Skip to content

Chore(deps): Bump the utilities-patch group across 1 directory with 5 updates#28

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/uv/dev/utilities-patch-8b9f11cc8a
Open

Chore(deps): Bump the utilities-patch group across 1 directory with 5 updates#28
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/uv/dev/utilities-patch-8b9f11cc8a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026

Bumps the utilities-patch group with 5 updates in the / directory:

Package From To
llama-index-core 0.14.16 0.14.19
nltk 3.9.3 3.9.4
zensical 0.0.26 0.0.29
prek 0.3.5 0.3.8
ruff 0.15.5 0.15.8

Updates llama-index-core from 0.14.16 to 0.14.19

Release notes

Sourced from llama-index-core's releases.

v0.14.19

Release Notes

[2026-03-25]

llama-index-agent-agentmesh [0.2.0]

  • chore(deps): bump the uv group across 49 directories with 1 update (#21083)

llama-index-callbacks-argilla [0.5.0]

  • chore(deps): bump the uv group across 3 directories with 1 update (#21069)

llama-index-core [0.14.19]

  • fix: pass delete_from_docstore parameter in BaseIndex.delete_ref_doc (#20990)
  • fix(core): preserve CTE names during schema prefixing in SQLDatabase.run_sql (#21028)
  • fix(core): align sync retrieval dedup key with async (hash + ref_doc_id) (#21034)
  • fix(core): raise ValueError instead of returning string from structured_predict (#21036)
  • fix(core): remove incorrect per-node delete calls in index helpers (#21050)
  • chore(deps): bump the uv group across 49 directories with 1 update (#21083)
  • chore(deps): bump the uv group across 44 directories with 1 update (#21097)
  • enable llama-cloud>1.0 install (#21140)

llama-index-embeddings-fireworks [0.5.2]

  • test(embeddings-fireworks): add test suite and fix docs (#20977)

llama-index-embeddings-upstage [0.6.1]

  • chore(deps): bump the uv group across 49 directories with 1 update (#21083)

llama-index-indices-managed-llama-cloud [0.11.1]

  • fix: llama-cloud managed index and remove llamaparse reader (#21043)
  • enable llama-cloud>1.0 install (#21140)

llama-index-llms-azure-openai [0.5.3]

  • azure openai responses support (#21088)
  • fix azure openai responses (#21099)

llama-index-llms-bedrock-converse [0.14.3]

  • use proper tool choice format in bedrock converse (#21098)

llama-index-llms-cohere [0.8.0]

  • docs(cohere): update first basic usage example to chat API (#21108)

... (truncated)

Changelog

Sourced from llama-index-core's changelog.

llama-index-core [0.14.19]

  • fix: pass delete_from_docstore parameter in BaseIndex.delete_ref_doc (#20990)
  • fix(core): preserve CTE names during schema prefixing in SQLDatabase.run_sql (#21028)
  • fix(core): align sync retrieval dedup key with async (hash + ref_doc_id) (#21034)
  • fix(core): raise ValueError instead of returning string from structured_predict (#21036)
  • fix(core): remove incorrect per-node delete calls in index helpers (#21050)
  • chore(deps): bump the uv group across 49 directories with 1 update (#21083)
  • chore(deps): bump the uv group across 44 directories with 1 update (#21097)
  • enable llama-cloud>1.0 install (#21140)

llama-index-embeddings-fireworks [0.5.2]

  • test(embeddings-fireworks): add test suite and fix docs (#20977)

llama-index-embeddings-upstage [0.6.1]

  • chore(deps): bump the uv group across 49 directories with 1 update (#21083)

llama-index-indices-managed-llama-cloud [0.11.1]

  • fix: llama-cloud managed index and remove llamaparse reader (#21043)
  • enable llama-cloud>1.0 install (#21140)

llama-index-llms-azure-openai [0.5.3]

  • azure openai responses support (#21088)
  • fix azure openai responses (#21099)

llama-index-llms-bedrock-converse [0.14.3]

  • use proper tool choice format in bedrock converse (#21098)

llama-index-llms-cohere [0.8.0]

  • docs(cohere): update first basic usage example to chat API (#21108)

llama-index-llms-google-genai [0.9.1]

  • feat: gemini 3 default and temperature (#21060)
  • fix(google-genai): avoid mutating messages list in prepare_chat_params (#21141)

llama-index-llms-litellm [0.7.1]

  • Add support for custom LLM provider in model kwargs (#21095)

llama-index-llms-minimax [0.1.0]

  • feat: add MiniMax LLM provider integration with M2.7 default (#20955)

... (truncated)

Commits

Updates nltk from 3.9.3 to 3.9.4

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits
  • ad9c96b Update copyright year
  • 7edcddf Updates for 3.9.4 release
  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
  • aec4fce Merge pull request #3522 from ekaf/pathsec
  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
  • Additional commits viewable in compare view

Updates zensical from 0.0.26 to 0.0.29

Release notes

Sourced from zensical's releases.

