Skip to content

Bump the uv group with 4 updates#30

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-3d16248147
Closed

Bump the uv group with 4 updates#30
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-3d16248147

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 30, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the uv group with 4 updates: litellm, uv, coverage and pytest-asyncio.

Updates litellm from 1.85.1 to 1.86.2

Release notes

Sourced from litellm's releases.

v1.86.2

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.2

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.2/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.2

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

Full Changelog: BerriAI/litellm@v1.86.1...v1.86.2

v1.85.2

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

... (truncated)

Commits
  • 72fdccb chore: uv lock for 1.86.2 (#28972)
  • be557c8 chore(proxy): cherry-pick #28547 onto patch/v1.86.1 (#28969)
  • a8caf28 chore(release): 1.86.1 (#28823)
  • a13cd21 Merge pull request #28744 from BerriAI/litellm_/bold-lumiere-b74316
  • 9e7192e fix(docker): restore npm to non_root builder image (#28519)
  • a72414a Merge pull request #28100 from BerriAI/litellm_internal_staging
  • cf9b5e4 [Infra] Bump versions (#28094)
  • 1b0ae3a fix(mcp-oauth): PROXY_BASE_URL escape hatch + diagnostic logging for {"detail...
  • 3d5a9ed feat: add Terraform stacks for deploying LiteLLM on AWS and GCP (#27673)
  • fbe0ee8 fix(proxy): sort BYOK models by their displayed name in /v2/model/info (#28079)
  • Additional commits viewable in compare view

Updates uv from 0.11.16 to 0.11.17

Release notes

Sourced from uv's releases.

0.11.17

Release Notes

Released on 2026-05-28.

Enhancements

  • Add a diagnostic for uv add with standard library modules (#19572)
  • Expose uv workspace and its list subcommand in help output (#19533)
  • Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#19521)
  • Skip direct URL lock freshness checks while offline (#19596)
  • Add import-names and import-namespaces support to uv-build (PEP 794) (#19380)
  • Add a --no-editable-package flag to various commands (#19584)
  • Infer Python version requests from source trees in uv tool invocations (#19577)

Preview features

  • Add module owners to uv workspace metadata (#19122)
  • Do not allow uv venv --clear to remove non-virtual environments (#19595)

Bug fixes

  • Improve the performance of large entries in tool.uv.conflicts (#19538)
  • Avoid modifying the parent process' env with --env-file in uv run (#19567)
  • Fix script environment creation for scripts with long filenames (#19539)
  • Fix transitive Git archive dependencies in lockfiles (#19589)
  • Preserve Git repository URLs in direct URL metadata (#19590)
  • Support redirects in --check-url (#19594)
  • Accept case-insensitive HTML tags in --find-links parsing (#19537)
  • Reject duplicate script metadata blocks (#19544)
  • Ban names like "python3" as script entry points (#19535, #19536)
  • Validate Git LFS artifacts for Git archives (#19592)
  • Use a relative path when creating symlinks in cache to improve relocatability (#19033)

Documentation

  • Fix malformed positional anchors in the CLI reference (#19575)

Install uv 0.11.17

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.17/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.17/uv-installer.ps1 | iex"
</tr></table>

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.17

Released on 2026-05-28.

Enhancements

  • Add a diagnostic for uv add with standard library modules (#19572)
  • Expose uv workspace and its list subcommand in help output (#19533)
  • Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#19521)
  • Skip direct URL lock freshness checks while offline (#19596)
  • Add import-names and import-namespaces support to uv-build (PEP 794) (#19380)
  • Add a --no-editable-package flag to various commands (#19584)
  • Infer Python version requests from source trees in uv tool invocations (#19577)

Preview features

  • Add module owners to uv workspace metadata (#19122)
  • Do not allow uv venv --clear to remove non-virtual environments (#19595)

Bug fixes

  • Improve the performance of large entries in tool.uv.conflicts (#19538)
  • Avoid modifying the parent process' env with --env-file in uv run (#19567)
  • Fix script environment creation for scripts with long filenames (#19539)
  • Fix transitive Git archive dependencies in lockfiles (#19589)
  • Preserve Git repository URLs in direct URL metadata (#19590)
  • Support redirects in --check-url (#19594)
  • Accept case-insensitive HTML tags in --find-links parsing (#19537)
  • Reject duplicate script metadata blocks (#19544)
  • Ban names like "python3" as script entry points (#19535, #19536)
  • Validate Git LFS artifacts for Git archives (#19592)
  • Use a relative path when creating symlinks in cache to improve relocatability (#19033)

Documentation

  • Fix malformed positional anchors in the CLI reference (#19575)
Commits

Updates coverage from 7.14.0 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

  • Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

  • Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Commits
  • 64d9b66 docs: correct the date for 7.14.1
  • 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
  • 078afae docs: sample HTML for 7.14.1
  • cb4f028 docs: prep for 7.14.1
  • ae2d09f Merge branch 'nedbat/classifire-316-kits'
  • 2c3568b build: declare 3.16 compatibility
  • faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
  • eb55fee test: we don't need PyPy < 7.3.22 anymore
  • ac168fe test: the text summary should show missing
  • fed4bd2 chore: upgrade virtualenv
  • Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the uv group with 4 updates
11e9274 
Bumps the uv group with 4 updates: [litellm](https://github.com/BerriAI/litellm), [uv](https://github.com/astral-sh/uv), [coverage](https://github.com/coveragepy/coveragepy) and [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio).


Updates `litellm` from 1.85.1 to 1.86.2
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](BerriAI/litellm@v1.85.1...v1.86.2)

Updates `uv` from 0.11.16 to 0.11.17
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.16...0.11.17)

Updates `coverage` from 7.14.0 to 7.14.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.0...7.14.1)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: litellm
  dependency-version: 1.86.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: uv
  dependency-version: 0.11.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: coverage
  dependency-version: 7.14.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 30, 2026
@github-actions

github-actions Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor

Version hint: patch
Current version: 0.6.0
New version (when merged): 0.6.1

Comment ID: Display version hint-auto-generated

@dependabot @github

dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 6, 2026
@dependabot dependabot Bot deleted the dependabot/uv/uv-3d16248147 branch June 6, 2026 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants