Skip to content

chore(deps): update instructor requirement from ~=1.15.1 to ~=1.15.3 in /backend#154

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/instructor-approx-eq-1.15.3
Open

chore(deps): update instructor requirement from ~=1.15.1 to ~=1.15.3 in /backend#154
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/instructor-approx-eq-1.15.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on instructor to permit the latest version.

Release notes

Sourced from instructor's releases.

v1.15.3

What's Changed

New Contributors

Full Changelog: 567-labs/instructor@v1.15.1...v1.15.3

Changelog

Sourced from instructor's changelog.

[1.15.3] - 2026-06-15

Fixed

  • Bedrock: Route top_k/topK through additionalModelRequestFields instead of leaving it as a top-level Converse kwarg. AWS InferenceConfiguration only supports maxTokens/stopSequences/temperature/topP, so a leftover top_k reached client.converse(top_k=...) and boto3 raised ParamValidationError: Unknown parameter "top_k".
  • Gemini/GenAI: Fold generation_config (and safety_settings/thinking_config) into config when response_model=None, so plain-text calls no longer raise generate_content() got an unexpected keyword argument 'generation_config' (#2366).
  • v2 cleanup: Consolidate small provider/runtime fixes for Gemini JSON prompts, Cohere templating, JSON array extraction, iterable streaming, missing jsonref dependency guidance, retry semantics and hook metadata, and multimodal autodetection.

Tests / CI

  • Type checking: Upgrade to ty 0.0.44, enforce warning-free checks with GitHub annotations, cover V2 tests, validate supported Python versions and platforms, and strengthen installed-package public API typing tests.

[1.15.2] - 2026-05-10

Security

  • Logging: Redact sensitive request fields from debug logs, including nested auth headers such as Authorization and x-api-key. (#2297)

Fixed

  • Templating (GenAI/VertexAI): process_message no longer crashes with TypeError: Can't compile non template nodes when multimodal messages contain image/URI/bytes Parts alongside validation_context. Non-text Parts (where part.text is None) now pass through unchanged. (#2253)
  • Retry: IncompleteOutputException now propagates directly to the caller without being wrapped in InstructorRetryException, making except IncompleteOutputException catch blocks work as documented. Applies to both sync and async paths. (#2273)
  • Anthropic/Bedrock: Omit None fields from Anthropic tool-use retry payloads so Bedrock reasks no longer fail with HTTP 400 when caller=None. (#2301)
  • Responses streaming: Surface reasoning-summary events in RESPONSES_TOOLS partial streaming and await callback return values when they are awaitable. (#2299)

[1.15.1] - 2026-04-03

Security

  • Bedrock: Block remote HTTP(S) image URL fetching in _openai_image_part_to_bedrock — only data: URLs are now accepted, preventing SSRF via user-controlled image URLs
  • Bedrock/PDF: Block remote URL and local file fetching in PDF.to_bedrock — only base64 data or s3:// sources are now supported, preventing SSRF and local file disclosure

Added

  • Hooks: completion:error and completion:last_attempt handlers now receive attempt_number, max_attempts, and is_last_attempt as keyword arguments. Old-style handlers remain fully backward-compatible.
  • Anthropic: from_provider("anthropic/...") now sets a User-Agent: instructor/<version> header on the Anthropic client

Fixed

  • Anthropic usage: Initialize usage correctly for ANTHROPIC_REASONING_TOOLS and ANTHROPIC_PARALLEL_TOOLS modes — previously fell through to OpenAI usage tracking with wrong field names
  • OpenRouter: Use reask_md_json for OPENROUTER_STRUCTURED_OUTPUTS retries instead of reask_default (tool-call format), fixing malformed retry prompts
  • Templating: Return kwargs unchanged instead of None in handle_templating when message list is empty or format is unrecognized; process_message also now returns the original message unchanged for unrecognized formats instead of None
  • from_openai: Allow Mode.JSON_SCHEMA for the OpenAI provider — it was incorrectly blocked by the mode validation check
  • Bedrock: Pass through cachePoint dicts in message content unchanged — previously raised ValueError: Unsupported dict content for Bedrock, breaking prompt caching (regression since v1.13.0)
  • Bedrock: Allow Mode.MD_JSON in from_bedrock
  • Parallel tools: ParallelBase generator now consumed into ListResponse in both sync and async paths, fixing AttributeError when setting _raw_response on a generator

[1.15.0] - 2026-04-02

Security

  • Pin litellm to <=1.82.6 to block compromised versions 1.82.7 and 1.82.8 (#2219)
  • Make diskcache an optional dependency, removing it from all users' transitive dependency trees and mitigating CVE-2025-69872 (#2211)

... (truncated)

Commits
  • 754e4fb fix(v2): consolidate latest runtime and docs fixes (#2373)
  • 36394b8 fix(v2): consolidate minor runtime fixes (#2340)
  • 1ae7d71 chore(types): strengthen ty coverage (#2348)
  • b4aa28c ci: replace ai labeler with oss triage workflows (#2349)
  • 60cc815 refactor(v2): complete migration cleanup and typing coverage
  • 5e8e2d5 fix(retry): let IncompleteOutputException propagate without wrapping (#2280)
  • 06294f4 build: bump litellm upper bound to 1.83.7 (#2292)
  • fcaf722 fix(anthropic): exclude None fields when serialising tool-use blocks on reask...
  • f3349bf fix(logging): redact api_key and sensitive keys in handle_response_model debu...
  • 5d12a39 fix(streaming): surface reasoning summary events in RESPONSES_TOOLS mode (#2299)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): update instructor requirement in /backend
427378f 
Updates the requirements on [instructor](https://github.com/instructor-ai/instructor) to permit the latest version.
- [Release notes](https://github.com/instructor-ai/instructor/releases)
- [Changelog](https://github.com/567-labs/instructor/blob/main/CHANGELOG.md)
- [Commits](567-labs/instructor@v1.15.1...v1.15.3)

---
updated-dependencies:
- dependency-name: instructor
  dependency-version: 1.15.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 24, 2026
@dependabot dependabot Bot requested a review from vasu-devs as a code owner June 24, 2026 10:06
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 24, 2026
@vercel

vercel Bot commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
just-hire-me Ready Ready Preview, Comment Jun 24, 2026 10:07am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vasu-devs vasu-devs Awaiting requested review from vasu-devs vasu-devs is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants