file provided by pytest-asyncio to run tests.
• Extend dependency on typing-extensions>=4.12 from Python<3.10 to Python<3.13.

pytest-asyncio 1.1.1

v1.1.1 - 2025-09-12

Notes for Downstream Packagers

- Addresses a build problem with setuptoos-scm >= 9 caused by invalid setuptools-scm configuration in pytest-asyncio. (#1192)

pytest-asyncio 1.1.0

Added

• Propagation of ContextVars from async fixtures to other fixtures and tests on Python 3.10 and older (#127)
• Cancellation of tasks when the loop_scope ends (#200)
• Warning when the current event loop is closed by a test

Fixed

• Error about missing loop when calling functions requiring a loop in the finally clause of a task (#878)
• An error that could cause duplicate warnings to be issued

Notes for Downstream Packagers

• Added runtime dependency on backports.asyncio.runner for use with Python 3.10 and older

pytest-asyncio 1.1.0a1

1.1.0a1 - 2025-06-30

Added

• Propagation of ContextVars from async fixtures to other fixtures and tests on Python 3.10 and older (#127)
• Cancellation of tasks when the loop_scope ends (#200)
• Warning when the current event loop is closed by a test

... (truncated)

Commits

• 0d3988f ci: Create GitHub release before publishing to PyPI.
• 07c5a0b docs: Include orphaned news fragment in changelog.
• be24582 chore: Prepare release of v1.2.0.
• 7aeb296 docs: Streamline news fragments
• 7b8311c ci: Fixes a bug that prevented SSH signature from being stripped from release...
• 9d4c2bd docs: Add changelog entry for Pyright compatibility.
• 94f6106 test: Added tests which assert that the event loop is reinstated if unset by ...
• df61991 [pre-commit.ci] pre-commit autoupdate
• f1f7941 Build(deps): Bump pytest from 8.4.1 to 8.4.2
• c77d3d3 Build(deps): Bump twine from 6.1.0 to 6.2.0
• Additional commits viewable in compare view

Updates vcrpy from 6.0.2 to 7.0.0

Release notes

Sourced from vcrpy's releases.

v7.0.0

What's Changed

- Drop support for python 3.8 (major version bump) - thanks @jairhenrique
- Various linting and test fixes - thanks @jairhenrique
- Bugfix for urllib2>=2.3.0 - missing version_string ([#888](https://github.com/kevin1024/vcrpy/issues/888))
- Bugfix for asyncio.run - thanks @alekeik1

New Contributors

• @​exslim made their first contribution in kevin1024/vcrpy#889
• @​alekseik1 made their first contribution in kevin1024/vcrpy#886

Changelog

Sourced from vcrpy's changelog.

Changelog

For a full list of triaged issues, bugs and PRs and what release they are targeted for please see the following link.

ROADMAP MILESTONES <https://github.com/kevin1024/vcrpy/milestones>_

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 8.1.1

  • Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
  • CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

• 8.1.0

  • Enable brotli decompression if available (via brotli, brotlipy or brotlicffi) (#620) - thanks @​immerrr
  • Fix aiohttp allowing both data and json arguments when one is None (#624) - thanks @​leorochael
  • Fix usage of io-like interface with VCR.py (#906) - thanks @​tito and @​kevdevg
  • Migrate to declarative Python package config (#767) - thanks @​deronnax
  • Various linting fixes - thanks @​jairhenrique
  • CI: bump actions/checkout from 5 to 6 (#955)

• 8.0.0

  • BREAKING: Drop support for Python 3.9 (major version bump) - thanks @​jairhenrique
  • BREAKING: Drop support for urllib3 < 2 - fixes CVE warnings from urllib3 1.x (#926, #880) - thanks @​jairhenrique
  • New feature: drop_unused_requests option to remove unused interactions from cassettes (#763) - thanks @​danielnsilva
  • Rewrite httpx support to patch httpcore instead of httpx (#943) - thanks @​seowalex
    • Fixes httpx.ResponseNotRead exceptions (#832, #834)
    • Fixes KeyError: 'follow_redirects' (#945)
    • Adds support for custom httpx transports
  • Fix HTTPS proxy handling - proxy address no longer ends up in cassette URIs (#809, #914) - thanks @​alga
  • Fix iscoroutinefunction deprecation warning on Python 3.14 - thanks @​kloczek
  • Only log message if response is appended - thanks @​talfus-laddus
  • Optimize urllib.parse calls - thanks @​Martin-Brunthaler
  • Fix CI for Ubuntu 24.04 - thanks @​hartwork
  • Various CI improvements: migrate to uv, update GitHub Actions - thanks @​jairhenrique
  • Various linting and test improvements - thanks @​jairhenrique and @​hartwork

