Skip to content

Bump the backend-python-deps group across 1 directory with 6 updates#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/Backend/backend-python-deps-9c7df576f0
Open

Bump the backend-python-deps group across 1 directory with 6 updates#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/Backend/backend-python-deps-9c7df576f0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Updates the requirements on fastapi, uvicorn, selenium, groq, sentence-transformers and numpy to permit the latest version.
Updates fastapi to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

Internal

Commits

Updates uvicorn to 0.47.0

Release notes

Sourced from uvicorn's releases.

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

  • Preserve forwarded client ports in proxy headers middleware (#2903)
  • Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

  • Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

... (truncated)

Commits
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • 6761b2c Remove Hugging Face sponsor block from docs (#2923)
  • 438f648 Surface sponsors on welcome page and sidebar (#2921)
  • 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
  • b499bc4 Eagerly import the ASGI app in the parent process (#2919)
  • Additional commits viewable in compare view

Updates selenium to 4.44.0

Release notes

Sourced from selenium's releases.

Selenium 4.44.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits

Updates groq to 1.2.0

Release notes

Sourced from groq's releases.

v1.2.0

1.2.0 (2026-04-18)

Full Changelog: v1.1.2...v1.2.0

Features

  • internal: implement indices array format for query and form serialization (80ca975)

Bug Fixes

  • client: preserve hardcoded query params when merging with user params (ff12a20)
  • ensure file data are only sent as 1 parameter (f67099c)

Performance Improvements

  • client: optimize file structure copying in multipart requests (22d711f)

Chores

  • tests: bump steady to v0.20.1 (f031213)
  • tests: bump steady to v0.20.2 (66e56a7)
  • tests: bump steady to v0.22.1 (65e6535)

Documentation

Changelog

Sourced from groq's changelog.

1.2.0 (2026-04-18)

Full Changelog: v1.1.2...v1.2.0

Features

  • internal: implement indices array format for query and form serialization (80ca975)

Bug Fixes

  • client: preserve hardcoded query params when merging with user params (ff12a20)
  • ensure file data are only sent as 1 parameter (f67099c)

Performance Improvements

  • client: optimize file structure copying in multipart requests (22d711f)

Chores

  • tests: bump steady to v0.20.1 (f031213)
  • tests: bump steady to v0.20.2 (66e56a7)
  • tests: bump steady to v0.22.1 (65e6535)

Documentation

1.1.2 (2026-03-25)

Full Changelog: v1.1.1...v1.1.2

Bug Fixes

  • deps: bump minimum typing-extensions version (3ef90d5)
  • pydantic: do not pass by_alias unless set (f84dd8c)
  • sanitize endpoint path params (4e57480)

Chores

  • ci: skip lint on metadata-only changes (e34867c)
  • internal: tweak CI branches (5ec9308)
  • internal: update gitignore (29f97bf)
  • tests: bump steady to v0.19.4 (7c9854e)
  • tests: bump steady to v0.19.5 (e3a0370)
  • tests: bump steady to v0.19.6 (001301b)

... (truncated)

Commits

Updates sentence-transformers to 5.5.0

Release notes

Sourced from sentence-transformers's releases.

v5.5.0 - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss

This release ships the train-sentence-transformers Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.

The new train-sentence-transformers Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. EmbedDistillLoss is a new embedding-level knowledge distillation loss for SentenceTransformer: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by MarginMSELoss and DistillKLDivLoss. ADRMSELoss is a new listwise learning-to-rank loss for CrossEncoder from the Rank-DistiLLM paper. encode() and predict() also gain a per-call processing_kwargs override, and more.

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.5.0
Inference only, use one of:
pip install sentence-transformers==5.5.0
pip install sentence-transformers[onnx-gpu]==5.5.0
pip install sentence-transformers[onnx]==5.5.0
pip install sentence-transformers[openvino]==5.5.0
Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.5.0
pip install sentence-transformers[audio]==5.5.0
pip install sentence-transformers[video]==5.5.0
Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.5.0

The train-sentence-transformers Agent Skill (#3752)

If you use an AI coding agent (Claude Code, Codex, Cursor, Gemini CLI, OpenCode, ...), you can now install the train-sentence-transformers Agent Skill and ask your agent to fine-tune a model on your data:

hf skills add train-sentence-transformers              # installs under ./.agents/skills/
hf skills add train-sentence-transformers --global     # installs under ~/.agents/skills/
hf skills add train-sentence-transformers --claude     # also symlinks into .claude/skills/

The skill gives the agent curated, version-aware guidance for training SentenceTransformer (bi-encoder), CrossEncoder (reranker), and SparseEncoder/SPLADE models, covering base model selection, loss and evaluator choice, hard-negative mining, distillation, LoRA, Matryoshka, multilingual training, static embeddings, plus a set of production-ready training template scripts. Then you can prompt your agent with things like:

"Train a multilingual sentence-transformer on Dutch legal pairs."

"Fine-tune a cross-encoder reranker on (question, answer) pairs from my dataset, mine hard negatives, and push to my Hub repo."

"Train a German sparse embedding model with high sparsity."

"Can you train a static embedding model on 100k code triplets?"

The skill lives in the repository under skills/train-sentence-transformers/ and is mirrored to the huggingface/skills marketplace on each release.

New loss: EmbedDistillLoss (#3665)

... (truncated)

Commits
  • f9f3269 Merge branch 'main' into v5.5-release
  • 02dc21d Update index tip for v5.5.0 (#3774)
  • 833828b Release v5.5.0
  • 98ac358 [docs] Load models in float32 in the training examples & docs (#3773)
  • d8ee041 [docs] Use modality-neutral terms (input, document) in loss docs & docstrin...
  • 4c6850e [examples] Avoid LoggingHandler, silence httpx in examples (#3771)
  • 1418823 docs: fix grammar in parallel-sentence-mining README (#3769)
  • 22a383d [docs] Use direct class imports in examples & docs (drop `losses.MSELoss(.....
  • 68e4d61 [fix] Unwrap DDP/torch.compile wrappers in AdaptiveLayerLoss (#3768)
  • 8151750 [fix] Use first non-pad token for CLS pooling with left-padding (#3767)
  • Additional commits viewable in compare view

Updates numpy to 2.4.5

Release notes

Sourced from numpy's releases.

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Aleksei Nikiforov
  • Anarion Zuo +
  • Ankit Ahlawat
  • Breno Favaretto +
  • Charles Harris
  • Igor Krivenko +
  • Ijtihed Kilani +
  • Joren Hammudoglu
  • Maarten Baert +
  • Matti Picus
  • Nathan Goldbaum
  • Praneeth Kodumagulla +
  • Ralf Gommers
  • RoomWithOutRoof +
  • Sebastian Berg
  • Warren Weckesser
  • div +

Pull requests merged

A total of 28 pull requests were merged for this release.

  • #31093: MAINT: Prepare 2.4.x for further development
  • #31182: TYP: fix np.shape assignability issue for python lists (#31171)
  • #31197: ENH: Return rank 0 for empty matrices in matrix_rank (#30422)
  • #31198: CI/BUG: add native jobs for s390x, fix bug in pack_inner...
  • #31199: BUG: f2py map complex_long_double to NPY_CLONGDOUBLE
  • #31205: MAINT: f2py: Stop setting re._MAXCACHE to 50.
  • #31206: BUG: fix heap buffer overflow in timedelta to string casts
  • #31207: MAINT: Rename ppc64le and s390x workflow (#31121)
  • #31208: BUG: Fix matvec/vecmat in-place aliasing (out=input produces...
  • #31209: TYP: tile: accept numpy scalars and arrays as second argument...
  • #31211: DEP: Undo deprecation for np.dtype() signature used by old pickles...
  • #31212: REV: Manual revert of float16 svml use (#31178)
  • #31222: TYP: ix_ fix for boolean and non-1d input (#31218)
  • #31329: BUG: incorrect temp elision for new-style (NEP 43) user-defined...
  • #31330: TYP: fix sliding_window_view axis parameter typing

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

  • Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits
  • 26e8185 Merge pull request #31441 from charris/prepare-2.4.5
  • 573110c REL: Prepare for the NumPy 2.4.5 release.
  • be6123a Merge pull request #31426 from jorenham/backport-31425
  • a286f52 TYP: Fix DTypeLike runtime type-checker support
  • f880727 Merge pull request #31404 from charris/backport-31399
  • 626d469 Merge pull request #31402 from charris/backport-31397
  • a42bd48 Merge pull request #31401 from charris/backport-31396
  • 207ad05 TYP: _NestedSequence type parameter default to work around a mypy issue (#3...
  • 309b637 BUG: exclude pycache directories from wheels (#31397)
  • 8ded93c BUG: Avoid UB in safe_[add,sub,mul] helpers (#31396)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the backend-python-deps group across 1 directory with 6 updates
fac4c96 
Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [selenium](https://github.com/SeleniumHQ/Selenium), [groq](https://github.com/groq/groq-python), [sentence-transformers](https://github.com/huggingface/sentence-transformers) and [numpy](https://github.com/numpy/numpy) to permit the latest version.

Updates `fastapi` to 0.136.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.0...0.136.1)

Updates `uvicorn` to 0.47.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.45.0...0.47.0)

Updates `selenium` to 4.44.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.43.0...selenium-4.44.0)

Updates `groq` to 1.2.0
- [Release notes](https://github.com/groq/groq-python/releases)
- [Changelog](https://github.com/groq/groq-python/blob/main/CHANGELOG.md)
- [Commits](groq/groq-python@v0.28.0...v1.2.0)

Updates `sentence-transformers` to 5.5.0
- [Release notes](https://github.com/huggingface/sentence-transformers/releases)
- [Commits](huggingface/sentence-transformers@v3.0.0...v5.5.0)

Updates `numpy` to 2.4.5
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.4...v2.4.5)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.1
  dependency-type: direct:production
  dependency-group: backend-python-deps
- dependency-name: uvicorn
  dependency-version: 0.47.0
  dependency-type: direct:production
  dependency-group: backend-python-deps
- dependency-name: selenium
  dependency-version: 4.44.0
  dependency-type: direct:production
  dependency-group: backend-python-deps
- dependency-name: groq
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: backend-python-deps
- dependency-name: sentence-transformers
  dependency-version: 5.5.0
  dependency-type: direct:production
  dependency-group: backend-python-deps
- dependency-name: numpy
  dependency-version: 2.4.5
  dependency-type: direct:production
  dependency-group: backend-python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants