build(deps): bump the production-dependencies group with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates:

Package	From	To
bandit	1.9.2	1.9.3
google-cloud-storage	3.7.0	3.8.0
gunicorn	23.0.0	24.0.0
obs-common	2026.1.8	2026.1.21
ruff	0.14.10	0.14.14
sentry-sdk	2.49.0	2.50.0
sphinx-rtd-theme	3.0.2	3.1.0

Updates bandit from 1.9.2 to 1.9.3

Release notes

Sourced from bandit's releases.

1.9.3

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1335
• Fix B608 to detect VALUES( without space by @​kfess in PyCQA/bandit#1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in PyCQA/bandit#1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1341
• Update tox tests for Python 3.10 by @​willschlitzer in PyCQA/bandit#1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in PyCQA/bandit#1347
• Limit B614 to torch.load deserializers by @​dibussoc in PyCQA/bandit#1348

New Contributors

• @​kfess made their first contribution in PyCQA/bandit#1337
• @​alanverresen made their first contribution in PyCQA/bandit#1338
• @​willschlitzer made their first contribution in PyCQA/bandit#1346
• @​dibussoc made their first contribution in PyCQA/bandit#1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

Commits

• 765f00d Limit B614 to torch.load deserializers (#1348)
• 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
• 36d6f3c Update tox tests for Python 3.10 (#1346)
• da0d338 [pre-commit.ci] pre-commit autoupdate (#1341)
• 649b9bd Add check for hardcoded passwords in dicts. (#1338)
• 3c56109 Fix B608 to detect VALUES( without space (#1337)
• b790ce2 [pre-commit.ci] pre-commit autoupdate (#1335)
• 0b73bbe Bump actions/checkout from 5 to 6 (#1334)
• See full diff in compare view

Updates google-cloud-storage from 3.7.0 to 3.8.0

Release notes

Sourced from google-cloud-storage's releases.

google-cloud-storage 3.8.0

3.8.0 (2026-01-13)

Features

• expose persisted size in mrd (#1671) (0e2961be)

• implement "append_from_file" (#1686) (1333c956)

• compute chunk wise checksum for bidi_writes (#1675) (139390cb)

• flush the last chunk in append method (#1699) (89bfe7a5)

• add write resumption strategy (#1663) (a57ea0ec)

• add bidi stream retry manager. (#1632) (d90f0ee0)

• make flush size configurable (#1677) (f7095faf)

Bug Fixes

• no state lookup while opening bidi-write stream (2d5a7b16)

• no state lookup while opening bidi-write stream (#1636) (2d5a7b16)

• close write object stream always (#1661) (4a609a4b)

• add system test for opening with read_handle (#1672) (6dc711da)

Changelog

Sourced from google-cloud-storage's changelog.

3.8.0 (2026-01-13)

Features

• flush the last chunk in append method (#1699) (89bfe7a5fcd0391da35e9ceccc185279782b5420)
• add write resumption strategy (#1663) (a57ea0ec786a84c7ae9ed82c6ae5d38ecadba4af)
• add bidi stream retry manager. (#1632) (d90f0ee09902a21b186106bcf0a8cb0b81b34340)
• implement "append_from_file" (#1686) (1333c956da18b4db753cda98c41c3619c84caf69)
• make flush size configurable (#1677) (f7095faf0a81239894ff9d277849788b62eb6ac5)
• compute chunk wise checksum for bidi_writes (#1675) (139390cb01f93a2d61e7ec201e3637dffe0b2a34)
• expose persisted size in mrd (#1671) (0e2961bef285fc064174a5c18e3db05c7a682521)

Bug Fixes

• add system test for opening with read_handle (#1672) (6dc711dacd4d38c573aa4ca9ad71fe412c0e49c1)
• no state lookup while opening bidi-write stream (#1636) (2d5a7b16846a69f3a911844971241899f60cce14)
• close write object stream always (#1661) (4a609a4b3f4ba1396825911cb02f8a9649135cd5)

Commits

• 16cf512 chore: librarian release pull request: 20260113T144551Z (#1704)
• 94ad895 chore(librarian): bump library version to 3.7.0 (#1703)
• 89bfe7a feat(experimental): flush the last chunk in append method (#1699)
• a57ea0e feat(experimental): add write resumption strategy (#1663)
• 0c35d3f chore(tests): add test for reading unfinalized appendable objects with genera...
• d90f0ee feat(experimental): add bidi stream retry manager. (#1632)
• a994dbf Revert "skip notification tests until b/470069573 is fixed" (#1694)
• dfc60b3 chore: delete topic after creation (#1687)
• 1333c95 feat: implement "append_from_file" (#1686)
• fe6d7c9 chore: optimization to reduce number of open TCP connections while running zo...
• Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 24.0.0

Release notes

Sourced from gunicorn's releases.

24.0.0

New Features

• ASGI Worker (Beta): Native asyncio-based ASGI support for running async Python frameworks like FastAPI, Starlette, and Quart without external dependencies

  • HTTP/1.1 with keepalive connections
  • WebSocket support
  • Lifespan protocol for startup/shutdown hooks
  • Optional uvloop for improved performance

• uWSGI Binary Protocol: Support for receiving requests from nginx via uwsgi_pass directive

• Documentation Migration: Migrated to MkDocs with Material theme

Security

• eventlet: Require eventlet >= 0.40.3 (CVE-2021-21419, CVE-2025-58068)
• gevent: Require gevent >= 24.10.1 (CVE-2023-41419, CVE-2024-3219)
• tornado: Require tornado >= 6.5.0 (CVE-2025-47287)

Install

pip install gunicorn==24.0.0

Commits

• 3960372 Merge pull request #3426 from benoitc/website-2025
• d34d3de docs: Set release date for 24.0.0
• 066e6d8 docs: Move ASGI worker tab after Gthread
• c6b1159 docs: Add Tornado worker to design page
• c959dae docs: Redesign architecture page with visual components
• 571bc12 docs: Add punchy theme with vibrant colors and modern features
• 73adc7c docs: Add collapsible TOC for settings reference
• dcec6e7 docs: Modern landing page with custom template
• 5ea4eb3 docs: Add 2026 changelog and modernize README
• 0b96103 docs: Configure GitHub Pages deployment with custom domain
• Additional commits viewable in compare view

Updates obs-common from 2026.1.8 to 2026.1.21

Updates ruff from 0.14.10 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser

... (truncated)

Commits

• 8b2e7b3 Prepare release v0.14.14 (#22813)
• 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
• b7de434 add CCfW hooks (#22803)
• b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
• 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
• ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
• c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
• b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
• f516d47 Update contributing guide for adding a new rule (#22779)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.49.0 to 2.50.0

Release notes

Sourced from sentry-sdk's releases.

2.50.0

New Features ✨

Ai

• feat(ai): add cache writes for gen_ai by @​shellmayr in #5319
• feat(ai): add parse_data_uri function to parse a data URI by @​constantinius in #5311

Other

• feat(asyncio): Add on-demand way to enable AsyncioIntegration by @​sentrivana in #5288

  You can now enable the AsyncioIntegration on demand, after calling sentry_sdk.init(). This is useful in scenarios where you don't have the event loop running early on, or when you need to instrument multiple event loops.

import sentry_sdk
from sentry_sdk.integrations.asyncio import enable_asyncio_integration
Initializing the SDK as early as possible, when there is no event loop yet
sentry_sdk.init(
...
# No AsyncioIntegration in explicitly provided integrations
)
async def main():
enable_asyncio_integration()  # instruments the current event loop
# ...your code...

• feat(openai-agents): Inject propagation headers for HostedMCPTool by @​alexander-alderman-webb in #5297
• feat(stdlib): Handle proxy tunnels in httlib integration by @​sl0thentr0py in #5303
• feat: Support array types for logs and metrics attributes by @​alexander-alderman-webb in #5314

Bug Fixes 🐛

Integrations

• fix(integrations): google genai report image inputs by @​constantinius in #5337
• fix(integrations): google-genai: reworked gen_ai.request.messages extraction from parameters by @​constantinius in #5275
• fix(integrations): pydantic-ai: properly format binary input message parts to be conformant with the gen_ai.request.messages structure by @​constantinius in #5251
• fix(integrations): Anthropic: add content transformation for images and documents by @​constantinius in #5276
• fix(integrations): langchain add multimodal content transformation functions for images, audio, and files by @​constantinius in #5278

Litellm

• fix(litellm): fix gen_ai.request.messages to be as expected by @​constantinius in #5255
• fix(litellm): Guard against module shadowing by @​alexander-alderman-webb in #5249

Other

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.50.0

New Features ✨

Ai

• feat(ai): add cache writes for gen_ai by @​shellmayr in #5319
• feat(ai): add parse_data_uri function to parse a data URI by @​constantinius in #5311

Other

• feat(asyncio): Add on-demand way to enable AsyncioIntegration by @​sentrivana in #5288

  You can now enable the AsyncioIntegration on demand, after calling sentry_sdk.init(). This is useful in scenarios where you don't have the event loop running early on, or when you need to instrument multiple event loops.

import sentry_sdk
from sentry_sdk.integrations.asyncio import enable_asyncio_integration
Initializing the SDK as early as possible, when there is no event loop yet
sentry_sdk.init(
...
# No AsyncioIntegration in explicitly provided integrations
)
async def main():
enable_asyncio_integration()  # instruments the current event loop
# ...your code...

• feat(openai-agents): Inject propagation headers for HostedMCPTool by @​alexander-alderman-webb in #5297
• feat(stdlib): Handle proxy tunnels in httlib integration by @​sl0thentr0py in #5303
• feat: Support array types for logs and metrics attributes by @​alexander-alderman-webb in #5314

Bug Fixes 🐛

Integrations

• fix(integrations): google genai report image inputs by @​constantinius in #5337
• fix(integrations): google-genai: reworked gen_ai.request.messages extraction from parameters by @​constantinius in #5275
• fix(integrations): pydantic-ai: properly format binary input message parts to be conformant with the gen_ai.request.messages structure by @​constantinius in #5251
• fix(integrations): Anthropic: add content transformation for images and documents by @​constantinius in #5276
• fix(integrations): langchain add multimodal content transformation functions for images, audio, and files by @​constantinius in #5278

Litellm

• fix(litellm): fix gen_ai.request.messages to be as expected by @​constantinius in #5255
• fix(litellm): Guard against module shadowing by @​alexander-alderman-webb in #5249

... (truncated)

Commits

• 27b0bfd Update CHANGELOG.md
• 73857b4 release: 2.50.0
• d38b378 test(fastmcp): Narrow AttributeError try-except (#5339)
• e73e600 test(fastmcp): Stop accessing non-existent attribute (#5338)
• e0d42b9 chore(repo): Add Claude Code settings with basic permissions (#5342)
• 2585678 feat(stdlib): Handle proxy tunnels in httlib integration (#5303)
• e171009 fix(integrations): google genai report image inputs (#5337)
• 749d8e5 fix(integrations): google-genai: reworked gen_ai.request.messages extractio...
• ab5cdde feat(ai): add cache writes for gen_ai (#5319)
• 1970486 build(deps): bump getsentry/craft from 2.18.3 to 2.19.0 (#5331)
• Additional commits viewable in compare view

Updates sphinx-rtd-theme from 3.0.2 to 3.1.0

Changelog

Sourced from sphinx-rtd-theme's changelog.

3.1.0

• Added support for docutils 0.22
• Added support for Sphinx 9.x

.. _release-3.1.0rc2:

3.1.0rc2

• Added support for docutils 0.22

.. _release-3.1.0rc1:

3.1.0rc1

• Added support for Sphinx 9.x

.. _release-3.0.2:

Commits

• 795de79 Release 3.1.0 (#1676)
• 66d0fdd Add Python 3.14 to the test suite (#1668)
• fbe5e60 3.1.0rc2 with support for docutils 0.22 (#1674)
• a76174c Add support for docutils 0.22 (#1671)
• 20733c3 Add support for Sphinx 9.0.0 (#1666)
• 71aacd3 Update Code of Conduct URL (#1664)
• 5a26375 Run tests and build docs with Sphinx 8.2 (#1640)
• 8d4d394 Sidebar should not be floating on mobile (#1622)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions