chore(deps): bump the production-dependencies group across 1 directory with 2 updates

[dependabot]

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the production-dependencies group with 2 updates in the / directory: bentoml and openai.

Updates bentoml from 1.4.23 to 1.4.39

Release notes

Sourced from bentoml's releases.

v1.4.39

What's Changed

• ci: pre-commit autoupdate [skip ci] by @​pre-commit-ci[bot] in bentoml/BentoML#5593
• fix: prevent following symlinks when copying files in BentoStore by @​frostming in bentoml/BentoML#5598
• fix: add sharing=locked to BuildKit cache mounts for multi-arch builds by @​lawrence3699 in bentoml/BentoML#5597
• fix: enhance Dockerfile generation by normalizing base image lines and adding tests by @​frostming in bentoml/BentoML#5603
• fix: defer prometheus_client import in bentoml.metrics to fix histogram collection in multiprocess mode by @​ramkrishs in bentoml/BentoML#5602
• ci: pre-commit autoupdate [skip ci] by @​pre-commit-ci[bot] in bentoml/BentoML#5605
• fix: handle string input in FileSchema by encoding to UTF-8 by @​frostming in bentoml/BentoML#5606

New Contributors

• @​lawrence3699 made their first contribution in bentoml/BentoML#5597
• @​ramkrishs made their first contribution in bentoml/BentoML#5602

Full Changelog: bentoml/BentoML@v1.4.38...v1.4.39

v1.4.38

What's Changed

• feat: native support for src-layout projects by @​VedantMadane in bentoml/BentoML#5555
• fix: switch to SandboxedEnvironment and remove unused Jinja2 extensions by @​frostming in bentoml/BentoML#5591
• fix: use correct NVIDIA CUDA base images for debian distro by @​mattmorganpdx in bentoml/BentoML#5590

New Contributors

• @​mattmorganpdx made their first contribution in bentoml/BentoML#5590

Full Changelog: bentoml/BentoML@v1.4.37...v1.4.38

v1.4.37

What's Changed

• docs: Update slack to forum link by @​Sherlock113 in bentoml/BentoML#5567
• fix: correctly load bentoml.models.HuggingFaceModel in container by @​nickthegroot in bentoml/BentoML#5582
• chore(deps): bump docker/setup-qemu-action from 3 to 4 by @​dependabot[bot] in bentoml/BentoML#5564
• chore(deps): bump marocchino/sticky-pull-request-comment from 2 to 3 by @​dependabot[bot] in bentoml/BentoML#5571
• chore(deps): bump docker/setup-buildx-action from 3 to 4 by @​dependabot[bot] in bentoml/BentoML#5565
• fix: resolve SQLite 'database is locked' errors under high concurrency by @​VedantMadane in bentoml/BentoML#5558
• fix: shell quote system package names in Dockerfile templates and image commands by @​frostming in bentoml/BentoML#5583
• fix: reorder histogram samples in multiprocess prometheus output by @​saivedant169 in bentoml/BentoML#5570

New Contributors

• @​nickthegroot made their first contribution in bentoml/BentoML#5582
• @​saivedant169 made their first contribution in bentoml/BentoML#5570

Full Changelog: bentoml/BentoML@v1.4.36...v1.4.37

v1.4.36

What's Changed

• fix: correct typo 'seperators' to 'separators' by @​thecaptain789 in bentoml/BentoML#5546
• Reapply "feat: new image API: build_include" (#5531) by @​frostming in bentoml/BentoML#5539
• fix: resolve AnyIO NoEventLoopError when calling sync API from async API by @​paipeline in bentoml/BentoML#5550
• fix: Set SQLite busy_timeout and WAL mode to prevent 'database is locked' under concurrency by @​VedantMadane in bentoml/BentoML#5551

... (truncated)

Commits

• e570eb2 fix: handle string input in FileSchema by encoding to UTF-8 (#5606)
• 9be89a2 ci: pre-commit autoupdate [skip ci] (#5605)
• 32230a5 fix: defer prometheus_client import in bentoml.metrics to fix histogram colle...
• 9cddd66 fix: enhance Dockerfile generation by normalizing base image lines and adding...
• f488962 fix: add sharing=locked to BuildKit cache mounts for multi-arch builds (#5597)
• 5fb7cd4 fix: prevent following symlinks when copying files in BentoStore (#5598)
• 0ff0b9e ci: pre-commit autoupdate [skip ci] (#5593)
• 009d68e fix: use correct NVIDIA CUDA base images for debian distro (#5590)
• 716daf4 fix: switch to SandboxedEnvironment and remove unused Jinja2 extensions (#5591)
• 79fbea5 fix: shell quote system package names in setup script to prevent command inje...
• Additional commits viewable in compare view

Updates openai from 1.90.0 to 2.40.0

Release notes

Sourced from openai's releases.

v2.40.0

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

• api: Add Amazon Bedrock Responses support

Bug Fixes

• api: allow setting bedrock api keys on the client directly (4d5bfde)

v2.39.0

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)

v2.38.0

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

v2.37.0

2.37.0 (2026-05-13)

Full Changelog: v2.36.0...v2.37.0

Features

• api: add service_tier parameter to responses compact method (625827c)
• internal/types: support eagerly validating pydantic iterators (7e527bc)
• Remove unnecessary client_id when using workload identity provider for auth (c39ea8d)

... (truncated)

Changelog

Sourced from openai's changelog.

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

• api: Add Amazon Bedrock Responses support

Bug Fixes

• api: allow setting bedrock api keys on the client directly (4d5bfde)

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

2.37.0 (2026-05-13)

Full Changelog: v2.36.0...v2.37.0

Features

• api: add service_tier parameter to responses compact method (625827c)
• internal/types: support eagerly validating pydantic iterators (7e527bc)
• Remove unnecessary client_id when using workload identity provider for auth (c39ea8d)

Bug Fixes

... (truncated)

Commits

• a28a3f6 Merge pull request #3352 from openai/release-please--branches--main--changes-...
• db6ccaf Update CHANGELOG.md
• 2264f70 release: 2.40.0
• 4d5bfde fix(api): allow setting bedrock api keys on the client directly
• ccef143 Merge pull request #3326 from openai/codex/bedrock-responses-review
• a50ff0a Fix Bedrock with_options overrides
• fdf4901 codegen metadata
• e4bccc7 release: 2.39.0
• 268de68 feat(api): workload identity in audit logs, additional_tools item in response...
• 8be32d3 [codex] Add Amazon Bedrock provider support
• Additional commits viewable in compare view

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.