build(deps): bump the minor-patch group across 2 directories with 10 updates

[dependabot]

Bumps the minor-patch group with 8 updates in the / directory:

Package	From	To
ddtrace	4.7.0	4.7.1
duckdb	1.5.1	1.5.2
deepeval	3.9.6	3.9.7
unstructured	0.21.5	0.22.21
ruff	0.15.10	0.15.11
boto3-stubs	1.42.88	1.42.91
fastmcp	3.2.3	3.2.4
mkdocstrings	1.0.3	1.0.4

Bumps the minor-patch group with 5 updates in the /django_app directory:

Package	From	To
duckdb	1.5.1	1.5.2
ruff	0.15.10	0.15.11
boto3-stubs	1.42.88	1.42.91
sentry-sdk	2.57.0	2.58.0
boto3	1.42.88	1.42.91

Updates ddtrace from 4.7.0 to 4.7.1

Release notes

Sourced from ddtrace's releases.

4.7.1

Estimated end-of-life date, accurate to within three months: 06-2027 See the support level definitions for more information.

Bug Fixes

• CI Visibility: This fix resolves an issue where a failure response from the /search_commits endpoint caused the git metadata upload to fall back to sending the full 30-day commit history instead of aborting. This fallback could trigger cascading write load on the backend. The upload now aborts when search_commits fails, matching the behavior when the /packfile upload itself fails.

• Fixed a race condition with internal periodic threads that could have caused a rare crash when forking.

• Fixes an issue where internal background threads could cause crashes or instability in applications that fork (e.g. Gunicorn, uWSGI) or during Python shutdown. Affected applications could experience intermittent crashes or hangs on exit.

• CI Visibility: This fix resolves an issue where pytest-xdist worker crashes (os._exit, SIGKILL, segfault) caused buffered test events to be lost. To enable eager flushing, set DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=1.

Commits

• 65fecc4 chore: update system tests ref sha [4.7 branch] (#17534)
• e0b3fd1 fix(ci_visibility): abort git upload when search_commits fails [backport #173...
• 11a06a5 chore: bump version in 4.7 branch to 4.7.1 (#17512)
• 6670bdb fix: periodic thread start race [backport 4.7] (#17497)
• b135340 fix: use shared event to avoid post-finalisation RAII [backport 4.7] (#17451)
• f966e0c chore: pin serverless-tools to a specific branch (#17466)
• 19267a4 fix(ci_visibility): mitigate xdist worker crash data loss with eager event fl...
• See full diff in compare view

Updates duckdb from 1.5.1 to 1.5.2

Release notes

Sourced from duckdb's releases.

v1.5.2 Bugfix Release

See the DuckDB core release notes here: https://github.com/duckdb/duckdb/releases/tag/v1.5.2

What's Changed in duckdb-python

• Type hints overhaul by @​OutSquareCapital in duckdb/duckdb-python#352
• Cache arrow schema for streaming types by @​evertlammerts in duckdb/duckdb-python#423
• Fix segfault on join with None by @​evertlammerts in duckdb/duckdb-python#422
• Fix stubs for path_or_buffer param by @​evertlammerts in duckdb/duckdb-python#425

Commits

• 2aea44e pin submodule at release hash
• 3aa2bf2 Fix stubs for path_or_buffer param (#425)
• 018fe05 Fix stubs for path_or_buffer param
• 0ef05d6 Fix segfault on join with None (#422)
• 4acb9f7 Fix segfault on join
• 6f161de Cache arrow schema for streaming types (#423)
• 87d6a31 Add CLAUDE.md
• ae356cb Cache the arrow schema for streams so we don't need an active client context
• b71639f Test that client context stays open on arrow streams
• 305d114 fix spark test (#421)
• Additional commits viewable in compare view

Updates deepeval from 3.9.6 to 3.9.7

Release notes

Sourced from deepeval's releases.

🎉 Metrics for AI agents, multi-turn synthetic data generation, and more!

Full support for agentic evals :)

If you're building agents, DeepEval can now analyze and give you metric scores based on the trace of your LLM app.

🎯 1. Task Completion

Evaluate whether an agent actually completes the intended task, not just whether its final output “looks correct.”

Captures:

• Goal completion
• Intermediate step correctness
• Error recovery
• Procedural accuracy

Docs: https://deepeval.com/docs/metrics-task-completion

---

🔧 2. Tool Correctness

Evaluates whether tools were invoked correctly, meaningfully, and in the right order.

Captures:

• Correct tool usage
• Correct argument formatting
• Avoiding hallucinated tools
• Using tools only when needed

Docs: https://deepeval.com/docs/metrics-tool-correctness

---

🧩 3. Argument Correctness

Evaluates whether the agent’s arguments to tools are valid, structured, and aligned to the task.

Captures:

• Correct parameter selection
• Type/format adherence
• Logical argument formation
• Avoiding semantically incorrect inputs

Docs: https://deepeval.com/docs/metrics-argument-correctness

---

⚡ 4. Step Efficiency

Measures how efficiently an agent completes a task — rewarding fewer unnecessary steps and penalizing detours.

Captures:

• Optimality of step count
• Redundant tool calls

... (truncated)

Commits

• df6fe6d new release
• 11bb795 fix pricing test
• 84f26f3 Merge pull request #2584 from Ajay6601/feat/add-claude-4.6-models
• 83a92b2 Merge pull request #2598 from aerosta/fix/conversational-golden-drops-expecte...
• 999dff7 fix test
• cbb02ca reformat
• 5917aaf model cost test
• ec9da13 Merge pull request #2601 from tiffanychum/fix/gpt-5-2-trace-token-cost-tracking
• decfea6 fix tracing test
• 440bf4b Merge pull request #2606 from A-Vamshi/main
• Additional commits viewable in compare view

Updates unstructured from 0.21.5 to 0.22.21

Release notes

Sourced from unstructured's releases.

0.22.21

What's Changed

• feat: add option to skip table chunking by @​badGarnet in Unstructured-IO/unstructured#4338

Full Changelog: Unstructured-IO/unstructured@0.22.20...0.22.21

0.22.20

What's Changed

• Fix fixtures update CI to regenerate markdown by @​vladimir-kivi-ds in Unstructured-IO/unstructured#4332
• fix(deps): upgrade vulnerable transitive dependencies [security] by @​utic-github-cicd-token-generator[bot] in Unstructured-IO/unstructured#4334
• feat: add GHA workflow to build opencv wheels without ffmpeg by @​lawrence-u10d in Unstructured-IO/unstructured#4335
• Enable vertical text detection for rotated images by @​vladimir-kivi-ds in Unstructured-IO/unstructured#4328

New Contributors

• @​utic-github-cicd-token-generator[bot] made their first contribution in Unstructured-IO/unstructured#4334

Full Changelog: Unstructured-IO/unstructured@0.22.18...0.22.20

0.22.18

What's Changed

• fix(chunking): preserve semantic headers in carried table chunks by @​cragwolfe in Unstructured-IO/unstructured#4313
• feat: add page number support to v1 html partition by @​badGarnet in Unstructured-IO/unstructured#4327

Full Changelog: Unstructured-IO/unstructured@0.22.16...0.22.18

0.22.16

Enhancements

• Formula markdown export (element_to_md / elements_to_md): New keyword-only formula_markdown_style ("auto", "display_math", "plain"; default "auto"). In "auto", display math ($$ ... $$) is used only when the text looks like notation (heuristic score) and contains no $/$$ (avoids breaking Markdown and noisy OCR captions). "display_math" wraps whenever safe (still falls back to plain if $ would corrupt fences). "plain" emits text only. Optional normalize_formula (default True) maps common Unicode operators to LaTeX-like tokens; normalize_formula stays before keyword-only options so positional encoding / no_group_by_page callers are unchanged. Unicode √ is never mapped to \\sqrt{}. Module constants: FORMULA_MARKDOWN_AUTO, FORMULA_MARKDOWN_DISPLAY_MATH, FORMULA_MARKDOWN_PLAIN.

0.22.15

Security

• security: fix(deps): upgrade vulnerable transitive dependencies [security]

0.22.14

Enhancements

• Deduplicate PDF rendering: Remove _render_pdf_pages and delegate to unstructured-inference's convert_pdf_to_image (which already has lazy per-page rendering). Peak memory for path_only=True drops from O(n_pages) to O(1 page) — 97% reduction on a 100-page PDF. Bumps inference dep to >=1.6.2.

0.22.13

Enhancements

• Speed up standardize_quotes: Replace loop-based character replacement with a single str.translate() call using a pre-computed translation table. Also fixes a pre-existing bug where left smart quotes were never normalized due to duplicate dictionary keys.

0.22.12

What's Changed

... (truncated)

Changelog

Sourced from unstructured's changelog.

0.22.21

Enhancements

• Skip table chunking option: Add skip_table_chunking to basic/title chunking options. When True, Table elements are passed through unchanged without being split into TableChunk elements, regardless of their size. Defaults to False to preserve existing behavior.

0.22.20

Enhancements

• Auto-detect vertical text for rotated PDFs: Add detect_vertical field to PDFMinerConfig and auto-enable it when rendered pages have /Rotate metadata, so pdfminer groups rotated text into proper words instead of per-character regions

0.22.19

Security

• security: fix(deps): upgrade vulnerable transitive dependencies [security]

0.22.18

Fixes

• Make ingest-test-fixtures-update-pr CI job also update the markdown versions of the fixtures.

Enhancements

• Add page number support to v1 HTML parser: The v1 HTML parser now reads data-page-number attributes from ancestor elements and includes the page number in element metadata, consistent with the v2 parser behavior.

0.22.17

Fixes

• Preserve semantic table headers across carried chunks: Carried rows in split table chunks now keep original header semantics (th stays th, including section header rows and wrapped header text), preventing header cells from degrading to data cells in continuation chunks.

0.22.16

Enhancements

• Formula markdown export (element_to_md / elements_to_md): New keyword-only formula_markdown_style ("auto", "display_math", "plain"; default "auto"). In "auto", display math ($$ ... $$) is used only when the text looks like notation (heuristic score) and contains no $/$$ (avoids breaking Markdown and noisy OCR captions). "display_math" wraps whenever safe (still falls back to plain if $ would corrupt fences). "plain" emits text only. Optional normalize_formula (default True) maps common Unicode operators to LaTeX-like tokens; normalize_formula stays before keyword-only options so positional encoding / no_group_by_page callers are unchanged. Unicode √ is never mapped to \\sqrt{}. Module constants: FORMULA_MARKDOWN_AUTO, FORMULA_MARKDOWN_DISPLAY_MATH, FORMULA_MARKDOWN_PLAIN.

0.22.15

Security

• security: fix(deps): upgrade vulnerable transitive dependencies [security]

0.22.14

Enhancements

... (truncated)

Commits

• 3ac4443 feat: add option to skip table chunking (#4338)
• dfb1653 Enable vertical text detection for rotated images (#4328)
• d0aa8eb feat: add GHA workflow to build opencv wheels without ffmpeg (#4335)
• 029f491 fix(deps): upgrade vulnerable transitive dependencies [security] (#4334)
• 2437078 Fix fixtures update CI to regenerate markdown (#4332)
• d299095 feat: add page number support to v1 html partition (#4327)
• 615782a fix(chunking): preserve semantic headers in carried table chunks (#4313)
• 264d569 feat: render Formula elements as $$ blocks with optional normalization (#4308)
• 051b358 fix(deps): upgrade vulnerable transitive dependencies [security] (#4318)
• affb9d6 refactor: deduplicate PDF rendering by delegating to unstructured-inference (...
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates boto3-stubs from 1.42.88 to 1.42.91

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates fastmcp from 3.2.3 to 3.2.4

Release notes

Sourced from fastmcp's releases.

v3.2.4: Patch Me If You Can

A grab bag of fixes, hardening, and polish.

The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.

Security got three meaningful upgrades. FileUpload now validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.

Schema handling had a rough-edges pass. json_schema_to_type no longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by stripping title fields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.

Plus a Keycloak OAuth provider for enterprise auth, improvements to ctx.elicit() (new response_title/response_description, deprecation warning when called without response_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.

What's Changed

Breaking Changes ⚠️

• Scope tasks to authorization context, not session by @​chrisguidry in PrefectHQ/fastmcp#3800

Enhancements ✨

• Bump pydocket>=0.19.0, drop fakeredis pin by @​chrisguidry in PrefectHQ/fastmcp#3822
• Add real-world schema crash test (232K schemas from APIs.guru) by @​strawgate in PrefectHQ/fastmcp#3826
• Enable 7 zero-violation ruff rules by @​strawgate in PrefectHQ/fastmcp#3841
• Promote 7 ty rules from ignore to warn by @​strawgate in PrefectHQ/fastmcp#3852
• Replace ___ with hash-based backend tool routing and per-tool prefab resources by @​jlowin in PrefectHQ/fastmcp#3824
• Enable 4 ruff rules (DTZ, ERA, ISC, INP) and fix 9 violations by @​strawgate in PrefectHQ/fastmcp#3842
• Extract parameter descriptions from docstrings by @​jlowin in PrefectHQ/fastmcp#3872
• ci: speed up schema crash test (CSafeLoader + xdist-safe aggregation) by @​jlowin in PrefectHQ/fastmcp#3873
• test: bump OpenAPI init perf threshold to 200ms for Windows CI by @​jlowin in PrefectHQ/fastmcp#3879
• refactor: unify object-schema conversion through _object_schema_to_type by @​jlowin in PrefectHQ/fastmcp#3884
• Add Keycloak OAuth Provider for Enterprise Authentication and local dev by @​stephaneberle9 in PrefectHQ/fastmcp#1937
• Allow auth providers to override protected resource base URLs by @​aaazzam in PrefectHQ/fastmcp#3900
• Enable PERF and T20 ruff rules by @​strawgate in PrefectHQ/fastmcp#3845
• Add response_title and response_description to ctx.elicit() by @​jlowin in PrefectHQ/fastmcp#3912
• Deprecate ctx.elicit() without response_type by @​jlowin in PrefectHQ/fastmcp#3916

Security 🔒

• Validate actual base64 data size in FileUpload, not client-reported size by @​strawgate in PrefectHQ/fastmcp#3816
• Stop forwarding inbound HTTP headers to unrelated remote servers by @​jlowin in PrefectHQ/fastmcp#3837
• AuthKit: auto-bind token audience to resource URL (RFC 8707) by @​jlowin in PrefectHQ/fastmcp#3905

Fixes 🐞

• Version-check is_docket_available() to avoid transitive pydocket crash by @​jlowin in PrefectHQ/fastmcp#3807
• fix: materialize generators before result conversion, handle bytes gracefully by @​strawgate in PrefectHQ/fastmcp#3830
• Fix json_schema_to_type crashes on keywords, boolean schemas, empty enums, and name collisions by @​strawgate in PrefectHQ/fastmcp#3818
• fix: replace or with is not None checks for config/override merging by @​strawgate in PrefectHQ/fastmcp#3833
• fix: TransformedTool sync fn crash and schema mutation by @​strawgate in PrefectHQ/fastmcp#3823
• fix: cross-provider duplicate detection, error visibility, mask propagation by @​strawgate in PrefectHQ/fastmcp#3827
• fix: don't pass HTTP kwargs when transport is unspecified by @​strawgate in PrefectHQ/fastmcp#3838
• fix: strip title fields from tool schemas for Gemini 2.5 Flash compatibility by @​strawgate in PrefectHQ/fastmcp#3861
• fix: retry when LLM returns text instead of calling final_response by @​strawgate in PrefectHQ/fastmcp#3850
• Raise on unhandled content types in sampling handler dispatch chains by @​strawgate in PrefectHQ/fastmcp#3857
• Fix broken code examples in docs by @​strawgate in PrefectHQ/fastmcp#3869
• fix: GoogleGenaiSamplingHandler leaks thought parts and gives unhelpful errors on empty responses by @​strawgate in PrefectHQ/fastmcp#3849

... (truncated)

Commits

• 7d76074 Stop pydantic 2.13 from leaking _WrappedResult docstring into tool output sch...
• b732a4a Overhaul apps docs (#3915)
• 5c2ff1b chore: Update SDK documentation (#3914)
• f4f2ec0 Deprecate ctx.elicit() without response_type (#3916)
• 338b80c chore(deps): bump the uv group across 2 directories with 1 update (#3913)
• 110cd3a Add response_title and response_description to ctx.elicit() (#3912)
• 3117846 chore: Update SDK documentation (#3909)
• 031c7e0 Fix RetryMiddleware not retrying tool errors (#3858)
• 200d79e Enable PERF and T20 ruff rules (#3845)
• 82f310f AuthKit: auto-bind token audience to resource URL (RFC 8707) (#3905)
• Additional commits viewable in compare view

Updates mkdocstrings from 1.0.3 to 1.0.4

Release notes

Sourced from mkdocstrings's releases.

1.0.4

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Changelog

Sourced from mkdocstrings's changelog.

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Commits

• a938528 chore: Prepare release 1.0.4
• 1eaa224 ci: Lint and type-check
• 80e090d Merge branch 'main' of github.com:mkdocstrings/mkdocstrings
• 5f82a58 chore: Template upgrade
• 3d1969a fix: Add timeout when downloading inventories (10 seconds)
• a0c47b9 docs: Fix broken link in README
• e500a2b chore: Update sponsors section in README
• See full diff in compare view

Updates ddtrace from 4.7.0 to 4.7.1

Release notes

Sourced from ddtrace's releases.

4.7.1

Estimated end-of-life date, accurate to within three months: 06-2027 See the support level definitions for more information.

Bug Fixes

• CI Visibility: This fix resolves an issue where a failure response from the /search_commits endpoint caused the git metadata upload to fall back to sending the full 30-day commit history instead of aborting. This fallback could trigger cascading write load on the backend. The upload now aborts when search_commits fails, matching the behavior when the /packfile upload itself fails.

• Fixed a race condition with internal periodic threads that could have caused a rare crash when forking.

• Fixes an issue where internal background threads could cause crashes or instability in applications that fork (e.g. Gunicorn, uWSGI) or during Python shutdown. Affected applications could experience intermittent crashes or hangs on exit.

• CI Visibility: This fix resolves an issue where pytest-xdist worker crashes (os._exit, SIGKILL, segfault) caused buffered test events to be lost. To enable eager flushing, set DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=1.

Commits

• 65fecc4 chore: update system tests ref sha [4.7 branch] (#17534)
• e0b3fd1 fix(ci_visibility): abort git upload when search_commits fails [backport #173...
• 11a06a5 chore: bump version in 4.7 branch to 4.7.1 (#17512)
• 6670bdb fix: periodic thread start race [backport 4.7] (#17497)
• b135340 fix: use shared event to avoid post-finalisation RAII [backport 4.7] (#17451)
• f966e0c chore: pin serverless-tools to a specific branch (#17466)
• 19267a4 fix(ci_visibility): mitigate xdist worker crash data loss with eager event fl...
• See full diff in compare view

Updates duckdb from 1.5.1 to 1.5.2

Release notes

Sourced from duckdb's releases.

v1.5.2 Bugfix Release

See the DuckDB core release notes here: https://github.com/duckdb/duckdb/releases/tag/v1.5.2

What's Changed in duckdb-python

• Type hints overhaul by @​OutSquareCapital in duckdb/duckdb-python#352
• Cache arrow schema for streaming types by @​evertlammerts in duckdb/duckdb-python#423
• Fix segfault on join with None by @​evertlammerts in duckdb/duckdb-python#422
• Fix stubs for path_or_buffer param by @​evertlammerts in duckdb/duckdb-python#425

Commits

• 2aea44e pin submodule at release hash
• 3aa2bf2 Fix stubs for path_or_buffer param (#425)
• 018fe05 Fix stubs for path_or_buffer param
• 0ef05d6 Fix segfault on join with None (#422)
• 4acb9f7 Fix segfault on join
• 6f161de Cache arrow schema for streaming types (#423)
• 87d6a31 Add CLAUDE.md
• ae356cb Cache the arrow schema for streams so we don't need an active client context
• b71639f Test that client context stays open on arrow streams
• 305d114 fix spark test (#421)
• Additional commits viewable in compare view

Updates unstructured from 0.21.5 to 0.22.21

Release notes

Sourced from unstructured's releases.

0.22.21

What's Changed

• feat: add option to skip table chunking by @​badGarnet in Unstructured-IO/unstructured#4338

Full Changelog: Unstructured-IO/unstructured@0.22.20...0.22.21

0.22.20

What's Changed

• Fix fixtures update CI to regenerate markdown by @​vladimir-kivi-ds in Unstructured-IO/unstructured#4332
• fix(deps): upgrade vulnerable transitive dependencies [security] by @​utic-github-cicd-token-generator[bot] in Unstructured-IO/unstructured#4334
• feat: add GHA workflow to build opencv wheels without ffmpeg by @​lawrence-u10d in Unstructured-IO/unstructured#4335
• Enable vertical text detection for rotated images by @​vladimir-kivi-ds in Unstructured-IO/unstructured#4328

New Contributors

• @​utic-github-cicd-token-generator[bot] made their first contribution in Unstructured-IO/unstructured#4334

Full Changelog: Unstructured-IO/unstructured@0.22.18...0.22.20

0.22.18

What's Changed

• fix(chunking): preserve semantic headers in carried table chunks by @​cragwolfe in Unstructured-IO/unstructured#4313
• feat: add page number support to v1 html partition by @​badGarnet in Unstructured-IO/unstructured#4327

Full Changelog: Unstructured-IO/unstructured@0.22.16...0.22.18

0.22.16

Enhancements

• Formula markdown export (element_to_md / elements_to_md): New keyword-only formula_markdown_style ("auto", "display_math", "plain"; default "auto"). In "auto", display math ($$ ... $$) is used only when the text looks like notation (heuristic score) and contains no $/$$ (avoids breaking Markdown and noisy OCR captions). "display_math" wraps whenever safe (still falls back to plain if $ would corrupt fences). "plain" emits text only. Optional normalize_formula (default True) maps common Unicode operators to LaTeX-like tokens; normalize_formula stays before keyword-only options so positional encoding / no_group_by_page callers are unchanged. Unicode √ is never mapped to \\sqrt{}. Module constants: FORMULA_MARKDOWN_AUTO, FORMULA_MARKDOWN_DISPLAY_MATH, FORMULA_MARKDOWN_PLAIN.

0.22.15

Security

• security: fix(deps): upgrade vulnerable transitive dependencies [security]

0.22.14

Enhancements

• Deduplicate PDF rendering: Remove _render_pdf_pages and delegate to unstructured-inference's convert_pdf_to_image (which already has lazy per-page rendering). Peak memory for path_only=True drops from O(n_pages) to O(1 page) — 97% reduction on a 100-page PDF. Bumps inference dep to >=1.6.2.

0.22.13

Enhancements

• Speed up standardize_quotes: Replace loop-based character replacement with a single str.translate() call using a pre-computed translation table. Also fixes a pre-existing bug where left smart quotes were never normalized due to duplicate dictionary keys.

0.22.12

What's Changed

... (truncated)

Changelog

Sourced from unstructured's changelog.

0.22.21

Enhancements

• Skip table chunking option: Add skip_table_chunking to basic/title chunking options. When True, Table elements are passed through unchanged without being split into TableChunk elements, regardless of their size. Defaults to False to preserve existing behavior.

0.22.20

Enhancements

• Auto-detect vertical text for rotated PDFs: Add detect_vertical field to PDFMinerConfig and auto-enable it when rendered pages have /Rotate metadata, so pdfminer groups rotated text into proper words instead of per-character regions

0.22.19

Security

• security: fix(deps): upgrade vulnerable transitive dependencies [security]

0.22.18

Fixes

• Make ingest-test-fixtures-update-pr CI job also update the markdown versions of the fixtures.

Enhancements

• Add page number support to v1 HTML parser: The v1 HTML parser now reads data-page-number attributes from ancestor elements and includes the page number in element metadata, consistent with the v2 parser behavior.

0.22.17

Fixes

• Preserve semantic table headers across carried chunks: Carried rows in split table chunks now keep original header semantics (th stays th, including section header rows and wrapped header text), preventing header cells from degrading to data cells in continuation chunks.

0.22.16

Enhancements

• Formula markdown export (element_to_md / elements_to_md): New keyword-only formula_markdown_style ("auto", "display_math", "plain"; default "auto"). In "auto", display math ($$ ... $$) is used only when the text looks like notation (heuristic score) and contains no $/$$ (avoids breaking Markdown and noisy OCR captions). "display_math" wraps whenever safe (still falls back to plain if $ would corrupt fences). Description has been truncated

[github-actions]

Auto approved Dependabot patch/minor update

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/boto3	1.42.91	🟢 7.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
pip/boto3-stubs	1.42.91	Unknown	Unknown
pip/botocore	1.42.91	🟢 8.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 10 SAST tool is run on all commits
pip/duckdb	1.5.2	Unknown	Unknown
pip/ruff	0.15.11	Unknown	Unknown
pip/sentry-sdk	2.58.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 23/25 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/boto3	1.42.91	🟢 7.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
pip/boto3-stubs	1.42.91	Unknown	Unknown
pip/botocore	1.42.91	🟢 8.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 10 SAST tool is run on all commits
pip/ddtrace	4.7.1	Unknown	Unknown
pip/deepeval	3.9.7	Unknown	Unknown
pip/djangorestframework	3.17.1	Unknown	Unknown
pip/duckdb	1.5.2	Unknown	Unknown
pip/fastmcp	3.2.4	Unknown	Unknown
pip/mkdocstrings	1.0.4	Unknown	Unknown
pip/openai-whisper	20250625	Unknown	Unknown
pip/opentelemetry-api	1.41.0	Unknown	Unknown
pip/opentelemetry-sdk	1.41.0	Unknown	Unknown
pip/opentelemetry-semantic-conventions	0.62b0	Unknown	Unknown
pip/pandas	2.3.3	Unknown	Unknown
pip/posthog	7.12.0	Unknown	Unknown
pip/pytz	2026.1.post1	Unknown	Unknown
pip/requests	2.33.1	Unknown	Unknown
pip/ruff	0.15.11	Unknown	Unknown
pip/sentry-sdk	2.58.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 23/25 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/tiktoken	0.12.0	Unknown	Unknown
pip/unstructured	0.22.21	Unknown	Unknown
pip/unstructured-inference	1.6.6	Unknown	Unknown
pip/wrapt	2.1.2	Unknown	Unknown

Scanned Files

• django_app/poetry.lock
• poetry.lock

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.