0.0.29

Summary

This version fixes an issue with absolute paths in links, as well as changed files not being picked up by Zensical on Windows 11.

Changelog

Bug fixes

  • c1860ca compat – leave absolute links untouched (#466)
  • 6775b75 zensical – canonicalize watched paths (#451)

0.0.28

Summary

This version updates the user interface to v0.0.10, which fixes a couple of bugs related to search and code annotation rendering. Additionally, it adds support for version selectors in the modern theme, paving the way for adding support for mike to manage multiple versions of documentation on GitHub Pages.

In addition, this release adds new configuration options for the file watcher to improve compatibility in certain environments.

File watcher

You can now opt into using a polling-based file watcher, which is particularly useful when running Docker on Windows, where filesystem event limitations (e.g., inotify constraints) can cause issues.

To enable the polling watcher:

export ZENSICAL_POLL_WATCHER=1

The polling interval is configurable and defaults to 500 milliseconds (aligned with MkDocs behavior):

export ZENSICAL_POLL_INTERVAL=500

Changelog

Bug fixes

  • 5196cdb compat – invalid setup of MathJax in bootstrapped zensical.toml
  • b710744 ui – update ui to v0.0.10
  • f014425 zensical-watch – auto-reload not working for Docker on Windows (#340, #446)

0.0.27

Summary

... (truncated)

Commits
  • b8f21fb chore: release v0.0.29
  • c1860ca fix: leave absolute links untouched (#466)
  • 6775b75 fix: canonicalize watched paths (#451)
  • 990a020 chore: release v0.0.28
  • 5196cdb fix: invalid setup of MathJax in bootstrapped zensical.toml
  • b710744 fix: update ui to v0.0.10
  • e0629b9 chore: update actions in workflows
  • f014425 fix: auto-reload not working for Docker on Windows (#340) (#446)
  • a4354ca chore: update action to attest build provenance
  • 83cd642 chore: release v0.0.27
  • Additional commits viewable in compare view

Updates prek from 0.3.5 to 0.3.8

Release notes

Sourced from prek's releases.

0.3.8

Release Notes

Released on 2026-03-23.

Enhancements

  • Add experimental language: deno support (#1516)
  • Add pretty-format-json as builtin hook (#915)
  • Add check-vcs-permalinks as builtin hook (#1842)
  • Add check-illegal-windows-names as builtin hook (#1841)
  • Add check-shebang-scripts-are-executable builtin hook (#1847)
  • Add destroyed-symlinks builtin hook (#1851)
  • Add file-contents-sorter as builtin hook (#1846)
  • Add --all flag to prek uninstall (#1817)
  • Improve file pattern parse errors (#1829)
  • Validate uv binary after download (#1825)

Bug fixes

  • Fix workspace-relative added file paths (#1852)
  • Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

Install prek 0.3.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.8

Released on 2026-03-23.

Enhancements

  • Add experimental language: deno support (#1516)
  • Add pretty-format-json as builtin hook (#915)
  • Add check-vcs-permalinks as builtin hook (#1842)
  • Add check-illegal-windows-names as builtin hook (#1841)
  • Add check-shebang-scripts-are-executable builtin hook (#1847)
  • Add destroyed-symlinks builtin hook (#1851)
  • Add file-contents-sorter as builtin hook (#1846)
  • Add --all flag to prek uninstall (#1817)
  • Improve file pattern parse errors (#1829)
  • Validate uv binary after download (#1825)

Bug fixes

  • Fix workspace-relative added file paths (#1852)
  • Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

0.3.7

Due to a release process failure, this version was republished as 0.3.8.

0.3.6

Released on 2026-03-16.

Enhancements

  • Allow selectors for hook ids containing colons (#1782)
  • Rename prek install-hooks to prek prepare-hooks and prek install --install-hooks to prek install --prepare-hooks (#1766)
  • Retry auth-failed repo clones with terminal prompts enabled (#1761)

Performance

  • Optimize detect_private_key by chunked reading and using aho-corasick (#1791)
  • Optimize fix_byte_order_marker by shifting file contents in place (#1790)

Bug fixes

... (truncated)

Commits

Updates ruff from 0.15.5 to 0.15.8

Release notes

Sourced from ruff's releases.

0.15.8

Release Notes

Released on 2026-03-26.

Preview features

  • [ruff] New rule unnecessary-if (RUF050) (#24114)
  • [ruff] New rule useless-finally (RUF072) (#24165)
  • [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
  • [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

  • [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
  • [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
  • [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
  • E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
  • Fix %foo? parsing in IPython assignment expressions (#24152)
  • analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

  • [eradicate] ignore ty: ignore comments in ERA001 (#24192)
  • [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
  • [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
  • [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
  • [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

  • Speed up diagnostic rendering (#24146)

Server

  • Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

  • Clarify extend-ignore and extend-select settings documentation (#24064)
  • Mention AI policy in PR template (#24198)

Other changes

  • Use trusted publishing for NPM packages (#24171)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.8

Released on 2026-03-26.

Preview features

  • [ruff] New rule unnecessary-if (RUF050) (#24114)
  • [ruff] New rule useless-finally (RUF072) (#24165)
  • [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
  • [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

  • [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
  • [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
  • [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
  • E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
  • Fix %foo? parsing in IPython assignment expressions (#24152)
  • analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

  • [eradicate] ignore ty: ignore comments in ERA001 (#24192)
  • [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
  • [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
  • [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
  • [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

  • Speed up diagnostic rendering (#24146)

Server

  • Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

  • Clarify extend-ignore and extend-select settings documentation (#24064)
  • Mention AI policy in PR template (#24198)

Other changes

  • Use trusted publishing for NPM packages (#24171)

Contributors

... (truncated)

Commits
  • c2a8815 Release 0.15.8 (#24217)
  • d444d52 [ty] Infer lambda expressions with Callable type context (#22633)
  • 9622285 [ty] Autocomplete arguments if in arguments node (#24167)
  • d812662 Use the release environment in publish-docs (#24214)
  • eda2355 [ty] Show Final source in final assignment diagnostic (#24194)
  • 929eb52 [ty] Enforce Final attribute assignment rules for annotated and augmented wri...
  • 34998be [ty] Fix typo in comment (#24211)
  • 560aca0 [ty] Minor simplifications to some benchmark code (#24209)
  • 683bae5 [ty] Track non-terminal-call constraints in global scope (#23245)
  • 4704c2a [ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Chore(deps): Bump the utilities-patch group across 1 directory with 5…
6d22bf7 
… updates

Bumps the utilities-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [llama-index-core](https://github.com/run-llama/llama_index) | `0.14.16` | `0.14.19` |
| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |
| [zensical](https://github.com/zensical/zensical) | `0.0.26` | `0.0.29` |
| [prek](https://github.com/j178/prek) | `0.3.5` | `0.3.8` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.8` |



Updates `llama-index-core` from 0.14.16 to 0.14.19
- [Release notes](https://github.com/run-llama/llama_index/releases)
- [Changelog](https://github.com/run-llama/llama_index/blob/main/CHANGELOG.md)
- [Commits](run-llama/llama_index@v0.14.16...v0.14.19)

Updates `nltk` from 3.9.3 to 3.9.4
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.3...3.9.4)

Updates `zensical` from 0.0.26 to 0.0.29
- [Release notes](https://github.com/zensical/zensical/releases)
- [Commits](zensical/zensical@v0.0.26...v0.0.29)

Updates `prek` from 0.3.5 to 0.3.8
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.5...v0.3.8)

Updates `ruff` from 0.15.5 to 0.15.8
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.5...0.15.8)

---
updated-dependencies:
- dependency-name: llama-index-core
  dependency-version: 0.14.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: nltk
  dependency-version: 3.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: zensical
  dependency-version: 0.0.29
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: prek
  dependency-version: 0.3.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: ruff
  dependency-version: 0.15.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot mentioned this pull request Mar 27, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend dependencies non-trivial

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants