Skip to content

security(deps): bump the dataviewer-dependencies group across 1 directory with 5 updates#464

Merged
WilliamBerryiii merged 2 commits into
mainfrom
dependabot/uv/data-management/viewer/dataviewer-dependencies-0190124bbe
Apr 15, 2026
Merged

security(deps): bump the dataviewer-dependencies group across 1 directory with 5 updates#464
WilliamBerryiii merged 2 commits into
mainfrom
dependabot/uv/data-management/viewer/dataviewer-dependencies-0190124bbe

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Bumps the dataviewer-dependencies group with 5 updates in the /data-management/viewer directory:

Package From To
pydantic 2.12.5 2.13.0
python-multipart 0.0.24 0.0.26
ruff 0.15.9 0.15.10
huggingface-hub 1.9.1 1.10.1
ultralytics 8.4.34 8.4.37

Updates pydantic from 2.12.5 to 2.13.0

Release notes

Sourced from pydantic's releases.

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

What's Changed

Packaging

New Features

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

v2.13.0b3 (2026-03-31)

GitHub release

What's Changed

New Features

Changes

... (truncated)

Commits

Updates python-multipart from 0.0.24 to 0.0.26

Release notes

Sourced from python-multipart's releases.

Version 0.0.26

What's Changed

Full Changelog: Kludex/python-multipart@0.0.25...0.0.26

Version 0.0.25

What's Changed

Full Changelog: Kludex/python-multipart@0.0.24...0.0.25

Changelog

Sourced from python-multipart's changelog.

0.0.26 (2026-04-10)

  • Skip preamble before the first multipart boundary more efficiently #262.
  • Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

  • Add MIME content type info to File #143.
  • Handle CTE values case-insensitively #258.
  • Remove custom FormParser classes #257.
  • Add UPLOAD_DELETE_TMP to FormParser config #254.
  • Emit field_end for trailing bare field names on finalize #230.
  • Handle multipart headers case-insensitively #252.
  • Apply Apache-2.0 properly #247.
Commits

Updates ruff from 0.15.9 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Commits
  • 252f761 Bump 0.15.10 (#24519)
  • 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
  • f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
  • 16c4090 docs: fix JSON typo in settings example (#24517)
  • 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
  • 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
  • d8bc700 LSP: Add support for custom extensions (#24463)
  • a45f96d [ty] stop special-casing str constructor (#24514)
  • 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
  • e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
  • Additional commits viewable in compare view

Updates huggingface-hub from 1.9.1 to 1.10.1

Release notes

Sourced from huggingface-hub's releases.

[v1.10.1] Fix copy file to folder

  • Fix copy file to folder (#4075)
  • [CLI ]Improving a bit hf CLI discoverability (#4079)
  • Support kernels in list_liked_repos (#4078)

Full Changelog: huggingface/huggingface_hub@v1.10.0...v1.10.1

[v1.10.0] Instant file copy and new Kernel repo type

📁 Instant file copy between Buckets and Repositories

This release introduces server-side file copy operations that let you move data between Hugging Face storage without downloading and re-uploading. You can now copy files from one Bucket to another, from a repository (model, dataset, or Space) to a Bucket, or between Buckets — all without bandwidth costs. Files tracked with Xet are copied directly by hash (no data transfer), while small text files not tracked with Xet are automatically downloaded and re-uploaded.

>>> from huggingface_hub import copy_files
Bucket to bucket (same or different bucket)
>>> copy_files(
...     "hf://buckets/username/source-bucket/checkpoints/model.safetensors",
...     "hf://buckets/username/destination-bucket/archive/model.safetensors",
... )
Repo to bucket
>>> copy_files(
...     "hf://datasets/username/my-dataset/processed/",
...     "hf://buckets/username/my-bucket/datasets/processed/",
... )

The same capability is available in the CLI:

# Bucket to bucket
>>> hf buckets cp hf://buckets/username/source-bucket/logs/ hf://buckets/username/archives/logs/
Repo to bucket
>>> hf buckets cp hf://datasets/username/my-dataset/data/train/ hf://buckets/username/my-bucket/datasets/train/

Note that copying files from a Bucket to a Repository is not yet supported.

📚 Documentation: Buckets guide

⚛️ Introducing Kernel repositories

[!TIP] For building, publishing, and using kernel repos, please use the dedicated kernels package.

... (truncated)

Commits
  • 25b5d2e Release: v1.10.1
  • 7333d35 Support kernels in list_liked_repos (#4078)
  • ea5051f [CLI ]Improving a bit hf CLI discoverability (#4079)
  • f86e165 Fix copy file to folder (#4075)
  • 942d4fa Release: v1.10.0
  • 33a205a Release: v1.10.0.rc1
  • 459757b Release: v1.10.0.rc0
  • 035acb3 [Kernels] Minimal kernel repo type support (create/delete, download files, li...
  • d82a7f7 [CLI] [API] Add HfApi.copy_files method to copy files remotely and update '...
  • 3a8ee52 Add live Slack notifications to release workflow (#4046)
  • Additional commits viewable in compare view

Updates ultralytics from 8.4.34 to 8.4.37

Commits
  • bed8778 ultralytics 8.4.37 NDJSON-based multidataset hyperparameter tuning (#24192)
  • 9a0962d improve trainer callbacks docs with precise descriptions (#24122)
  • 564f3bb ultralytics 8.4.37 NDJSON-based multidataset hyperparameter tuning (#24179)
  • 1515240 replace journey diagram with interactive workflow graph on platform quickstar...
  • add03bb Fix HUB training regression for local zip datasets (#24185)
  • 2283438 Simplify engine resume tests (#24183)
  • cf95678 docs: update OpenVINO notebook links to YOLO26 optimization (#24182)
  • 99bee2f Label Docs non-text code fences (#24176)
  • b182119 docs: fix wrong weights in segment and obb .load() examples (#24180)
  • e5eee3e Fix benchmark verbose for Dockerfile-nvidia-arm64 (#24181)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dataviewer-dependencies group across 1 director…
df900b0 
…y with 5 updates

Bumps the dataviewer-dependencies group with 5 updates in the /data-management/viewer directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.0` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.24` | `0.0.26` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.9` | `0.15.10` |
| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.9.1` | `1.10.1` |
| [ultralytics](https://github.com/ultralytics/ultralytics) | `8.4.34` | `8.4.37` |



Updates `pydantic` from 2.12.5 to 2.13.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.0)

Updates `python-multipart` from 0.0.24 to 0.0.26
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.24...0.0.26)

Updates `ruff` from 0.15.9 to 0.15.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.9...0.15.10)

Updates `huggingface-hub` from 1.9.1 to 1.10.1
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.9.1...v1.10.1)

Updates `ultralytics` from 8.4.34 to 8.4.37
- [Release notes](https://github.com/ultralytics/ultralytics/releases)
- [Commits](ultralytics/ultralytics@v8.4.34...v8.4.37)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dataviewer-dependencies
- dependency-name: python-multipart
  dependency-version: 0.0.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dataviewer-dependencies
- dependency-name: ruff
  dependency-version: 0.15.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dataviewer-dependencies
- dependency-name: huggingface-hub
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dataviewer-dependencies
- dependency-name: ultralytics
  dependency-version: 8.4.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dataviewer-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dataviewer dependencies Dependency version updates python Pull requests that update python code labels Apr 13, 2026
@github-actions github-actions Bot changed the title chore(deps): bump the dataviewer-dependencies group across 1 directory with 5 updates security(deps): bump the dataviewer-dependencies group across 1 directory with 5 updates Apr 13, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 587d9ab.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

data-management/viewer/uv.lock

PackageVersionLicenseIssue Type
pydantic2.13.0NullUnknown License
python-multipart0.0.26NullUnknown License
ruff0.15.10NullUnknown License
ultralytics8.4.37NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/huggingface-hub 1.10.1 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 26/28 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
pip/pydantic 2.13.0 UnknownUnknown
pip/pydantic-core 2.46.0 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/python-multipart 0.0.26 UnknownUnknown
pip/ruff 0.15.10 UnknownUnknown
pip/ultralytics 8.4.37 UnknownUnknown

Scanned Files

  • data-management/viewer/uv.lock

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.80%. Comparing base (d5a8656) to head (587d9ab).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #464   +/-   ##
=======================================
  Coverage   64.80%   64.80%           
=======================================
  Files         251      251           
  Lines       15441    15441           
  Branches     2108     2108           
=======================================
  Hits        10006    10006           
  Misses       5146     5146           
  Partials      289      289
Flag Coverage Δ
pester 82.24% <ø> (ø)
pytest 92.40% <ø> (ø)
pytest-dataviewer 63.87% <ø> (ø)
pytest-fuzz 1.59% <ø> (ø)
vitest 51.77% <ø> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@WilliamBerryiii WilliamBerryiii merged commit 24c208d into main Apr 15, 2026
32 checks passed
@WilliamBerryiii WilliamBerryiii deleted the dependabot/uv/data-management/viewer/dataviewer-dependencies-0190124bbe branch April 15, 2026 04:29
@physical-ai-toolchain-release physical-ai-toolchain-release Bot mentioned this pull request Apr 15, 2026
Merged
WilliamBerryiii pushed a commit that referenced this pull request May 8, 2026
@physical-ai-toolchain-release @github-actions
chore(main): release 0.8.0 (#450)
f906f37 
🤖 I have created a release *beep* *boop*
---


##
[0.8.0](v0.7.4...v0.8.0)
(2026-05-08)


### ⚠ BREAKING CHANGES

* **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4,
MSAL 5, ESLint 10
([#524](#524))

### ✨ Features

* **agents:** add automated validation for high-risk Dependabot bumps
([#574](#574))
([8c3686a](8c3686a)),
closes
[#573](#573)
* **data:** add camera selector to annotation workspace and fix AV1
frame extraction
([#591](#591))
([c809d2f](c809d2f))
* **data:** seed dataviewer frontend test foundation and per-section
codecov flags
([#594](#594))
([c06c4e3](c06c4e3))
* **dataviewer:** add OWASP security middleware stack
([#439](#439))
([239edb9](239edb9))
* **infrastructure:** add conversion pipeline Terraform module
([#542](#542))
([244531e](244531e))
* **infrastructure:** upgrade OSMO to chart 1.2.1 / image 6.2 with
secure auth and skrl 2.0.0 compatibility
([#492](#492))
([edfd7a5](edfd7a5))
* **pipeline:** add ACSA setup for ROS2 bag sync to Blob
([#451](#451))
([c271a54](c271a54))
* **workflows:** add advisory Dependabot PR reviewer agentic workflow
([#498](#498))
([d4bb140](d4bb140))
* **workflows:** trigger AW Dependabot PR reviewer after PR Validation
([#580](#580))
([7ab3d16](7ab3d16))


### 🐛 Bug Fixes

* **ci:** correct stale version comment for
actions/create-github-app-token
([#506](#506))
([b2e9a54](b2e9a54))
* **ci:** restore data-pipeline and training broken tests by domain
folder restructure
([#547](#547))
([06d8472](06d8472))
* **docs:** update remaining stale 'Coming soon' labels in
docs/README.md
([#507](#507))
([02439d6](02439d6))
* **docs:** update stale coming soon label for Training section
([#472](#472))
([46db49b](46db49b))
* **evaluation:** scope SIL AzureML validation code path and script
reference
([#387](#387))
([9f138a9](9f138a9))
* **infrastructure:** OSMO workflow execution, PostgreSQL public access,
and quickstart corrections
([#477](#477))
([9ed2da6](9ed2da6))
* **scripts:** exclude CHANGELOG.md from changed-files msdate check
([#644](#644))
([8133bdc](8133bdc))
* **workflows:** allow dependabot[bot] to activate AW Dependabot PR
Review
([#586](#586))
([39dc022](39dc022))
* **workflows:** correct branches filter on AW Dependabot PR Review
workflow_run trigger
([#584](#584))
([fe06b52](fe06b52))
* **workflows:** normalize validate.yaml placeholder env/compute values
([#510](#510))
([340ff44](340ff44))
* **workflows:** recompile aw-dependabot-pr-review lock file
([#576](#576))
([d77c167](d77c167))
* **workflows:** switch AW Dependabot PR Review to pull_request_target
([#589](#589))
([3f1edd1](3f1edd1))


### 📚 Documentation

* **docs:** Fix deployment guide links
([#614](#614))
([0070b04](0070b04))
* document dependency-pinning-artifacts directory purpose
([#508](#508))
([50e0010](50e0010))


### 📦 Build System

* **training:** standardize on Python 3.12 across manifests, containers,
and runtime scripts
([#541](#541))
([7ad014a](7ad014a))


### 🔧 Operations

* **build:** add Copilot cloud agent setup-steps workflow
([#593](#593))
([c912668](c912668))


### 🔧 Miscellaneous

* **build:** exclude auto-generated CHANGELOG.md from cspell and seed
dictionary
([#582](#582))
([de1dd57](de1dd57))
* **build:** redesign codecov flags and split pytest CI per component
([#520](#520))
([357e745](357e745))
* **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4,
MSAL 5, ESLint 10
([#524](#524))
([50f8ad4](50f8ad4))
* **dataviewer:** repoint stale src/dataviewer references to
data-management/viewer
([#504](#504))
([88fa1b4](88fa1b4)),
closes
[#503](#503)
* **deps-dev:** bump basic-ftp from 5.3.0 to 5.3.1
([#618](#618))
([ca10f2a](ca10f2a))
* **deps-dev:** bump globals from 15.15.0 to 17.5.0 in
/data-management/viewer/frontend
([#527](#527))
([0e0b2ae](0e0b2ae))
* **deps-dev:** bump ip-address from 10.1.0 to 10.2.0
([#616](#616))
([816c9cf](816c9cf))
* **deps-dev:** bump lint-staged from 16.4.0 to 17.0.2 in the
root-npm-dependencies group across 1 directory
([#626](#626))
([0e2f293](0e2f293))
* **deps-dev:** bump pydantic from 2.13.3 to 2.13.4 in the
python-dependencies group across 1 directory
([#629](#629))
([c24f1c1](c24f1c1))
* **deps-dev:** bump the python-dependencies group across 1 directory
with 2 updates
([#514](#514))
([8410f4b](8410f4b))
* **deps:** bump azure-core from 1.39.0 to 1.40.0 in /evaluation in the
inference-dependencies group across 1 directory
([#597](#597))
([6141db4](6141db4))
* **deps:** bump cryptography from 46.0.6 to 46.0.7 in
/data-management/viewer
([#424](#424))
([5fb6d58](5fb6d58))
* **deps:** bump cryptography from 46.0.6 to 46.0.7 in
/data-management/viewer/backend
([#423](#423))
([b516ad5](b516ad5))
* **deps:** bump lucide-react from 0.469.0 to 1.8.0 in
/data-management/viewer/frontend
([#528](#528))
([1bdfc1e](1bdfc1e))
* **deps:** bump nginx from `8aa63af` to `5616878` in
/data-management/viewer/frontend
([#511](#511))
([9e7e20e](9e7e20e))
* **deps:** bump nginx from 1.27-alpine to 1.29-alpine in
/data-management/viewer/frontend
([#484](#484))
([0e5c3dd](0e5c3dd))
* **deps:** bump node from `435f353` to `e49fd70` in
/data-management/viewer/frontend
([#560](#560))
([2884649](2884649))
* **deps:** bump react-is from 18.3.1 to 19.2.5 in
/data-management/viewer/frontend
([#530](#530))
([d51318c](d51318c))
* **deps:** bump tensordict from 0.11.0 to 0.12.1 in /evaluation in the
inference-dependencies group across 1 directory
([#456](#456))
([b24e733](b24e733))
* **deps:** bump the dataviewer-backend-dependencies group across 1
directory with 2 updates
([#531](#531))
([171a1da](171a1da))
* **deps:** bump the dataviewer-backend-dependencies group across 1
directory with 5 updates
([#516](#516))
([4f9a577](4f9a577))
* **deps:** bump the dataviewer-backend-dependencies group across 1
directory with 5 updates
([#602](#602))
([6c27ab5](6c27ab5))
* **deps:** bump the dataviewer-dependencies group across 1 directory
with 2 updates
([#529](#529))
([8646971](8646971))
* **deps:** bump the dataviewer-dependencies group across 1 directory
with 3 updates
([#601](#601))
([d28fb50](d28fb50))
* **deps:** bump the dataviewer-dependencies group across 1 directory
with 3 updates
([#632](#632))
([4ca5f3e](4ca5f3e))
* **deps:** bump the dataviewer-dependencies group across 1 directory
with 5 updates
([#515](#515))
([109ee81](109ee81))
* **deps:** bump the dataviewer-frontend-patch-minor group across 1
directory with 6 updates
([#630](#630))
([04d5dfd](04d5dfd))
* **deps:** bump the dataviewer-frontend-patch-minor group across 1
directory with 9 updates
([#563](#563))
([c08f450](c08f450))
* **deps:** bump the docusaurus-dependencies group across 1 directory
with 4 updates
([#627](#627))
([f5825fc](f5825fc))
* **deps:** bump the docusaurus-dependencies group across 1 directory
with 6 updates
([#599](#599))
([b859344](b859344))
* **deps:** bump the github-actions group across 1 directory with 4
updates
([#459](#459))
([2609c52](2609c52))
* **deps:** bump the github-actions group across 1 directory with 4
updates
([#517](#517))
([f54bf5d](f54bf5d))
* **deps:** bump the inference-dependencies group across 1 directory
with 11 updates
([#562](#562))
([087f53a](087f53a))
* **deps:** bump the inference-dependencies group across 1 directory
with 2 updates
([#628](#628))
([4a3be47](4a3be47))
* **deps:** bump the pip group across 2 directories with 1 update
([#494](#494))
([a14b6b0](a14b6b0))
* **docs:** update stale Python 3.11 references to 3.12
([#575](#575))
([6f85c95](6f85c95))
* **scripts:** remove redundant SC1091 disables in OSMO deploy scripts
([#509](#509))
([ae1cb82](ae1cb82))


### 🔒 Security

* **build:** pin dependencies and hash-verify downloads
([#465](#465))
([0289f49](0289f49))
* **build:** remediate dependency security advisories
([#479](#479))
([7196d6d](7196d6d))
* **deps-dev:** bump basic-ftp from 5.2.1 to 5.2.2
([#454](#454))
([cb158f1](cb158f1))
* **deps-dev:** bump basic-ftp from 5.2.2 to 5.3.0
([#495](#495))
([e983b8b](e983b8b))
* **deps-dev:** bump hypothesis from 6.152.3 to 6.152.4 in the
python-dependencies group
([#598](#598))
([83384d2](83384d2))
* **deps-dev:** bump markdownlint-cli2 from 0.22.0 to 0.22.1 in the
root-npm-dependencies group
([#559](#559))
([32bde35](32bde35))
* **deps-dev:** bump picomatch from 2.3.1 to 2.3.2 in /docs/docusaurus
([#455](#455))
([66f86ca](66f86ca))
* **deps-dev:** bump postcss from 8.5.10 to 8.5.12 in
/data-management/viewer/frontend
([#569](#569))
([a652dba](a652dba))
* **deps-dev:** bump the python-dependencies group with 2 updates
([#457](#457))
([749d231](749d231))
* **deps-dev:** bump the python-dependencies group with 2 updates
([#485](#485))
([71b44fd](71b44fd))
* **deps-dev:** bump the python-dependencies group with 3 updates
([#564](#564))
([9fc52fd](9fc52fd))
* **deps-dev:** bump typescript from 6.0.2 to 6.0.3 in /docs/docusaurus
in the docusaurus-dependencies group
([#513](#513))
([5694dbc](5694dbc))
* **deps:** bump azureml/openmpi4.1.0-ubuntu22.04 from 20260303.v5 to
20260409.v4 in /evaluation/sil/docker
([#480](#480))
([25d4df8](25d4df8))
* **deps:** bump cryptography from 46.0.6 to 46.0.7 in /evaluation in
the uv group across 1 directory
([#538](#538))
([92c5b2e](92c5b2e))
* **deps:** bump diffusers from 0.35.2 to 0.38.0 in /training/il/lerobot
([#638](#638))
([6261d19](6261d19))
* **deps:** bump follow-redirects from 1.15.11 to 1.16.0 in
/docs/docusaurus
([#469](#469))
([0458908](0458908))
* **deps:** bump gitpython and mako for lerobot IL training
([#623](#623))
([9f8022b](9f8022b))
* **deps:** bump node from 24.14.1-slim to 25.9.0-slim in
/data-management/viewer/frontend
([#482](#482))
([1532d09](1532d09))
* **deps:** bump packaging from 26.0 to 26.1 in /evaluation in the
inference-dependencies group
([#483](#483))
([f4afb6c](f4afb6c))
* **deps:** bump pillow from 12.1.1 to 12.2.0
([#467](#467))
([39fb663](39fb663))
* **deps:** bump python from 3.11-slim to 3.14-slim in
/data-management/viewer/backend
([#481](#481))
([7af9dfc](7af9dfc))
* **deps:** bump the dataviewer-backend-dependencies group across 1
directory with 15 updates
([#428](#428))
([e4446a2](e4446a2))
* **deps:** bump the dataviewer-backend-dependencies group in
/data-management/viewer/backend with 4 updates
([#487](#487))
([0f57c5b](0f57c5b))
* **deps:** bump the dataviewer-backend-dependencies group in
/data-management/viewer/backend with 8 updates
([#566](#566))
([d6e7869](d6e7869))
* **deps:** bump the dataviewer-dependencies group across 1 directory
with 5 updates
([#464](#464))
([24c208d](24c208d))
* **deps:** bump the dataviewer-dependencies group in
/data-management/viewer with 2 updates
([#486](#486))
([90149f3](90149f3))
* **deps:** bump the dataviewer-dependencies group in
/data-management/viewer with 6 updates
([#565](#565))
([f0bb36b](f0bb36b))
* **deps:** bump the dataviewer-frontend-patch-minor group across 1
directory with 10 updates
([#613](#613))
([e481f83](e481f83))
* **deps:** bump the github-actions group across 1 directory with 4
updates
([#534](#534))
([5478ab6](5478ab6))
* **deps:** bump the github-actions group with 2 updates
([#488](#488))
([4e6ce98](4e6ce98))
* **deps:** bump the github-actions group with 3 updates
([#567](#567))
([48c38dc](48c38dc))
* **deps:** bump the github-actions group with 3 updates
([#634](#634))
([00cfb49](00cfb49))
* **deps:** bump the github-actions group with 6 updates
([#603](#603))
([73eb79a](73eb79a))
* **deps:** bump the training-dependencies group across 1 directory with
23 updates
([#463](#463))
([d5a8656](d5a8656))
* **deps:** bump yaml from 2.8.2 to 2.8.3 in
/data-management/viewer/frontend
([#453](#453))
([10449df](10449df))
* pytest harness, dependabot advisories, and OSSF Scorecard remediations
([#501](#501))
([e8756e8](e8756e8))
* **scripts:** pin and hash-verify all shell script downloads
([#468](#468))
([0c2bb9c](0c2bb9c))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: physical-ai-toolchain-release[bot] <267194360+physical-ai-toolchain-release[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBerryiii WilliamBerryiii WilliamBerryiii approved these changes

Assignees

No one assigned

Labels

dataviewer dependencies Dependency version updates python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @WilliamBerryiii