Bump the production-dependencies group across 1 directory with 5 updates

[dependabot]

Updates the requirements on deepagents, langchain-openai, python-dotenv, pytest-cov and uv-build to permit the latest version.
Updates deepagents from 0.4.1 to 0.5.1

Release notes

Sourced from deepagents's releases.

deepagents==0.5.1

Features

• sdk: BASE_AGENT_PROMPT tweaks (#2541) (812eef1)
• sdk: add artifacts_root to CompositeBackend and middleware (#2490) (753ee56)

Bug Fixes

• sdk: updates for multimodal (#2514) (a2edf3e)

---

Internal maintainers: @​vtrivedy, @​nick-hollon-lc, @​ccurme, @​mdrxy

deepagents==0.5.0

See changelog for high-level summary.

Details below:

Changes since deepagents==0.4.12 release(deepagents): 0.5.0 (#2509) fix(sdk): match example_agent_descriptions closing tag in task tool prompt (#2462) docs(sdk,cli): fill missing docstrings in model-specific code (#2481) chore: replace old OAI model strings (#2480) docs(sdk): updates for create_deep_agent (#2479) fix(sdk): improvements in default sandbox.write and sandbox.read implementations (#2321) release: deepagents 0.5.0a4 (#2444) fix: remove legacy subagents API (#2443) chore(sdk): delete unused base_prompt.md, restore missing sections (#2436) chore(sdk): update unset logic (#2435) fix(sdk): inherit parent interrupt_on for subagents (#2334) test(sdk): added a failing test for callback propagation to subagent … (#2361) chore(sdk): bump lock files (#2430) chore(sdk): update docs around async subagents (#2429) release(deepagents): 0.5.0a3 (#2385) fix: plumb through generics for create_deep_agent (#2383) fix(sdk): fix TypeError in async sub-agents (#2376) fix(sdk): last_updated_at field doesn't account for task status changes (#2370) fix: deprecate backend factories (#2360) chore: bump pygments to 2.20.0 everywhere (GHSA-5239-wwwm-4pmq) (#2349) fix(sdk): catch UnicodeDecodeError in FilesystemBackend.read (#2319) fix(sdk): restore deprecated protocol return types (#2342) docs: add threat model for deepagents monorepo (#1639) fix(sdk): add new line after HEREDOC for edit inline sandbox (#2340) chore(sdk): disable benchmark when not running benchmarks (#2338) test(sdk): assert default toolruntime config in end-to-end test (#2324) fix(sdk): fix offloading for state backend (#2266) chore: bump requests (#2325) chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /libs/deepagents (#2292)

... (truncated)

Commits

• f316d16 release(deepagents): 0.5.1 (#2520)
• fc36d43 chore(repl): regen snapshots (#2542)
• 812eef1 feat(sdk): BASE_AGENT_PROMPT tweaks (#2541)
• bfc6e45 fix(evals): scope openrouter provider pin to openrouter models (#2540)
• 753ee56 feat(sdk): add artifacts_root to CompositeBackend and middleware (#2490)
• a59cf0d feat(ci): label release-please PRs with package scope (#2539)
• a6b0e1a ci: add internal maintainers section to release notes (#2538)
• b4ee445 ci(repl): set up release-please (#2536)
• ac011b6 chore: update CODEOWNERS (#2535)
• 6307eee ci: rename release (#2533)
• Additional commits viewable in compare view

Updates langchain-openai from 1.1.9 to 1.1.12

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

langchain-openai==1.1.11

Changes since langchain-openai==1.1.10

fix(openai): bump min core version (#35705) release(openai): 1.1.11 (#35703) fix(openai): update responses API model detection for pro and codex models (#35594) feat(openai): support tool search (#35582) chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/partners/openai (#35612) chore(model-profiles): refresh model profile data (#35593) fix(openai): avoid PydanticSerializationUnexpectedValue for structured output (#35543) feat(openrouter): add streaming token usage support (#35559) fix: compaction typo (#35467) fix(openai): add test for CSV and accommodate breaking changes in file url inputs (#35454) chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/openai (#35448) fix(model-profiles): sort generated profiles by model ID for stable diffs (#35344) fix(openai): accept valid responses that are falsy at runtime (#35307)

langchain-openai==1.1.10

Changes since langchain-openai==1.1.9

release(openai): 1.1.10 (#35292) feat(openai): support automatic server-side compaction (#35212) fix(openai): add model property (#35284) fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254) docs(openai): more nits (#35277) docs(openai): clarify reasoning config for openai-compatible endpoints (#35202) fix(openai): gpt-5.2-pro Model Profile structured_output key fixed (#35216) chore(openai): extend model_token_mapping till gpt-5.2 for modelname_to_contextsize (#35214) fix(openai): enhance error message for non-OpenAI embedding providers (#35252) fix(openai): sanitize chat completions text content blocks (#35217) fix(openai): improve error message for null choices in OpenAI-compatible APIs (#35236)

... (truncated)

Commits

• ad574fc fix(openai): bump min core version (#36180)
• 19f81cf release(core): 1.2.21 (#36179)
• 6d07ef2 release(openai): 1.1.12 (#36178)
• 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
• 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
• 936b0a6 chore(model-profiles): refresh model profile data (#36152)
• 900f8a3 fix(openai): support phase parameter (#36161)
• 64a848a ci: add maintainer override to require-issue-link workflow (#36147)
• 7d05cfb fix(openai): preserve namespace field in streaming function_call chunks (#36108)
• 74ade80 chore(model-profiles): refresh model profile data (#36123)
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates uv-build to 0.11.5

Release notes

Sourced from uv-build's releases.

0.11.5

Release Notes

Released on 2026-04-08.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#18908)

Enhancements

• Fix build_system.requires error message (#18911)
• Remove trailing path separators in path normalization (#18915)
• Improve error messages for unsupported or invalid TLS certificates (#18924)

Preview features

• Add exclude-newer to [[tool.uv.index]] (#18839)
• uv audit: add context/warnings for ignored vulnerabilities (#18905)

Bug fixes

• Normalize persisted fork markers before lock equality checks (#18612)
• Clear junction properly when uninstalling Python versions on Windows (#18815)
• Report error cleanly instead of panicking on TLS certificate error (#18904)

Documentation

• Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
• Fix uv init example-bare --bare examples (#18822, #18925)

Install uv 0.11.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.5/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.5/uv-installer.ps1 | iex"

Download uv 0.11.5

File	Platform	Checksum

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.5

Released on 2026-04-08.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#18908)

Enhancements

• Fix build_system.requires error message (#18911)
• Remove trailing path separators in path normalization (#18915)
• Improve error messages for unsupported or invalid TLS certificates (#18924)

Preview features

• Add exclude-newer to [[tool.uv.index]] (#18839)
• uv audit: add context/warnings for ignored vulnerabilities (#18905)

Bug fixes

• Normalize persisted fork markers before lock equality checks (#18612)
• Clear junction properly when uninstalling Python versions on Windows (#18815)
• Report error cleanly instead of panicking on TLS certificate error (#18904)

Documentation

• Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
• Fix uv init example-bare --bare examples (#18822, #18925)

0.11.4

Released on 2026-04-07.

Enhancements

• Add support for --upgrade-group (#18266)
• Merge repeated archive URL hashes by version ID (#18841)
• Require all direct URL hash algorithms to match (#18842)

Bug fixes

• Avoid panics in environment finding via cycle detection (#18828)
• Enforce direct URL hashes for pyproject.toml dependencies (#18786)
• Error on --locked and --frozen when script lockfile is missing (#18832)
• Fix uv export extra resolution for workspace member and conflicting extras (#18888)
• Include conflicts defined in virtual workspace root (#18886)
• Recompute relative exclude-newer values during uv tree --outdated (#18899)
• Respect --exclude-newer in uv tool list --outdated (#18861)
• Sort by comparator to break specifier ties (#18850)

... (truncated)

Commits

• 95eaa68 Bump version to 0.11.5 (#18930)
• f6d67d5 Improve certificate loading error messages (#18924)
• 39b83c3 Add exclude-newer to [[tool.uv.index]] (#18839)
• 7924ba5 uv audit: add context/warnings for ignored vulnerabilities (#18905)
• a352ce0 Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
• 33b6338 Normalize persisted fork markers before lock equality checks (#18612)
• 6a203d9 Clear junction properly when uninstalling Python versions on Windows (#18815)
• 6af38bb Update bare suffix in subsequent--bare init documentation as well (#18925)
• 5aca743 uv init example-bare --bare (#18822)
• 6a3331f Create a "deployment" for the release-gate job (#18920)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions