Skip to content

chore(deps): update gradio requirement from >=6.14.0 to >=6.16.0#19

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/gradio-gte-6.16.0
Open

chore(deps): update gradio requirement from >=6.14.0 to >=6.16.0#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/gradio-gte-6.16.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on gradio to permit the latest version.

Release notes

Sourced from gradio's releases.

gradio@6.16.0

Features

  • #13422 96d4fd1 - Make the session heartbeat interval configurable via the GRADIO_HEARTBEAT_INTERVAL environment variable (#13346). Thanks @​wjddnwp29!
  • #13459 6320116 - Show a friendly landing page (instead of a raw JSON-RPC error) when the MCP endpoint is opened in a browser. Thanks @​ShirGanon!

Fixes

  • #13437 97d541f - Fix path traversal in gr.FileExplorer.preprocess by validating selected paths with _safe_join (consistent with ls()), rejecting absolute/.. paths that escape root_dir. Thanks @​abidlabs!
  • #13438 010ee63 - Fix open-redirect bypass in gradio.oauth._redirect_to_target where 4+ leading slashes (or backslashes) in _target_url produced a scheme-relative redirect to an external host, restoring CVE-2026-28415. Thanks @​abidlabs!
  • #13240 0d670ad - Fix browser freeze when a dataframe's value is set (e.g. via a tab select event), and only dispatch the tabs select event when the selected tab actually changes. Thanks @​freddyaboulton!
  • #13461 702a8b1 - Fix runtime language switching not re-translating component labels/values (only the footer updated). @gradio/utils resolved its own duplicate svelte-i18n instance whose locale store was never updated; the retranslation trigger now uses the live formatter store injected by @gradio/core. Thanks @​abidlabs!
  • #13458 939e84c - Defer Node front proxy startup until Python is ready in SSR mode. Thanks @​pngwn!
  • #13436 48d0e27 - Fix SSRF in Image/Gallery SVG postprocessing and Audio streaming postprocessing by routing user-influenced URL fetches through safehttpx. Thanks @​abidlabs!
  • #13451 29bd7a0 - gr.Dropdown() Fixes. Thanks @​dawoodkhan82!
Changelog

Sourced from gradio's changelog.

6.16.0

Features

  • #13422 96d4fd1 - Make the session heartbeat interval configurable via the GRADIO_HEARTBEAT_INTERVAL environment variable (#13346). Thanks @​wjddnwp29!
  • #13459 6320116 - Show a friendly landing page (instead of a raw JSON-RPC error) when the MCP endpoint is opened in a browser. Thanks @​ShirGanon!

Fixes

  • #13437 97d541f - Fix path traversal in gr.FileExplorer.preprocess by validating selected paths with _safe_join (consistent with ls()), rejecting absolute/.. paths that escape root_dir. Thanks @​abidlabs!
  • #13438 010ee63 - Fix open-redirect bypass in gradio.oauth._redirect_to_target where 4+ leading slashes (or backslashes) in _target_url produced a scheme-relative redirect to an external host, restoring CVE-2026-28415. Thanks @​abidlabs!
  • #13240 0d670ad - Fix browser freeze when a dataframe's value is set (e.g. via a tab select event), and only dispatch the tabs select event when the selected tab actually changes. Thanks @​freddyaboulton!
  • #13461 702a8b1 - Fix runtime language switching not re-translating component labels/values (only the footer updated). @gradio/utils resolved its own duplicate svelte-i18n instance whose locale store was never updated; the retranslation trigger now uses the live formatter store injected by @gradio/core. Thanks @​abidlabs!
  • #13458 939e84c - Defer Node front proxy startup until Python is ready in SSR mode. Thanks @​pngwn!
  • #13436 48d0e27 - Fix SSRF in Image/Gallery SVG postprocessing and Audio streaming postprocessing by routing user-influenced URL fetches through safehttpx. Thanks @​abidlabs!
  • #13451 29bd7a0 - gr.Dropdown() Fixes. Thanks @​dawoodkhan82!

6.15.2

Features

Fixes

  • #13396 67df918 - Convert audio to int16 for all formats in audio_to_file so non-WAV outputs (mp3, flac, ogg) no longer encode as noise. Thanks @​GopalGB!

6.15.1

Features

Fixes

6.15.0

Features

Fixes

... (truncated)

Commits
  • 72f78a2 chore: update versions (#13432)
  • 29bd7a0 gr.Dropdown() Fixes (#13451)
  • 702a8b1 Fix runtime language switching not re-translating component props, and other ...
  • 053dbe2 docs: upgrade MiniMax demo to M3 (#13462)
  • 939e84c Fix another ssr server startup race condition (#13458)
  • 6320116 Show a landing page for browser GET requests to the MCP endpoint (#13459)
  • 4183c81 Fix various typos found by codespell (#13440)
  • 48d0e27 fix: SSRF in Image/Gallery SVG and Audio postprocessing (GHSA-3xvj-7669-6whx)...
  • 61cc3ec ci: upgrade Playwright to 1.60 (#13457)
  • b8f3db2 ci: shorten Playwright install timeout (#13455)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): update gradio requirement from >=6.14.0 to >=6.16.0
7bfe239 
Updates the requirements on [gradio](https://github.com/gradio-app/gradio) to permit the latest version.
- [Release notes](https://github.com/gradio-app/gradio/releases)
- [Changelog](https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gradio-app/gradio/compare/gradio@6.14.0...gradio@6.16.0)

---
updated-dependencies:
- dependency-name: gradio
  dependency-version: 6.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 6, 2026
@dependabot dependabot Bot mentioned this pull request Jun 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants