Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update actions/checkout action to v6.0.3
• chore(deps): update dependency pip-audit to >=2.10.1
• fix(deps): update dependency cryptography to >=46.0.7
• fix(deps): update dependency python-dotenv to >=1.2.2
• chore(deps): update actions/setup-python action to v6.3.0
• chore(deps): update anchore/scan-action action to v7.4.0
• chore(deps): update dependency pytest to >=9.1.1
• chore(deps): update dependency pytest-asyncio to >=1.4.0
• chore(deps): update dependency pytest-cov to >=7.1.0
• chore(deps): update dependency respx to >=0.23.1
• chore(deps): update dependency ruff to >=0.15.20
• chore(deps): update sigstore/cosign-installer action to v4.1.2
• chore(deps): update softprops/action-gh-release action to v2.6.2
• fix(deps): update dependency click to >=8.4.2
• fix(deps): update dependency fastapi to >=0.138.1
• fix(deps): update dependency fastembed to >=0.8.0
• fix(deps): update dependency pydantic to >=2.13.4
• fix(deps): update dependency pydantic-settings to >=2.14.2
• fix(deps): update dependency scikit-learn to >=1.9.0
• fix(deps): update dependency uvicorn to >=0.49.0
• chore(deps): update actions/checkout action to v7
• chore(deps): update astral-sh/setup-uv action to v8
• chore(deps): update docker/build-push-action action to v7
• chore(deps): update docker/login-action action to v4
• chore(deps): update docker/metadata-action action to v6
• chore(deps): update docker/setup-buildx-action action to v4
• chore(deps): update softprops/action-gh-release action to v3
• fix(deps): update dependency cryptography to v49
• fix(deps): update dependency pydantic-ai to v2
• fix(deps): update dependency rich to v15
• fix(deps): update dependency structlog to v26
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update ghcr.io/astral-sh/uv docker digest to 99ea34a
• chore(deps): update dependency bandit to >=1.9.4
• chore(deps): update dependency ty to >=0.0.54
• chore(deps): update astral-sh/setup-uv action to v7.6.0
• chore(deps): update docker/build-push-action action to v6.19.2
• chore(deps): update docker/login-action action to v3.7.0
• fix(deps): update dependency mcp to >=1.28.0
• fix(deps): update dependency pydantic-ai to >=1.107.0
• fix(deps): update dependency rich to >=14.3.4
• chore(deps): lock file maintenance
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update python docker tag

Detected Dependencies

dockerfile (1)

Dockerfile (4)

• python 3.13-slim → [Updates: 3.14-slim]
• python 3.13-slim → [Updates: 3.14-slim]
• ghcr.io/astral-sh/uv sha256:9a23023be68b2ed09750ae636228e903a54a05ea56ed03a934d00fe9fbeded4b → [Updates: undefined]
• python 3.13-slim → [Updates: 3.14-slim]

github-actions (9)

.github/workflows/claude-code-review.yml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• anthropics/claude-code-action v1

.github/workflows/claude.yml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• anthropics/claude-code-action v1

.github/workflows/code-quality-cli.yml (5)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• actions/setup-python v6.2.0@a309ff8b426b58ec0e2a45f0f869d46889d02405 → [Updates: v6.3.0]
• astral-sh/setup-uv v7.2.0@61cb8a9741eeb8a550a1b8544337180c0fc8476b → [Updates: v7.6.0, v8.2.0]
• arduino/setup-task v2.0.0@b91d5d2c96a56797b48ac1e0e89220bf64044611
• python 3.13 → [Updates: 3.14]

.github/workflows/code-quality-with-ollama.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• astral-sh/setup-uv v7.2.0@61cb8a9741eeb8a550a1b8544337180c0fc8476b → [Updates: v7.6.0, v8.2.0]
• arduino/setup-task v2.0.0@b91d5d2c96a56797b48ac1e0e89220bf64044611

.github/workflows/code-quality.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• astral-sh/setup-uv v7.2.0@61cb8a9741eeb8a550a1b8544337180c0fc8476b → [Updates: v7.6.0, v8.2.0]
• arduino/setup-task v2.0.0@b91d5d2c96a56797b48ac1e0e89220bf64044611

.github/workflows/image-build.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• docker/setup-buildx-action v3.12.0@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f → [Updates: v4.1.0]
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83 → [Updates: v6.19.2, v7.2.0]

.github/workflows/release-cli.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• astral-sh/setup-uv v7.2.0@61cb8a9741eeb8a550a1b8544337180c0fc8476b → [Updates: v7.6.0, v8.2.0]
• softprops/action-gh-release v2.5.0@a06a81a03ee405af7f2048a818ed3f03bbf83c7b → [Updates: v2.6.2, v3.0.1]

.github/workflows/release.yml (6)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• docker/setup-buildx-action v3.12.0@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f → [Updates: v4.1.0]
• docker/login-action v3.6.0@5e57cd118135c172c3672efd75eb46360885c0ef → [Updates: v3.7.0, v4.2.0]
• docker/metadata-action v5.10.0@c299e40c65443455700f0fdfc63efafe5b349051 → [Updates: v6.1.0]
• docker/build-push-action v6.18.0@263435318d21b8e681c14492fe198d362a7d2c83 → [Updates: v6.19.2, v7.2.0]
• sigstore/cosign-installer v4.0.0@faadad0cce49287aee09b3a48701e75088a2c6ad → [Updates: v4.1.2]

.github/workflows/security.yml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd → [Updates: v6.0.3, v7.0.0]
• anchore/scan-action v7.3.2@7037fa011853d5a11690026fb85feee79f4c946c → [Updates: v7.4.0]

pep621 (3)

cli/pyproject.toml (15)

• python >=3.13 → [Updates: >=3.14.6]
• click >=8.3.1 → [Updates: >=8.4.2]
• httpx >=0.28.1
• docker >=7.1.0
• rich >=14.2.0 → [Updates: >=14.3.4, >=15.0.0]
• pydantic >=2.12.5 → [Updates: >=2.13.4]
• pydantic-settings >=2.12.0 → [Updates: >=2.14.2]
• pytest >=9.0.2 → [Updates: >=9.1.1]
• pytest-asyncio >=1.3.0 → [Updates: >=1.4.0]
• pytest-cov >=7.0.0 → [Updates: >=7.1.0]
• respx >=0.22.0 → [Updates: >=0.23.1]
• ruff >=0.14.14 → [Updates: >=0.15.20]
• ty >=0.0.13 → [Updates: >=0.0.54]
• bandit >=1.9.3 → [Updates: >=1.9.4]
• pip-audit >=2.10.0 → [Updates: >=2.10.1]

mcp-tef-models/pyproject.toml (2)

• python >=3.13 → [Updates: >=3.14.6]
• pydantic >=2.12.5 → [Updates: >=2.13.4]

pyproject.toml (21)

• python >=3.13 → [Updates: >=3.14.6]
• fastapi >=0.128.0 → [Updates: >=0.138.1]
• pydantic >=2.12.5 → [Updates: >=2.13.4]
• pydantic-ai >=1.46.0 → [Updates: >=1.107.0, >=2.0.0]
• aiosqlite >=0.22.1
• uvicorn >=0.40.0 → [Updates: >=0.49.0]
• httpx >=0.28.1
• python-dotenv >=1.2.1 → [Updates: >=1.2.2]
• structlog >=25.5.0 → [Updates: >=26.1.0]
• dotenv >=0.9.9
• mcp >=1.25.0 → [Updates: >=1.28.0]
• fastembed >=0.7.4 → [Updates: >=0.8.0]
• scikit-learn >=1.8.0 → [Updates: >=1.9.0]
• cryptography >=46.0.3 → [Updates: >=46.0.7, >=49.0.0]
• pytest >=9.0.2 → [Updates: >=9.1.1]
• pytest-cov >=7.0.0 → [Updates: >=7.1.0]
• pytest-asyncio >=1.3.0 → [Updates: >=1.4.0]
• ruff >=0.14.14 → [Updates: >=0.15.20]
• ty >=0.0.13 → [Updates: >=0.0.54]
• bandit >=1.9.3 → [Updates: >=1.9.4]
• pip-audit >=2.10.0 → [Updates: >=2.10.1]

pyenv (1)

.python-version (1)

• python 3.13 → [Updates: 3.14]

---

• Check this box to trigger a request for Renovate to run again on this repository