build(deps): bump the code-reviewer-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the code-reviewer-dependencies group with 8 updates in the /code_reviewer directory:

Package	From	To
claude-agent-sdk	0.1.48	0.2.87
pydantic	2.12.5	2.13.4
rich	14.3.3	15.0.0
pytest	8.4.2	9.0.3
pytest-asyncio	1.3.0	1.4.0
ruff	0.15.6	0.15.15
mypy	1.19.1	2.1.0
google-genai	1.67.0	2.7.0

Updates claude-agent-sdk from 0.1.48 to 0.2.87

Release notes

Sourced from claude-agent-sdk's releases.

v0.2.87

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.150
• Switched CI workflows from static API key to Workload Identity Federation for Claude authentication, using short-lived tokens instead of long-lived secrets (#984)

---

PyPI: https://pypi.org/project/claude-agent-sdk/0.2.87/

pip install claude-agent-sdk==0.2.87

v0.2.86

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.149

---

PyPI: https://pypi.org/project/claude-agent-sdk/0.2.86/

pip install claude-agent-sdk==0.2.86

v0.2.85

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.148

---

PyPI: https://pypi.org/project/claude-agent-sdk/0.2.85/

pip install claude-agent-sdk==0.2.85

v0.2.84

Internal/Other Changes

... (truncated)

Changelog

Sourced from claude-agent-sdk's changelog.

0.2.87

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.150
• Switched CI workflows from static API key to Workload Identity Federation for Claude authentication, using short-lived tokens instead of long-lived secrets (#984)

0.2.86

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.149

0.2.85

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.148

0.2.84

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.147

0.2.83

Internal/Other Changes

• Updated bundled Claude CLI to version 2.1.146

0.2.82

New Features

• EffortLevel type export: Added a public EffortLevel type alias for Claude effort string levels ("low", "medium", "high", "max", "xhigh") and exported it from the package root, making it available for downstream SDK wrappers and type annotations (#951)

Bug Fixes

• Stderr callback isolation: Fixed an issue where a user-provided stderr callback that raises an exception would silently terminate the stderr reader loop, dropping all subsequent stderr lines for the rest of the session. Exceptions are now caught per-line so a failing callback does not prevent delivery of later lines (#932)
• CancelledError in eager-flush done callback: Fixed noisy Exception in callback log messages on shutdown when pending eager-flush tasks were cancelled. The done callback now gracefully handles CancelledError instead of unconditionally calling Task.exception() (#931)
• Tighter permission_suggestions type: Replaced list[Any] | None with list[dict[str, Any]] | None on SDKControlPermissionRequest.permission_suggestions, enabling proper type-checking on consumers of that field (#955)

Documentation

• Clarified that hooks dispatch for a given event is concurrent (all matchers fire in parallel), not sequential, preventing incorrect assumptions about ordering-dependent hooks like rate limiters gating subsequent hooks (#956)

Internal/Other Changes

• Bumped mcp dependency lower bound to >=1.23.0 to address GHSA-9h52-p55h-vw2f (CVE-2025-66416), which disables DNS rebinding protection by default in older versions (#927)

... (truncated)

Commits

• 9970096 docs: update changelog for v0.2.87
• 2237c9e chore: release v0.2.87
• a6146c2 chore: bump bundled CLI version to 2.1.150
• 3471a9f Use workload identity federation for Claude auth in CI workflows (#984)
• 095a8b3 docs: update changelog for v0.2.86
• dd06657 chore: release v0.2.86
• 1113acf chore: bump bundled CLI version to 2.1.149
• 2a3720d docs: update changelog for v0.2.85
• eee6bf4 chore: release v0.2.85
• 0bc333f chore: bump bundled CLI version to 2.1.148
• Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• Additional commits viewable in compare view

Updates rich from 14.3.3 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

Commits

• 6ac483c correction
• 458a910 Merge pull request #4080 from Textualize/bump1500
• 82e06e0 changelog
• d6556bc bump to 15.0.0
• ffe2edc Merge pull request #4079 from Textualize/inline-table-code
• cf3b5a1 changelog
• 77f0edb remove comments
• 7ef2d05 fix inline code in table cells
• 19c67b9 Merge pull request #4077 from Textualize/isattry
• 494b795 changelog
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates ruff from 0.15.6 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser
• @​Ruchir28

... (truncated)

Commits

• db5aa0a Bump 0.15.15 (#25431)
• 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
• e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
• 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
• 7e1bc1e Add agent skills for working on ty (#25422)
• 574e107 Expand semantic syntax errors for invalid walruses (#25415)
• 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
• 5432709 Refine a few agents instructions (#25423)
• 3cb09eb [ty] Support typing.TypeForm (#25334)
• c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
• Additional commits viewable in compare view

Updates mypy from 1.19.1 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Enable incremental self-compilation (Vaggelis Danias, PR 21369)
• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates google-genai from 1.67.0 to 2.7.0

Release notes

Sourced from google-genai's releases.

v2.7.0

2.7.0 (2026-05-27)

Features

• Additional computer_use field support for vertex. (b4828fa)
• interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (543137b)
• interaction-api: Enable BigQuery tool in Deep Research config. (5dc17e5)
• Support Reinforcement Tuning in GenAI SDK (0ead888)

v2.6.0

2.6.0 (2026-05-21)

Features

• Add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (b1f632d)
• Add budget_exceeded status (15443c0)
• Add gemini-3.5-flash (15443c0)
• Add new fields (2910346)

Documentation

• Replace vertexai with enterprise in Client instantiation (c1c6df7)

v2.5.0

2.5.0 (2026-05-20)

Features

• Add Gemini 3.5 Flash model to options (706fd02)

v2.4.0

2.4.0 (2026-05-17)

Features

• Support Agent and Environment APIs. (ef20d6b)

Bug Fixes

• Output_text for turns that don't end with text. (2afdeff)
• Pass max_line_length to readline() to prevent LineTooLong on large SSE lines with MTLS. (0e8f7bb)

v2.3.0

... (truncated)

Changelog

Sourced from google-genai's changelog.

2.7.0 (2026-05-27)

Features

• Additional computer_use field support for vertex. (b4828fa)
• interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (543137b)
• interaction-api: Enable BigQuery tool in Deep Research config. (5dc17e5)
• Support Reinforcement Tuning in GenAI SDK (0ead888)

2.6.0 (2026-05-21)

Features

• Add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (b1f632d)
• Add budget_exceeded status (15443c0)
• Add gemini-3.5-flash (15443c0)
• Add new fields (2910346)

Documentation

• Replace vertexai with enterprise in Client instantiation (c1c6df7)

2.5.0 (2026-05-20)

Features

• Add Gemini 3.5 Flash model to options (706fd02)

2.4.0 (2026-05-17)

Features

• Support Agent and Environment APIs. (ef20d6b)

Bug Fixes

• Output_text for turns that don't end with text. (2afdeff)
• Pass max_line_length to readline() to prevent LineTooLong on large SSE lines with MTLS. (0e8f7bb)

2.3.0 (2026-05-15)

Features

... (truncated)

Commits

• 5d0dff8 chore(main): release 2.7.0 (#2501)
• b4828fa feat: additional computer_use field support for vertex.
• 543137b feat(interaction-api): Allow "text/csv" as a supported document mime type for...
• 5dc17e5 feat(interaction-api): Enable BigQuery tool in Deep Research config.
• cd66b68 chore: Internal cleanup
• 0ead888 feat: Support Reinforcement Tuning in GenAI SDK
• a682e6a chore(main): release 2.6.0 (#2485)
• b1f632d feat: add enable_prompt_injection_detection for Computer Use feature for th...
• 2910346 feat: add new fields
• 15443c0 feat: Add budget_exceeded status
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions