chore(deps): bump the python-minor-patch group in /python with 8 updates

[dependabot]

Bumps the python-minor-patch group in /python with 8 updates:

Package	From	To
ruff	0.15.13	0.15.14
uvicorn	0.47.0	0.48.0
openai	2.37.0	2.38.0
fastapi	0.136.1	0.136.3
boto3	1.43.9	1.43.14
langgraph	1.2.0	1.2.1
openai-agents	0.17.2	0.17.3
langchain-openai	1.2.1	1.2.2

Updates ruff from 0.15.13 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates uvicorn from 0.47.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

Commits

• 73e84e5 Version 0.48.0 (#2951)
• 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
• dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
• abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
• See full diff in compare view

Updates openai from 2.37.0 to 2.38.0

Release notes

Sourced from openai's releases.

v2.38.0

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Changelog

Sourced from openai's changelog.

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Commits

• e757667 release: 2.38.0
• b85b647 feat(api): api update
• d881c67 Revert "chore: check release PR custom code sync"
• d4a3228 chore: check release PR custom code sync
• 4888838 chore: remove release automation trigger
• 74978f0 chore: trigger release automation
• bab18af chore(api): docs updates
• a6f899a feat(api): manual updates
• 2897485 feat(api): update OpenAPI spec or Stainless config
• a2f1d6c codegen metadata
• Additional commits viewable in compare view

Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

• ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

• 📝 Document --entrypoint CLI option. PR #15464 by @​YuriiMotov.
• 📝 Update and simplify docs about help and management. PR #15583 by @​tiangolo.
• 📝 Add docs references to central contributing docs. PR #15580 by @​tiangolo.
• 📝 Update security policy. PR #15577 by @​tiangolo.
• 🍱 Update sponsors: TalorData image. PR #15562 by @​tiangolo.
• 📝 Update docs, simplify usage of admonitions, only default ones. PR #15553 by @​tiangolo.
• 📝 Fix image URLs in index.md. PR #15534 by @​YuriiMotov.
• ✏️ Fix Azkaban spelling typo in virtual-environments.md‎. PR #15463 by @​isaacbernat.
• 💄 Improve layout and styling. PR #15462 by @​alejsdev.
• 💄 Refactor opinions section with interactive tabs and new logos. PR #15458 by @​alejsdev.
• 📝 Add FastAPI Conf '26 announcement to docs. PR #15457 by @​alejsdev.

Translations

• 🌐 Improve translation consistency in ‎docs/pt/docs/advanced/generate-clients.md‎. PR #15456 by @​Will-thom.
• 🌐 Update translations for ja (update-outdated). PR #15530 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15529 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15528 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15527 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15526 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15525 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15524 by @​tiangolo.
• 🌐 Update translations for fr (update-outdated). PR #15522 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15523 by @​tiangolo.
• 🌐 Update translations for zh (update-outdated). PR #15520 by @​tiangolo.
• 🌐 Update translations for ru (update-outdated). PR #15521 by @​tiangolo.
• 🌐 Fix typos in Spanish LLM-prompt. PR #15472 by @​crr004.

Internal

• ✅ Update tests, don't double dispose the engine. PR #15587 by @​tiangolo.
• ⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR #13583 by @​dikos1337.
• 🔥 Remove config files now in central GitHub repo. PR #15585 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #15502 by @​dependabot[bot].
• ⬆ Bump idna from 3.11 to 3.15. PR #15565 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR #15571 by @​dependabot[bot].
• 🔧 Migrate docs from MkDocs to Zensical. PR #15563 by @​tiangolo.
• 🔒️ Only allow team members to modify dependencies. PR #15548 by @​svlandeg.

... (truncated)

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates boto3 from 1.43.9 to 1.43.14

Commits

• 07953b0 Merge branch 'release-1.43.14'
• 25c77c3 Bumping version to 1.43.14
• 5e64afc Add changelog entries from botocore
• 97921f4 Merge branch 'release-1.43.13'
• 4e58a35 Merge branch 'release-1.43.13' into develop
• 1307ac2 Bumping version to 1.43.13
• c75c901 Add changelog entries from botocore
• d3f2433 Merge branch 'release-1.43.12'
• d5eddf9 Merge branch 'release-1.43.12' into develop
• 93f3a42 Bumping version to 1.43.12
• Additional commits viewable in compare view

Updates langgraph from 1.2.0 to 1.2.1

Release notes

Sourced from langgraph's releases.

langgraph==1.2.1

Changes since 1.2.0

• release(langgraph): 1.2.1 (#7883)
• feat(langgraph): add before_builtins opt-in for stream transformers (#7882)
• chore(deps): bump idna from 3.11 to 3.15 in /libs/langgraph (#7866)
• fix(langgraph): keep tool results out of v3 messages (#7838)
• chore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/langgraph (#7788)

Commits

• bf7fec0 release(langgraph): 1.2.1 (#7883)
• 8215a9d feat(langgraph): add before_builtins opt-in for stream transformers (#7882)
• aa322c1 chore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/checkpoint-sqlite (...
• d631912 chore(deps): bump idna from 3.11 to 3.15 in /libs/prebuilt (#7864)
• 9b0864a chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint-sqlite (#7862)
• e68726d chore(deps): bump turbo from 2.9.7 to 2.9.14 in /libs/cli/js-monorepo-example...
• a459020 chore(deps): bump idna from 3.11 to 3.15 in /libs/langgraph (#7866)
• 5d3f11e chore(deps): bump idna from 3.11 to 3.15 in /libs/sdk-py (#7863)
• 37dc5c1 chore(deps): bump idna from 3.13 to 3.15 in /libs/checkpoint-conformance (#7867)
• ea44df3 fix(langgraph): keep tool results out of v3 messages (#7838)
• Additional commits viewable in compare view

Updates openai-agents from 0.17.2 to 0.17.3

Release notes

Sourced from openai-agents's releases.

v0.17.3

What's Changed

• fix: keep mountpoint credentials out of sandbox commands by @​seratch in openai/openai-agents-python#3429
• fix: unify memory optional dependency import errors by @​seratch in openai/openai-agents-python#3389
• fix: guard None text in text_message_output and add output guardrail count to RunErrorDetails by @​zhoufengen in openai/openai-agents-python#3375
• fix: avoid mutating FunctionTool params_json_schema by @​ioleksiuk in openai/openai-agents-python#3382
• fix: avoid mutating codex output schema input by @​ioleksiuk in openai/openai-agents-python#3385
• fix: #3357 output schema names for Literal types by @​Aphroq in openai/openai-agents-python#3358
• fix: skip wait_for_status when Vercel sandbox is in a terminal state by @​cty-ut in openai/openai-agents-python#3410
• fix: filter hosted_tool_call types in remove_all_tools handoff filter by @​ioleksiuk in openai/openai-agents-python#3386
• fix: guard None text in ItemHelpers.extract_last_content by @​ioleksiuk in openai/openai-agents-python#3394
• fix: log exception when output guardrail raises instead of silently ignoring by @​cty-ut in openai/openai-agents-python#3411
• fix: reject relative sandbox workspace roots by @​matthewflint in openai/openai-agents-python#3422
• fix: normalize leading question marks in exposed port queries by @​matthewflint in openai/openai-agents-python#3424
• fix: #3363 honor short custom voice splitter chunks by @​Aphroq in openai/openai-agents-python#3364
• fix: runtime handling updates by @​adrianbravo-oai @​ioleksiuk in openai/openai-agents-python#3451

Documentation & Other Changes

• docs: add SDK review guidance by @​seratch in openai/openai-agents-python#3376
• docs: mark Agent.instructions as optional by @​ioleksiuk in openai/openai-agents-python#3384
• docs: translate all pages using new settings by @​seratch in openai/openai-agents-python#3392
• docs: document auto_previous_response_id by @​ioleksiuk in openai/openai-agents-python#3383
• docs: fix LiteLLM API reference redirect by @​ynachiket in openai/openai-agents-python#3444
• docs: fix duplicated word in usaspending glossary example by @​LeSingh1 in openai/openai-agents-python#3445
• chore: clean up CI jobs and update uv pin by @​seratch in openai/openai-agents-python#3400
• ci: harden release tag workflow by @​hintz-openai in openai/openai-agents-python#3399
• Release 0.17.3 by @​github-actions[bot] in openai/openai-agents-python#3417

New Contributors

• @​zhoufengen made their first contribution in openai/openai-agents-python#3375
• @​hintz-openai made their first contribution in openai/openai-agents-python#3399
• @​cty-ut made their first contribution in openai/openai-agents-python#3410
• @​ynachiket made their first contribution in openai/openai-agents-python#3444
• @​LeSingh1 made their first contribution in openai/openai-agents-python#3445
• @​adrianbravo-oai made their first contribution in openai/openai-agents-python#3451

Full Changelog: openai/openai-agents-python@v0.17.2...v0.17.3

Commits

• 17f7cae Release 0.17.3 (#3417)
• f6ba91b Runtime handling updates (#3451)
• 65774ce docs: fix duplicated word in usaspending glossary example (#3445)
• 13d1815 docs: re-fix #3444
• 41fe113 docs: fix LiteLLM API reference redirect (#3444)
• 4970fd6 fix: keep mountpoint credentials out of sandbox commands (#3429)
• 4bd459e fix: #3363 honor short custom voice splitter chunks (#3364)
• e37b3d2 fix: normalize leading question marks in exposed port queries (#3424)
• 94523f9 fix: reject relative sandbox workspace roots (#3422)
• cb0461d fix: log exception when output guardrail raises instead of silently ignoring ...
• Additional commits viewable in compare view

Updates langchain-openai from 1.2.1 to 1.2.2

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.2.2

Changes since langchain-openai==1.2.1

release(openai): 1.2.2 (#37617) chore(infra): bump langchain-tests floor to 1.1.9 (#37610) test(openai): unbreak audio chat and Azure embedding integration tests (#37589) fix(openai): guard httpx finalizers (#37570) chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (#37549) chore: bump idna from 3.11 to 3.15 in /libs/partners/openai (#37548) ci(infra): harden Dependabot version-bound preservation (#37510) test(standard-tests): assert ls_model_name honors per-call model override (#37504) fix(openai): source LLM context size from model profiles (#37489) chore(core,langchain,openai): refresh stale OpenAI model references (#37487) fix(openai): broaden condition for ContextOverflowError to accommodate other providers (#37457) docs(openai): document base_url env var fallback chain (#37436) chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (#37416) chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (#37398) chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (#37330) chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/openai (#37266) chore(docs): update x handle references (#37081) chore(model-profiles): refresh model profile data (#37074) chore(docs): update comment for chatopenai (#37034) chore(model-profiles): refresh model profile data (#37015)

Commits

• a1e2daf release(openai): 1.2.2 (#37617)
• 9e21348 fix(openai): guard httpx finalizers against uninitialized instances (#37568)
• 74cecb4 ci(infra): expand integration tests dispatch dropdown to external partners (#...
• 269d628 fix(standard-tests): recognize parametrize-nested xfails in override check (#...
• 23d369e test(xai): tolerate extra block types in web search and xfail v1 streaming to...
• aef86c4 chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
• ebc1880 release(standard-tests): 1.1.9 (#37609)
• 22575ad test(standard-tests): allow extra content blocks in streaming assertions (#37...
• 1aa4496 feat(langchain): register stream transformers on middleware (#37591)
• d2931d8 release(fireworks): 1.4.1 (#37603)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.