• 7.0.0

  • Drop support for python 3.8 (major version bump) - thanks @​jairhenrique
  • Various linting and test fixes - thanks @​jairhenrique
  • Bugfix for urllib2>=2.3.0 - missing version_string (#888)
  • Bugfix for asyncio.run - thanks @​alekeik1

• 6.0.2

  • Ensure body is consumed only once (#846) - thanks @​sathieu
  • Permit urllib3 2.x for non-PyPy Python >=3.10
  • Fix typos in test commands - thanks @​chuckwondo
  • Several test and workflow improvements - thanks @​hartwork and @​graingert

• 6.0.1

  • Bugfix with to Tornado cassette generator (thanks @​graingert)

• 6.0.0

... (truncated)

Commits

• 3278619 Release v7.0.0
• 3fb62e0 fix: correctly handle asyncio.run when loop exists
• 8197865 build(deps): update sphinx requirement from <8 to <9
• be651bd pre-commit: Autoupdate
• a6698ed Fix aiohttp tests
• 48d0a2e Fixed missing version_string attribute when used with urllib3>=2.3.0
• 5b858b1 Fix lint
• c8d99a9 Fix ruff configuration
• ce27c63 Merge pull request #736 from kevin1024/drop-python38
• ab8944d Drop python 3.8 support
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Important

Update dependencies in pyproject.toml for opentelemetry-instrumentation-llamaindex, including chromadb, llama-parse, onnxruntime, pytest-asyncio, and vcrpy.

• Dependency Updates:
  • Update chromadb from <0.6.0 to <1.5.0.
  • Update llama-parse from <0.6.0 to <0.7.0.
  • Update onnxruntime from <1.20.0 to <1.21.0.
  • Update pytest-asyncio from <0.24.0 to <1.3.0.
  • Update vcrpy from <7 to <8.

^{This description was created by for 9715619. You can customize this summary. It will automatically update as commits are pushed.}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 9715619 in 1 minute and 17 seconds. Click for details.

• Reviewed 35 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 5 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. packages/opentelemetry-instrumentation-llamaindex/pyproject.toml:37

• Draft comment:
  Updated 'chromadb' version range from <0.6.0 to <1.5.0 to allow the 1.x releases (e.g. 1.4.1). Confirm that any breaking changes in chromadb 1.x are handled.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the version range of chromadb. It asks the PR author to confirm that any breaking changes in the new version range are handled. This falls under the rule of not asking the author to confirm or ensure behavior, especially related to dependencies.

2. packages/opentelemetry-instrumentation-llamaindex/pyproject.toml:45

• Draft comment:
  Raised the upper bound for 'llama-parse' from <0.6.0 to <0.7.0 to include version 0.6.90. Please ensure compatibility with any changes introduced in 0.6.x.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency version change, specifically raising the upper bound for llama-parse. It asks the PR author to ensure compatibility with changes in the new version range. According to the rules, comments on dependency changes or asking the author to ensure compatibility are not allowed.

3. packages/opentelemetry-instrumentation-llamaindex/pyproject.toml:46

• Draft comment:
  Updated 'onnxruntime' upper bound from <1.20.0 to <1.21.0 to allow version 1.20.1. Verify that any API or behavior changes are compatible.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically updating the upper bound of the onnxruntime version. The comment asks to verify compatibility, which is against the rules as it asks the author to ensure compatibility. This is not a specific code suggestion or a request for a test, so it should be removed.

4. packages/opentelemetry-instrumentation-llamaindex/pyproject.toml:52

• Draft comment:
  Updated 'pytest-asyncio' range from <0.24.0 to <1.3.0 for version 1.2.0 support. Ensure that any API changes in pytest-asyncio v1.x are addressed.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically updating the version range for pytest-asyncio. The comment suggests ensuring that API changes in the new version are addressed. However, it does not provide a specific suggestion or point out a specific issue with the code. It falls under the rule of not commenting on dependency changes unless there's a specific actionable suggestion.

5. packages/opentelemetry-instrumentation-llamaindex/pyproject.toml:55

• Draft comment:
  Increased the upper bound for 'vcrpy' from <7 to <8, allowing v7.0.0. Please confirm the new version's compatibility with our tests.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to confirm the compatibility of a new version of a dependency with the tests. This falls under the rule of not asking the author to confirm or ensure compatibility, which is not allowed.

Workflow ID: wflow_IPzIdTl3AwH84jWb

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.