Skip to content

chore(deps)(deps): bump the adk-demo-safe group across 1 directory with 6 updates#147

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python/examples/adk-demo/adk-demo-safe-2f55855e8c
Open

chore(deps)(deps): bump the adk-demo-safe group across 1 directory with 6 updates#147
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python/examples/adk-demo/adk-demo-safe-2f55855e8c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the adk-demo-safe group with 4 updates in the /python/examples/adk-demo directory: click, uvicorn, web3 and ruff.

Updates click from 8.2.1 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32

  • get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
  • Zsh completion scripts parse correctly on Windows. #3277 # 3466
  • Shell completion of Choice Enum values produces a valid completion result. #3015
  • Fix empty byte-string handling in echo. #3487
  • Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

  • ParamType typing improvements. #3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

  • Parameter typing improvements. #2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

  • get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
  • Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
  • Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
  • Fix empty byte-string handling in echo. {issue}3487 {pr}3493
  • Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
  • Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478

Version 8.4.0

Released 2026-05-17

  • {class}ParamType typing improvements. {pr}3371

    • {class}ParamType is now a generic abstract base class, parameterized by its converted value type.
    • {meth}~ParamType.convert return types are narrowed on all concrete types (str for {class}STRING, int for {class}INT, etc.).
    • {meth}~ParamType.to_info_dict returns specific {class}~typing.TypedDict subclasses instead of dict[str, Any].
    • {class}CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add {func}typing.overload signatures. {pr}3372

  • {class}Parameter typing improvements. {pr}2805

    • {class}Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • {attr}Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of {meth}Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or {class}Tuple type, matching environment variable behavior. {issue}2745 {pr}3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types

... (truncated)

Commits
  • 6eeb50e release version 8.4.1
  • 67921d5 change log and doc fixes (#3495)
  • 9c41f46 Fix changelog and version admonitions
  • 6cb3477 fix skip condition
  • 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
  • becbde5 pager doesn't close std streams
  • a5f5aa6 Handle empty bytes in echo (#3493)
  • 4d3db84 handle empty bytes in echo
  • d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
  • 0baa8db Document ctx.params bypass with test and doc
  • Additional commits viewable in compare view

Updates uvicorn from 0.35.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates web3 from 7.10.0 to 7.16.0

Changelog

Sourced from web3's changelog.

web3.py v7.16.0 (2026-05-01)

Bugfixes


- Fixed ``ens.utils.is_none_or_zero_address`` not detecting bytes-form zero addresses (``b"\x00" * 20``) — the function compared against the hex string ``EMPTY_ADDR_HEX`` only, even though its signature accepts ``Address`` (which is ``bytes``). This caused ``ens.address(name, coin_type=N)`` to return the zero-address checksum string instead of ``None`` when the resolver recorded a zero address. (`[#3830](https://github.com/ethereum/web3.py/issues/3830) <https://github.com/ethereum/web3.py/issues/3830>`__)

Features

  • ENS read operations now use the Universal Resolver (0xeEeEEEeE14D718C2B47D9923Deab1335E144EeEe) instead of querying the ENS Registry directly, aligning with ENSv2 readiness requirements. ([#3830](https://github.com/ethereum/web3.py/issues/3830) <https://github.com/ethereum/web3.py/issues/3830>__)

web3.py v7.15.0 (2026-04-02)

Features


- Added configurations for CCIP-Read, defaulting to a more secure configuration based on the EIP recommendations. (`[#3818](https://github.com/ethereum/web3.py/issues/3818) <https://github.com/ethereum/web3.py/issues/3818>`__)

web3.py v7.14.1 (2026-02-03)

Bugfixes

  • Wrap timeout in ClientTimeout for AsyncBeacon post request ([#3784](https://github.com/ethereum/web3.py/issues/3784) <https://github.com/ethereum/web3.py/issues/3784>__)
  • Fix HTTPProvider to share an explicitly provided session across all threads, rather than only the creating thread. ([#3800](https://github.com/ethereum/web3.py/issues/3800) <https://github.com/ethereum/web3.py/issues/3800>__)
  • Fix TypedDict field names to use camelCase (validatorIndex, yParity) matching JSON-RPC conventions and formatter outputs. ([#3801](https://github.com/ethereum/web3.py/issues/3801) <https://github.com/ethereum/web3.py/issues/3801>__)
  • Exclude type checking in Sphinx module and submodules ([#3803](https://github.com/ethereum/web3.py/issues/3803) <https://github.com/ethereum/web3.py/issues/3803>__)

Improved Documentation


- Added documentation for formatters explaining how they work, what the default formatters do, and how to customize them. (`[#2994](https://github.com/ethereum/web3.py/issues/2994) <https://github.com/ethereum/web3.py/issues/2994>`__)

Internal Changes - for web3.py Contributors

  • Upgrade geth version in CI ([#3787](https://github.com/ethereum/web3.py/issues/3787) <https://github.com/ethereum/web3.py/issues/3787>__)

web3.py v7.14.0 (2025-10-16)

... (truncated)

Commits
  • efbc6eb Bump version: 7.15.0 → 7.16.0
  • abc0594 Compile release notes for v7.16.0
  • 72898a2 feat(ens): use Universal Resolver for ENS resolution (#3822) (#3830)
  • cf051a7 Bump version: 7.14.1 → 7.15.0
  • 10fe633 Compile release notes for v7.15.0
  • b45343d fix: linting related to backporting from main (py38 and py39)
  • fe17ccb update newsfragment for v7 PR
  • d2e5294 doc: add documentation for CCIP-Read updates
  • d62e67d feat: added restrictions on CCIP read durin calls
  • ea5e072 Bump version: 7.14.0 → 7.14.1
  • Additional commits viewable in compare view

Updates cdp-sdk from 1.32.0 to 1.47.1

Changelog

Sourced from cdp-sdk's changelog.

[1.47.1] - 2026-06-18

Bugfixes

  • Added paymasterContext and expiresAt for UserOperation methods (#730)

[1.47.0] - 2026-05-28

Features

[1.46.0] - 2026-05-21

Features

  • Added idempotency_key parameter to all end user client and account operation methods for safe request retries. (#713)

[1.45.2] - 2026-05-20

Bugfixes

  • Add missing /embedded-wallet-api/ path check to wallet auth header generation, ensuring X-Wallet-Auth is sent for all embedded wallet API operations (#fix-wallet-auth-embedded-wallet-api)

[1.45.1] - 2026-05-12

Bugfixes

  • Bumped API spec and re-generated clients (#700)

[1.45.0] - 2026-05-11

Features

  • Add support for SendEndUserEvmAsset, SendEndUserSolAsset, and CreateEndUserEvmSwap policy rules and criteria (#publicize-end-user-policy-rules)
  • Added account-scoped delegation methods to EndUserAccount: get_delegation_for_account and revoke_delegation_for_account (#689)

[1.44.0] - 2026-04-22

Features

  • Add get_delegation method to EndUserClient for retrieving active delegation details (#get-delegation)

... (truncated)

Commits
  • 0767031 chore: bump cdp-sdk to 1.47.1 (#735)
  • d0dd488 Update OpenAPI specification and generated code (#730)
  • 0e840d1 chore: bump all SDKs — TS 1.51.0, Python 1.47.0, Rust 0.7.0, Java 0.6.0 (#719)
  • 73197ee feat(CDPSDK-2731): update all SDK's to latest spec, add SendEndUserOperationR...
  • a6be935 chore: bump @​coinbase/cdp-sdk to 1.50.0 and cdp-sdk (Python) to 1.46.0 (#714)
  • db0adb8 feat: add idempotencyKey to all end user operation methods (#713)
  • 140830b chore: bump cdp-sdk to Python 1.45.2, Rust 0.6.0, Java 0.5.0 (#712)
  • 616cd80 fix(python,rust): add missing path checks to requires_wallet_auth (#711)
  • 864c0a4 chore: bump @​coinbase/cdp-sdk to 1.49.1 and cdp-sdk to 1.45.1 (#700)
  • 855875b chore: bump openapi spec and regenerate all clients (#697) (#699)
  • Additional commits viewable in compare view

Updates x402-a2a from 1.0.0 to 0.1.0

Updates ruff from 0.13.1 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 6 updates

Bumps the adk-demo-safe group with 4 updates in the /python/examples/adk-demo directory: [click](https://github.com/pallets/click), [uvicorn](https://github.com/Kludex/uvicorn), [web3](https://github.com/ethereum/web3.py) and [ruff](https://github.com/astral-sh/ruff).


Updates `click` from 8.2.1 to 8.4.1
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.2.1...8.4.1)

Updates `uvicorn` from 0.35.0 to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.35.0...0.49.0)

Updates `web3` from 7.10.0 to 7.16.0
- [Changelog](https://github.com/ApeWorX/web3.py/blob/v7.16.0/docs/release_notes.rst)
- [Commits](ApeWorX/web3.py@v7.10.0...v7.16.0)

Updates `cdp-sdk` from 1.32.0 to 1.47.1
- [Changelog](https://github.com/coinbase/cdp-sdk/blob/main/python/CHANGELOG.md)
- [Commits](https://github.com/coinbase/cdp-sdk/compare/cdp-sdk@v1.32.0...cdp-sdk@v1.47.1)

Updates `x402-a2a` from 1.0.0 to 0.1.0

Updates `ruff` from 0.13.1 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.13.1...0.15.18)

---
updated-dependencies:
- dependency-name: click
  dependency-version: 8.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: adk-demo-safe
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: adk-demo-safe
- dependency-name: web3
  dependency-version: 7.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: adk-demo-safe
- dependency-name: cdp-sdk
  dependency-version: 1.47.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: adk-demo-safe
- dependency-name: x402-a2a
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: adk-demo-safe
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: adk-demo-safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 6, 2026 04:31
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: example, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants