Skip to content

chore(deps): bump the all group with 6 updates#19

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-e51756da08
Closed

chore(deps): bump the all group with 6 updates#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-e51756da08

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on agent-framework, agent-framework-devui, agent-framework-orchestrations, fastapi, pytest-cov and uvicorn to permit the latest version.
Updates agent-framework from 1.0.0rc5 to 1.10.0

Release notes

Sourced from agent-framework's releases.

python-1.10.0

[1.10.0] - 2026-06-30

Added

  • agent-framework-core: Explicitly emit available_resources and available_scripts in skill content (#6694)
  • agent-framework-core: Autolabelling MCP servers based on hints and GitHub MCP server interface labels (#6171)
  • agent-framework-core: create_harness_agent skills_paths accepts str | Path | Sequence[str | Path] | None (#6717)
  • agent-framework-core: Background agent loop resolves provider automatically and adds feedback message builder (#6735)
  • agent-framework-core: Stop swallowing skill script and resource errors so the model can self-correct (#6755)
  • agent-framework-foundry: Add FoundryAgent conversation session helper (#6623)
  • agent-framework-foundry: Add support for Foundry Adaptive evals (#6267)
  • agent-framework-bedrock, agent-framework-gemini: Surface cache and reasoning token counts (#6640)
  • agent-framework-durabletask: Host MAF workflows on a standalone Durable Task worker (#6418)
  • agent-framework-azure-ai-search: Support stable and preview Azure AI Search (Foundry IQ) API versions (#6603)
  • agent-framework-github-copilot: Align function approval to use SDK on_pre_tool_use hook (#6750)

Changed

  • agent-framework-core: [BREAKING — experimental] Refactor FileSkillsSource for depth-based discovery and predicate filters (#6488)
  • agent-framework-core: [BREAKING — experimental] Require approval for file-access tools with read-only auto-approval (#6599)
  • agent-framework-core: [BREAKING — experimental] Integrate looping into HarnessAgent (#6607)
  • agent-framework-core: [BREAKING — experimental] Port FileMemoryProvider and integrate into harness agent (#6547)
  • agent-framework-core: [BREAKING — experimental] Make all SkillsProvider tools require approval by default (#6754)
  • agent-framework-core: [BREAKING — experimental] Improve FileAccess/FileMemory harness providers (surgical edits, read-only tier, consistent naming) (#6801)
  • agent-framework-core: Align serialized tool format to OTel GenAI tool definition format (#6556)
  • agent-framework-foundry-hosting: [BREAKING] Foundry Hosted Agent V2 protocol upgrade (#6811)
  • agent-framework-foundry-hosting: Add MCP as a hard dependency (#6634)
  • agent-framework-purview: Prefer token principal for user identity (#6693)
  • agent-framework-ollama: Convert Pydantic model class response_format to JSON schema in OllamaChatClient (#6782)

Fixed

  • agent-framework-core: Fix background agent telemetry context error (#6764)
  • agent-framework-core: Fix MCP metadata and tool name handling (#6656)
  • agent-framework-core: Ensure spans created inside sync preparations in streaming call are correctly nested (#6552)
  • agent-framework-openai: Preserve OTel parent context for deferred streams (#6709)
  • agent-framework-openai: Fix FunctionShellTool throw and empty streaming shell command (#6763)
  • agent-framework-ag-ui: Fix tool history replay sanitization (#6581)
  • agent-framework-anthropic: Re-role trailing assistant message to user for Anthropic compatibility (#6207)
  • agent-framework-hyperlight: Fix CodeAct span parenting (#6712)
  • agent-framework-hyperlight: Harden output capture against symlinks (#6601)

python-1.9.0

[1.9.0] - 2026-06-18

Added

  • agent-framework-core: Add AgentLoopMiddleware for re-running agents in a loop (#6174)
  • agent-framework-core: Integrate tool approval into the harness agent (#6522)
  • agent-framework-core: Add tool approval middleware (#6414)
  • agent-framework-core: Integrate the shell tool into the harness agent (#6451)
  • agent-framework-core: Capture context provider instructions in agent telemetry (#6515)
  • agent-framework-core, agent-framework-ag-ui: Add opt-in AG-UI thread snapshot persistence and hydration (#6471)

... (truncated)

Commits
  • dd29f9a .NET: Hosted Agent Sample - Toolbox with various Auth (#5777) (#6018)
  • a5f4e00 .NET: Fix .NET Copilot integration tests for SDK v1.0.0 (#6424)
  • 3c0c12c .NET: Update release version for 2026-06-10 release and switch GH.CP Agent to...
  • 8dde9ef Python: HarnessAgent: Disable compaction when max tokens not provided (#6410)
  • 93cbf6b Python: Parse MCP CallToolResult.structuredContent field to prevent tool resu...
  • 9a56bc9 Python: [BREAKING] Add sampling guardrails to MCP tools (#6413)
  • cea83bd .NET: Bump Microsoft.Extensions.AI packages to 10.6.0, align transitive depen...
  • 7ae73a6 Remove broken Atomic Agents docs link (#6442)
  • 3daed11 Python: bump package versions for 1.8.1 release (#6420)
  • 5e09727 .NET: Add Foundry Deployment docs to HA sample READMEs (#6365)
  • Additional commits viewable in compare view

Updates agent-framework-devui from 1.0.0b260319 to 1.0.0b260630

Release notes

Sourced from agent-framework-devui's releases.

python-devui-1.0.0b260414

[devui-1.0.0b260414] - 2026-04-14

Fixed

  • agent-framework-devui: Fix streaming memory growth in DevUI frontend (#5221)

dotnet-1.0.0-preview.260209.1

What's Changed

Full Changelog: microsoft/agent-framework@dotnet-1.0.0-preview.260205.1...dotnet-1.0.0-preview.260209.1

dotnet-1.0.0-preview.260205.1

What's Changed

Full Changelog: microsoft/agent-framework@dotnet-1.0.0-preview.260128.1...dotnet-1.0.0-preview.260205.1

dotnet-1.0.0-preview.260128.1

What's Changed

Full Changelog: microsoft/agent-framework@dotnet-1.0.0-preview.260127.1...dotnet-1.0.0-preview.260128.1

dotnet-1.0.0-preview.260127.1

What's Changed

... (truncated)

Commits

Updates agent-framework-orchestrations from 1.0.0b260319 to 1.0.0

Release notes

Sourced from agent-framework-orchestrations's releases.

dotnet-1.0.0

Changes:

  • c798cb7a2ecd675c898db84931fb700060bceb77 release: Mark Handoff Orchestrations Experimental (#5065)
  • 524c0216e45a1b6e09b3e2816321c23a4ef57962 .NET: Update release versions (#5059)
  • 281661e4097868f75cef5219353b1ddb3106a081 .NET: Remove timeout from InputWait in OffThread execution (#4996)
  • b0613a8cebdee0e67f81acb1553d9cc1f9318c2b .NET: Bump Azure.AI.Projects to 2.0.0 GA (#5060)
  • 79b38040e8193aa9abf06a7b2f31d69f551af0af fix: Update Google.GenAI to verison compatible with M.E.AI 10.4.0+ (#5061)
  • a356a165681d0ecd3583250aeff2159820269ce8 .NET: Remove OpenAIAssistantClientExtensions class (#5058)
  • 628bb1af48ea264d17147f30190c1e745da309f7 .NET: Rename Microsoft.Agents.AI.AzureAI to Microsoft.Agents.AI.Foundry and consolidate FoundryMemory (#5042)
  • 15e435b47237b2d5f246df1cae28701e2d3780fa Fix telemetry sample bug (#5037)
  • 38de9914815833f7e06644c516dfef53853b3785 .NET: Fix RequestInfoEvent lost when resuming workflow from checkpoint (#4955)
  • 25696a72dca5f1c07917076b5ad2d0520f89b3bb .NET: Replace Azure Foundry/Azure AI Foundry with Microsoft Foundry in .NET samples (#5032)
  • 2cb78ea12e20ffcd102b00c0f42a23f53a32df21 fix and unify devui samples (#5025)
  • acaadc9c45702325b0ffb71009f8a558b114a9c9 .NET: Add a verify-samples tool and skill (#5005)
  • 34329840e1db8bb67c5bc010fedca2426dddacae Add Neo4j GraphRAG samples (#4994)
  • 2a8c3e2dcf4b7c90df844c18c5b8190b63e48b82 fixes to azure ai search init, samples (#5021)
  • 9c9d81d8b6bc2189fbfc6241f0cad81ad04c0848 .NET: Improve README: architecture overview, troubleshooting, and sample links (#5002)
  • 47a8a305d216f17255279d0a51a488addbb2e676 Fix environment variable set statement in py DEV_SETUP (#5006)
  • 6e7254bba7abbee9b89b73df869074492f7d63df .NET: [BREAKING] Rename from ServiceStoredSimulatingChatClient to PerServiceCallChatHistoryPersistingChatClient (#4993)
  • 3d09337446c61fc97dbcf1c52dd7abf021c10669 Update project name from 'Semantic Kernel' to 'Agent Framework' (#5001)
  • 3c727b5b71298a0971a97a22500dac65318bccf1 Improve CONTRIBUTING.md with dev setup links and docs guidance (#5000)
  • 3f964c4cdb00766bfdaed24311d67611302399c5 Removing old code-gen docs from dotnet root (#4997)

This list of changes was auto generated.

python-1.0.0

[1.0.0] - 2026-04-02

[!IMPORTANT] For any breaking changes & updates, please view this migration guide.

Added

  • repo: Add PACKAGE_STATUS.md to track lifecycle status of all Python packages (#5062)

Changed

  • agent-framework, agent-framework-core, agent-framework-openai, agent-framework-foundry: [BREAKING] Promote from 1.0.0rc6 to 1.0.0 (Production/Stable) (#5062)
  • agent-framework-core, agent-framework-openai, agent-framework-foundry: [BREAKING] Dependency floors now require released >=1.0.0,<2 packages, breaking compatibility with older RC installs (#5062)
  • agent-framework-a2a, agent-framework-ag-ui, agent-framework-anthropic, agent-framework-azure-ai-search, agent-framework-azure-cosmos, agent-framework-azurefunctions, agent-framework-bedrock, agent-framework-chatkit, agent-framework-claude, agent-framework-copilotstudio, agent-framework-declarative, agent-framework-devui, agent-framework-durabletask, agent-framework-foundry-local, agent-framework-github-copilot, agent-framework-lab, agent-framework-mem0, agent-framework-ollama, agent-framework-orchestrations, agent-framework-purview, agent-framework-redis: Bump beta versions from 1.0.0b260330 to 1.0.0b260402 (#5062)
  • docs: Update install instructions to drop --pre flag for released packages (#5062)

Removed

  • agent-framework-core: [BREAKING] Remove deprecated BaseContextProvider and BaseHistoryProvider aliases (#5062)
  • agent-framework-core: [BREAKING] Remove deprecated text parameter from Message constructor (#5062)

... (truncated)

Commits

Updates fastapi to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates pytest-cov to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

  • Dropped support for subprocesses measurement.

    It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

    To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

    .. code-block:: ini

    [run] patch = subprocess

    This release also requires at least coverage 7.10.6.

  • Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

  • Removed some not really necessary testing deps like six.

... (truncated)

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates uvicorn to 0.51.0

Release notes

Sourced from uvicorn's releases.

Version 0.51.0

What's Changed

Full Changelog: Kludex/uvicorn@0.50.2...0.51.0

Changelog

Sourced from uvicorn's changelog.

0.51.0 (July 8, 2026)

Added

  • Restart workers one at a time on SIGHUP, bringing each replacement up before retiring the old worker, so reloads no longer drop requests (#3025)

Removed

  • Remove colorama from the standard extra (#3027)

0.50.2 (July 6, 2026)

Fixed

  • Require websockets>=13.0, which the default websockets-sansio implementation needs (#3021)

0.50.1 (July 6, 2026)

Fixed

  • Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansio implementation (#3019)

0.50.0 (July 4, 2026)

If you use WebSockets, note that --ws auto now picks the websockets-sansio implementation. You shouldn't need it, but you can pin --ws websockets to get the deprecated legacy one back.

Changed

  • Exit with the dedicated code 3 on any startup failure: app loading, socket bind and lifespan startup errors previously exited with a mix of 0, 1 and 3 (#3001)
  • Stop the multiprocess supervisor when a worker exits with code 3 instead of restarting it forever (#3001)
  • Default --ws auto to websockets-sansio when websockets is installed (#2985)
  • Skip the eager app import in the parent process with --reload or --workers, fixing a memory regression introduced in 0.47.0 (#3012)
  • Build a fresh asgi scope dict per request (#2977)
  • Cache the asgi scope sub-dict per connection (#2976)
  • Avoid copying single-frame WebSocket payloads in websockets-sansio (#2983)
  • Memoize trusted host checks in ProxyHeadersMiddleware (#2970)
  • Replace click.style with an internal ANSI style helper (#2981)

Deprecated

  • Deprecate the legacy websockets implementation; use websockets-sansio or wsproto instead (#2985)

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

... (truncated)

Commits
  • e4d0b05 Version 0.51.0 (#3028)
  • 944e43d Remove colorama from the standard extra (#3027)
  • 2e78770 Restart workers with overlap on SIGHUP for near-zero-downtime reloads (#3025)
  • a1b570c Version 0.50.2 (#3022)
  • 83c7da7 Require websockets>=13.0 for the default sansio implementation (#3021)
  • b4d0116 Version 0.50.1 (#3020)
  • 2a9151d Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansi...
  • 1bf3ab4 Cover the excluded-directory branch in FileFilter with a direct test (#3014)
  • 837b5f9 Deflake multiprocess, reload, and signal supervisor tests (#2975)
  • 21d2c16 Version 0.50.0 (#3013)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [agent-framework](https://github.com/microsoft/agent-framework), [agent-framework-devui](https://github.com/microsoft/agent-framework), [agent-framework-orchestrations](https://github.com/microsoft/agent-framework), [fastapi](https://github.com/fastapi/fastapi), [pytest-cov](https://github.com/pytest-dev/pytest-cov) and [uvicorn](https://github.com/Kludex/uvicorn) to permit the latest version.

Updates `agent-framework` from 1.0.0rc5 to 1.10.0
- [Release notes](https://github.com/microsoft/agent-framework/releases)
- [Commits](microsoft/agent-framework@python-1.0.0rc5...dotnet-1.10.0)

Updates `agent-framework-devui` from 1.0.0b260319 to 1.0.0b260630
- [Release notes](https://github.com/microsoft/agent-framework/releases)
- [Commits](https://github.com/microsoft/agent-framework/commits)

Updates `agent-framework-orchestrations` from 1.0.0b260319 to 1.0.0
- [Release notes](https://github.com/microsoft/agent-framework/releases)
- [Commits](https://github.com/microsoft/agent-framework/commits/dotnet-1.0.0)

Updates `fastapi` to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.133.0...0.139.0)

Updates `pytest-cov` to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v5.0.0...v7.1.0)

Updates `uvicorn` to 0.51.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.51.0)

---
updated-dependencies:
- dependency-name: agent-framework
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: agent-framework-devui
  dependency-version: 1.0.0b260630
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: agent-framework-orchestrations
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: uvicorn
  dependency-version: 0.51.0
  dependency-type: direct:production
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 9, 2026
@OgeonX-Ai

Copy link
Copy Markdown
Contributor

Closing because this grouped update is unsatisfiable: agent-framework-devui currently declares fastapi < 0.138.1, while this PR requires FastAPI 0.139.0. Replacement PR #20 records the bound in Dependabot so it does not recur. Reopen only after the Microsoft Agent Framework DevUI package raises its FastAPI ceiling.

@OgeonX-Ai OgeonX-Ai closed this Jul 10, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/pip/all-e51756da08 branch July 10, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant