{"id":1221,"name":"authlib","ecosystem":"pip","repository_url":"https://github.com/authlib/authlib","issues_count":1373,"created_at":"2025-06-06T15:01:41.846Z","updated_at":"2025-06-06T15:01:41.846Z","purl":"pkg:pypi/authlib","metadata":{"id":338257,"name":"authlib","ecosystem":"pypi","description":"The ultimate Python library in building OAuth and OpenID Connect servers and clients.","homepage":null,"licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/authlib/authlib","keywords_array":[],"namespace":null,"versions_count":48,"first_release_published_at":"2017-11-18T06:37:54.000Z","latest_release_published_at":"2025-05-23T00:21:43.000Z","latest_release_number":"1.6.0","last_synced_at":"2025-06-06T01:32:16.403Z","created_at":"2022-04-06T12:50:42.307Z","updated_at":"2025-06-06T01:32:16.404Z","registry_url":"https://pypi.org/project/authlib/","install_command":"pip install authlib --index-url https://pypi.org/simple","documentation_url":"https://docs.authlib.org/","metadata":{"funding":null,"documentation":"https://docs.authlib.org/","classifiers":["Development Status :: 5 - Production/Stable","Environment :: Console","Environment :: Web Environment","Intended Audience :: Developers","License :: OSI Approved :: BSD License","Operating System :: OS Independent","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Internet :: WWW/HTTP :: Dynamic Content","Topic :: Internet :: WWW/HTTP :: WSGI :: Application","Topic :: Security","Topic :: Security :: Cryptography"],"normalized_name":"authlib"},"repo_metadata":{"id":37896804,"uuid":"108510280","full_name":"authlib/authlib","owner":"authlib","description":"The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.","archived":false,"fork":false,"pushed_at":"2025-05-22T12:59:05.000Z","size":3468,"stargazers_count":4838,"open_issues_count":114,"forks_count":488,"subscribers_count":60,"default_branch":"main","last_synced_at":"2025-05-29T23:42:28.255Z","etag":null,"topics":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"latest_commit_sha":null,"homepage":"https://authlib.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authlib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["lepture"],"patreon":"lepture","open_collective":null,"ko_fi":null,"tidelift":"pypi/Authlib","custom":"https://lepture.com/donate"}},"created_at":"2017-10-27T06:52:26.000Z","updated_at":"2025-05-29T09:12:58.000Z","dependencies_parsed_at":"2024-02-28T02:49:54.296Z","dependency_job_id":"f5f7241b-5c04-4a8f-87ff-1eb0a732e011","html_url":"https://github.com/authlib/authlib","commit_stats":{"total_commits":1301,"total_committers":125,"mean_commits":10.408,"dds":"0.14604150653343584","last_synced_commit":"fe12a578854fb64c8a3906676ba7d2a2b9579459"},"previous_names":["authlib/authlib"],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257655908,"owners_count":22580869,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"authlib","name":"Authlib","uuid":"32964472","kind":"organization","description":"The ultimate Python library in building OAuth and OpenID Connect servers.","email":null,"website":"https://authlib.org/","location":"Japan","twitter":"authlib","company":null,"icon_url":"https://avatars.githubusercontent.com/u/32964472?v=4","repositories_count":11,"last_synced_at":"2025-05-25T01:43:53.228Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/authlib","funding_links":["https://github.com/sponsors/authlib"],"total_stars":6414,"followers":55,"following":0,"created_at":"2022-11-06T14:13:52.360Z","updated_at":"2025-05-25T01:43:53.228Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib/repositories"},"tags":[{"name":"v1.6.0","sha":"fe87a117f941975793bf4063e9b08b90e88b230a","kind":"tag","published_at":"2025-05-22T12:58:35.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0/manifests"},{"name":"v1.5.2","sha":"fb698d796e4b39fd1bbfd008181bfa8cea33c67b","kind":"tag","published_at":"2025-04-02T10:30:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"4eafdc21891e78361f478479efe109ff0fb2f661","kind":"tag","published_at":"2025-02-28T14:43:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"2d0396e3fc49d53ab816bb43ec83fe42d527ca09","kind":"tag","published_at":"2025-02-25T09:53:21.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0/manifests"},{"name":"v1.4.1","sha":"0e8f480e9c9a91ab3dc8017de70f59014e66664d","kind":"commit","published_at":"2025-01-28T13:04:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"eb34edfc8b1fdaae51a91d4686ebb34395e5082c","kind":"commit","published_at":"2024-12-20T07:26:03.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0/manifests"},{"name":"v1.3.2","sha":"d7db2c33226983648b91e3ec0d9cf2e43dc480d4","kind":"commit","published_at":"2024-08-24T05:08:50.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2/manifests"},{"name":"v1.3.1","sha":"df226ab587c453029ef5083a7e1c5dc6772647dd","kind":"commit","published_at":"2024-06-04T02:38:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"a7d68b4c3b8a3a7fe0b62943b5228669f2f3dfec","kind":"commit","published_at":"2023-12-17T07:55:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0/manifests"},{"name":"v1.2.1","sha":"a18d0a5ad183eb58b4db7479f3f7da71398a8667","kind":"commit","published_at":"2023-06-25T12:52:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7575ea336c58ff3d206a62a94f1c01a0e594cba4","kind":"commit","published_at":"2022-12-06T08:34:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0/manifests"},{"name":"v0.15.6","sha":"0694276d9d9ec66b3d1db8d147f1c2afa4e30483","kind":"commit","published_at":"2022-11-01T12:54:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6/manifests"},{"name":"v1.1.0","sha":"2a8a22630f098b276a535c30b628380f0a9646b1","kind":"commit","published_at":"2022-09-09T16:10:07.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.1.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"2e721aa0c158f7d7bac96bc75f7c6d31a939007d","kind":"commit","published_at":"2022-04-06T11:52:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"c73e2a8921a15ee1f96b604123e49bd2d5fd651b","kind":"commit","published_at":"2022-03-15T10:10:57.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0/manifests"},{"name":"v0.15.5","sha":"d8e428c9350c792fc3d25dbaaffa3bfefaabd8e3","kind":"commit","published_at":"2021-10-18T12:08:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5/manifests"},{"name":"v0.15.4","sha":"45701441996b18452523105112d018c0f5f43a18","kind":"commit","published_at":"2021-06-05T07:07:38.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4/manifests"},{"name":"v0.15.3","sha":"33aab0272d7c8a857c851f49a32c6d374930549a","kind":"commit","published_at":"2021-01-15T13:51:55.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3/manifests"},{"name":"v0.15.2","sha":"1969b567733f6426e5a8e20c5edf3371e9d23e5c","kind":"commit","published_at":"2020-10-18T06:35:01.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2/manifests"},{"name":"v0.15.1","sha":"c70a805145db56a0909d583bdb70773732578c68","kind":"commit","published_at":"2020-10-14T12:56:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1/manifests"},{"name":"v0.15","sha":"4e501ce3e58e2daaaba0b82018b047bb61741f0c","kind":"commit","published_at":"2020-10-10T06:53:45.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15/manifests"},{"name":"v0.14.3","sha":"ffdc4378a2b0c8e6627170396384d1bfcfb7ed40","kind":"commit","published_at":"2020-05-18T13:54:54.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3/manifests"},{"name":"v0.14.2","sha":"ce8b46b9e64ab799587b0a577cf122c1523c69a6","kind":"commit","published_at":"2020-05-06T00:54:33.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2/manifests"},{"name":"v0.14.1","sha":"8e8786bd2b0308d82438ef8a9424765a1777bfce","kind":"commit","published_at":"2020-02-12T04:39:08.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1/manifests"},{"name":"v0.14","sha":"25e7fe4803af94b4b4057920a854fb6d0994ac78","kind":"commit","published_at":"2020-02-11T14:11:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14/manifests"},{"name":"v0.13","sha":"442da0bfd11673ab5049ed8c8b53341c35b4aaca","kind":"commit","published_at":"2019-11-11T11:32:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.13","html_url":"https://github.com/authlib/authlib/releases/tag/v0.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13/manifests"},{"name":"v0.12.1","sha":"1475dedabe610be442f89027c24b6de09a0c6610","kind":"commit","published_at":"2019-09-12T08:26:58.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1/manifests"},{"name":"v0.12","sha":"19395bdfc99bba69acce4ff7ff726df7ed794813","kind":"commit","published_at":"2019-09-03T12:11:13.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12/manifests"},{"name":"v0.11","sha":"5403f90a0a910b1519622a2b97e03f0b9cce36e4","kind":"commit","published_at":"2019-04-06T05:00:23.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.11","html_url":"https://github.com/authlib/authlib/releases/tag/v0.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11/manifests"},{"name":"v0.10","sha":"19bc7cabe8f5bd8a4503cf8681d75c36fed419b8","kind":"commit","published_at":"2018-10-12T02:22:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.10","html_url":"https://github.com/authlib/authlib/releases/tag/v0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10/manifests"},{"name":"v0.9","sha":"abf4555fa6b0d8cf64c31b2c4c90fb5d875c2de8","kind":"commit","published_at":"2018-08-12T04:38:51.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.9","html_url":"https://github.com/authlib/authlib/releases/tag/v0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9/manifests"},{"name":"v0.8","sha":"a0226e08943aab25b423f2e7d9bc9a903faeb459","kind":"commit","published_at":"2018-06-17T04:49:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.8","html_url":"https://github.com/authlib/authlib/releases/tag/v0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8/manifests"},{"name":"v0.7","sha":"aea225d3a2556a36025dc48742470317cee8e728","kind":"commit","published_at":"2018-04-28T07:14:47.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.7","html_url":"https://github.com/authlib/authlib/releases/tag/v0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7/manifests"},{"name":"v0.6","sha":"0008acb2985087adae5855812ff5559a1ea0dd9a","kind":"commit","published_at":"2018-03-20T12:36:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6/manifests"},{"name":"v0.5.1","sha":"4fd0929fba4a91b304ee16f1a870fa7064e0af8e","kind":"commit","published_at":"2018-02-11T13:09:41.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1/manifests"},{"name":"v0.5","sha":"96f7186da5d7eb0d561153277b93af0c7386dab7","kind":"commit","published_at":"2018-02-11T12:19:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5/manifests"},{"name":"v0.4.1","sha":"6f2970849fa2044740b66610508d8607f352e84b","kind":"commit","published_at":"2018-02-01T15:26:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"8014315fcba3f635256119573a8f237befc4405a","kind":"commit","published_at":"2018-01-31T12:49:09.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4/manifests"},{"name":"v0.3","sha":"06f609cbbfcbb0cba3476015ec472d86ee84f894","kind":"commit","published_at":"2017-12-24T12:38:11.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3/manifests"},{"name":"v0.2.1","sha":"117e88d7c02be5f5abbc91785fb0250366544956","kind":"commit","published_at":"2017-12-06T02:03:27.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1/manifests"},{"name":"v0.2","sha":"3ec75529da09dc2d238b84b9509da737c5ca241b","kind":"commit","published_at":"2017-11-25T12:33:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2/manifests"},{"name":"v0.1","sha":"baa74c624710f05ed26b651e552cbf8f8d02f0c2","kind":"commit","published_at":"2017-11-18T06:36:32.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-06-03T00:27:50.916Z","dependent_packages_count":157,"downloads":29584963,"downloads_period":"last-month","dependent_repos_count":2180,"rankings":{"downloads":0.10299244852331889,"dependent_repos_count":0.2360813620800175,"dependent_packages_count":0.14989603039352103,"stargazers_count":1.122639904745705,"forks_count":2.665491471365363,"docker_downloads_count":0.6177592595487875,"average":0.8158100794427855},"purl":"pkg:pypi/authlib","advisories":[{"uuid":"GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F","url":"https://github.com/advisories/GHSA-5357-c2jx-v7qh","title":"Authlib has algorithm confusion with asymmetric public keys","description":"lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-06-09T21:30:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-37568","https://github.com/lepture/authlib/issues/654","https://github.com/pypa/advisory-database/tree/main/vulns/authlib/PYSEC-2024-52.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZI7HYGN7VZAYFV6UV3SRLYF7QGERXIU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHJI32SN4FNAUVNALVGOKWHNSQ6XS3M5","https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-lepture-authlib-cve-2024-37568","https://github.com/advisories/GHSA-5357-c2jx-v7qh"],"source_kind":"github","identifiers":["GHSA-5357-c2jx-v7qh","CVE-2024-37568"],"repository_url":"https://github.com/lepture/authlib","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.3.1","vulnerable_version_range":"\u003e= 0, \u003c 1.3.1"}],"ecosystem":"pypi","package_name":"authlib"}],"created_at":"2024-06-10T16:05:50.626Z","updated_at":"2025-05-11T01:09:41.328Z","epss_percentage":0.00052,"epss_percentile":0.16493}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/authlib","docker_dependents_count":63,"docker_downloads_count":62849134,"usage_url":"https://repos.ecosyste.ms/usage/pypi/authlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/authlib/dependencies","status":null,"funding_links":["https://github.com/sponsors/lepture","https://patreon.com/lepture","https://tidelift.com/funding/github/pypi/Authlib","https://lepture.com/donate","https://github.com/sponsors/authlib"],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/related_packages","maintainers":[{"uuid":"lepture","login":"lepture","name":null,"email":null,"url":null,"packages_count":36,"html_url":"https://pypi.org/user/lepture/","role":null,"created_at":"2022-11-14T18:17:47.300Z","updated_at":"2022-11-14T18:17:47.300Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/lepture/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690322,"maintainers_count":292759,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":809,"unique_repositories_count_past_30_days":56,"recent_issues":[{"uuid":"4602827351","node_id":"PR_kwDOR4q_jM7jZrzZ","number":199,"state":"open","title":"chore(deps): bump the uv group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-06T09:40:30.000Z","updated_at":"2026-06-06T09:41:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /agileplus-mcp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\nBumps the uv group with 4 updates in the /python directory: [authlib](https://github.com/authlib/authlib), [idna](https://github.com/kjd/idna), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KooshaPari/HexaKit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KooshaPari/HexaKit/pull/199","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2FHexaKit/issues/199","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/199/packages"},{"uuid":"4601007916","node_id":"PR_kwDOKRXhvM7jT1Ls","number":4639,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-06T00:17:39.000Z","updated_at":"2026-06-07T10:59:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":10,"packages":[{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"transformers","old_version":"4.57.6","new_version":"5.0.0rc3","repository_url":"https://github.com/huggingface/transformers"},{"name":"langchain-openai","old_version":"0.2.14","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"authlib","old_version":"1.6.11","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pyarrow","old_version":"23.0.0","new_version":"23.0.1","repository_url":"https://github.com/apache/arrow"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.50.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"strawberry-graphql","old_version":"0.314.3","new_version":"0.315.7","repository_url":"https://github.com/sponsors/strawberry-graphql"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 9 updates in the /langevals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [transformers](https://github.com/huggingface/transformers) | `4.57.6` | `5.0.0rc3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.2.14` | `1.1.14` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.11` | `1.6.12` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [pyarrow](https://github.com/apache/arrow) | `23.0.0` | `23.0.1` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `1.0.1` |\n| [strawberry-graphql](https://github.com/sponsors/strawberry-graphql) | `0.314.3` | `0.315.7` |\n\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 4.57.6 to 5.0.0rc3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/cb5079fa72456d8ce27fc2041389beb5e1357f48\"\u003e\u003ccode\u003ecb5079f\u003c/code\u003e\u003c/a\u003e v5.0.0rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d1808f2c36c02faad537f9737a76165e49b041f9\"\u003e\u003ccode\u003ed1808f2\u003c/code\u003e\u003c/a\u003e [ci] Fixing some failing tests for important models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43231\"\u003e#43231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/3d276453a2b7c74f3259b1c136db3dd79c51756b\"\u003e\u003ccode\u003e3d27645\u003c/code\u003e\u003c/a\u003e Add LightOnOCR model implementation (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/41621\"\u003e#41621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/77146cc9088ec8fc1dd476b40b1c6cdb0792afe3\"\u003e\u003ccode\u003e77146cc\u003c/code\u003e\u003c/a\u003e fix crash in when running FSDP2+TP (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43226\"\u003e#43226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/61317f5ac78511a1c02b08c0e73012d9542183ed\"\u003e\u003ccode\u003e61317f5\u003c/code\u003e\u003c/a\u003e [CB] Ensure parallel decoding test passes using FA (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43277\"\u003e#43277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1efe1a633a47628134a2ba6376512af99cc3c9df\"\u003e\u003ccode\u003e1efe1a6\u003c/code\u003e\u003c/a\u003e Fix failing  \u003ccode\u003ePegasusX\u003c/code\u003e, \u003ccode\u003eMvp\u003c/code\u003e \u0026amp; \u003ccode\u003eLED\u003c/code\u003e model integration tests (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43245\"\u003e#43245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e8ae373133be1eff2254c5dd71fcd628445cb4a4\"\u003e\u003ccode\u003ee8ae373\u003c/code\u003e\u003c/a\u003e [consistency] Ensure models are added to the \u003ccode\u003e_toctree.yml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43264\"\u003e#43264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/c85be9899355c72771b3237f2434c7c84748427a\"\u003e\u003ccode\u003ec85be98\u003c/code\u003e\u003c/a\u003e [docs] tensorrt-llm (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43176\"\u003e#43176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/38022fd891209fa1e386b9afb971a9d2d35ec175\"\u003e\u003ccode\u003e38022fd\u003c/code\u003e\u003c/a\u003e [style] Fix init isort and align makefile and CI (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43260\"\u003e#43260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e977446e632670f9972fc4ff1432b414c8b813cb\"\u003e\u003ccode\u003ee977446\u003c/code\u003e\u003c/a\u003e Fix failing \u003ccode\u003eHiera\u003c/code\u003e, \u003ccode\u003eSwiftFormer\u003c/code\u003e \u0026amp; \u003ccode\u003eLED\u003c/code\u003e Model integration tests (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43225\"\u003e#43225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v4.57.6...v5.0.0rc3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.2.14 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.2.14...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.86 to 1.2.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.31\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.30\u003c/p\u003e\n\u003cp\u003erelease(core): port 36816 to v1.2 and release 1.2.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36817\"\u003e#36817\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.30\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.29\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\nchore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.29\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.28\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.28\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.27\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\nfix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.27\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.26\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\nfix(core): handle symlinks in deprecated prompt save path (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.26\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.25\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nfix(core): add init validator and serialization mappings for Bedrock models (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34510\"\u003e#34510\u003c/a\u003e)\nfeat(core): add \u003ccode\u003eChatBaseten\u003c/code\u003e to serializable mapping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36510\"\u003e#36510\u003c/a\u003e)\nchore(core): drop \u003ccode\u003egpt-3.5-turbo\u003c/code\u003e from docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36497\"\u003e#36497\u003c/a\u003e)\nfix(core): correct parameter names in filter_messages docstring example (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36462\"\u003e#36462\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.25\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.24\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.25 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36473\"\u003e#36473\u003c/a\u003e)\nfix(core): harden check for txt files in deprecated prompt loading functions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue resolved in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.24\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8dcbcefdd44d4a318993e18122f5088ec7d3be69\"\u003e\u003ccode\u003e8dcbcef\u003c/code\u003e\u003c/a\u003e release(core): port 36816 to v1.2 and release 1.2.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36817\"\u003e#36817\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8f1c920f7d5f4d8e46eaf922a1c2f6d4458b9e91\"\u003e\u003ccode\u003e8f1c920\u003c/code\u003e\u003c/a\u003e release(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7bafe6f6fff4cfce09c5e5dcfc0d302efebdb3aa\"\u003e\u003ccode\u003e7bafe6f\u003c/code\u003e\u003c/a\u003e chore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/479a2552b304c29ec005e5bf459e9c546087e68d\"\u003e\u003ccode\u003e479a255\u003c/code\u003e\u003c/a\u003e release(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/396711b228f986bb536f2c971dd9663f8b18c864\"\u003e\u003ccode\u003e396711b\u003c/code\u003e\u003c/a\u003e ci: pin all actions to full-length commit SHAs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36621\"\u003e#36621\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36728\"\u003e#36728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dd7c3eb3a4acfc834b038ec9dbde94478c66776e\"\u003e\u003ccode\u003edd7c3eb\u003c/code\u003e\u003c/a\u003e release(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258\"\u003e\u003ccode\u003eaf2ed47\u003c/code\u003e\u003c/a\u003e fix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7e5858d8078124f98f10102da21414689467c132\"\u003e\u003ccode\u003e7e5858d\u003c/code\u003e\u003c/a\u003e release(standard-tests): 1.1.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36610\"\u003e#36610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fe99cb29123b704a90f5c8587a757def3b1471e0\"\u003e\u003ccode\u003efe99cb2\u003c/code\u003e\u003c/a\u003e fix(standard-tests): update standard tests for sandbox backends (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36036\"\u003e#36036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/65bbd47cb2721c51ef8638f9e7da35247c4bfdde\"\u003e\u003ccode\u003e65bbd47\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36596\"\u003e#36596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.86...langchain-core==1.2.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.11 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyarrow` from 23.0.0 to 23.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/arrow/releases\"\u003epyarrow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Arrow 23.0.1\u003c/h2\u003e\n\u003cp\u003eRelease Notes URL: \u003ca href=\"https://arrow.apache.org/release/23.0.1.html\"\u003ehttps://arrow.apache.org/release/23.0.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eApache Arrow 23.0.1 RC0\u003c/h2\u003e\n\u003cp\u003eRelease Notes: Release Candidate: 23.0.1 RC0\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/82a374e5f3de5b744f26591e6cd96de6349c76d9\"\u003e\u003ccode\u003e82a374e\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update versions for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/c1ae37c4a597f466b1806e65a9e011be1060dfc5\"\u003e\u003ccode\u003ec1ae37c\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/8f6e55736f60f1f95aee1e8765c6b75ad9589111\"\u003e\u003ccode\u003e8f6e557\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update CHANGELOG.md for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/4e16a1aeed83a65e6b49556c2fed8e9061cdf980\"\u003e\u003ccode\u003e4e16a1a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49159\"\u003eGH-49159\u003c/a\u003e: [C++][Gandiva] Detect overflow in repeat() (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49160\"\u003e#49160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/985621dbfcf3fd2061889e43c50b59825df84f3f\"\u003e\u003ccode\u003e985621d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/48817\"\u003eGH-48817\u003c/a\u003e [R][C++] Bump C++20 in R build infrastructure (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/48819\"\u003e#48819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/1bea06ad4e14d75dd97a78a0148cd9cf6f4df0bc\"\u003e\u003ccode\u003e1bea06a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49024\"\u003eGH-49024\u003c/a\u003e: [CI] Update Debian version in \u003ccode\u003e.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49032\"\u003e#49032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/147bcd6d8f3fef05dd06968d3b60c17721c60334\"\u003e\u003ccode\u003e147bcd6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49156\"\u003eGH-49156\u003c/a\u003e: [Python] Require GIL for string comparison (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49161\"\u003e#49161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/e4f922b1621b6c833f583cf26500f115ab5bc483\"\u003e\u003ccode\u003ee4f922b\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49138\"\u003eGH-49138\u003c/a\u003e: [Packaging][Python] Remove nightly cython install from manylinux wh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/f9376e4721b81bad9fe3fe840926a3283f95ee30\"\u003e\u003ccode\u003ef9376e4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49003\"\u003eGH-49003\u003c/a\u003e: [C++] Don't consider \u003ccode\u003eout_of_range\u003c/code\u003e an error in float parsing (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49095\"\u003e#49095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/ab2c0ad6b23d05d5f77fc8a34d5a1c4baaacb0a4\"\u003e\u003ccode\u003eab2c0ad\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49044\"\u003eGH-49044\u003c/a\u003e: [CI][Python] Fix test_download_tzdata_on_windows by adding required...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/arrow/compare/apache-arrow-23.0.0...apache-arrow-23.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.50.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.0\u003c/h2\u003e\n\u003cp\u003eStarlette 1.0 is here! 🎉\u003c/p\u003e\n\u003cp\u003eAfter nearly eight years since its creation, Starlette has reached its first stable release.\u003c/p\u003e\n\u003cp\u003eA special thank you to \u003ca href=\"https://github.com/lovelydinosaur\"\u003e\u003ccode\u003e@​lovelydinosaur\u003c/code\u003e\u003c/a\u003e, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏\u003c/p\u003e\n\u003cp\u003eThank you to \u003ca href=\"https://github.com/adriangb\"\u003e\u003ccode\u003e@​adriangb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/florimondmanca\"\u003e\u003ccode\u003e@​florimondmanca\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/alex-oleshkevich\"\u003e\u003ccode\u003e@​alex-oleshkevich\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/abersheeran\"\u003e\u003ccode\u003e@​abersheeran\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/uSpike\"\u003e\u003ccode\u003e@​uSpike\u003c/code\u003e\u003c/a\u003e for helping make Starlette what it is today. And to all my sponsors - especially \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/huggingface\"\u003e\u003ccode\u003e@​huggingface\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/elevenlabs\"\u003e\u003ccode\u003e@​elevenlabs\u003c/code\u003e\u003c/a\u003e - thank you for your support!\u003c/p\u003e\n\u003cp\u003eThank you to all \u003ca href=\"https://github.com/encode/starlette/graphs/contributors\"\u003e290+ contributors\u003c/a\u003e who have shaped Starlette over the years! ❤️\u003c/p\u003e\n\u003cp\u003eRead more on the \u003ca href=\"https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eCheck out the full release notes at \u003ca href=\"https://www.starlette.io/release-notes/#100-march-22-2026\"\u003ehttps://www.starlette.io/release-notes/#100-march-22-2026\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0\"\u003ehttps://github.com/encode/starlette/compare/1.0.0rc1...1.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.0rc1\u003c/h2\u003e\n\u003cp\u003eWe're ready! 🚀\u003c/p\u003e\n\u003cp\u003eThe first release candidate for Starlette 1.0 is here! After years on ZeroVer, we're finally making the jump.\u003c/p\u003e\n\u003cp\u003eThis release removes all deprecated features marked for 1.0.0, along with some last-minute bug fixes.\u003c/p\u003e\n\u003cp\u003eA special thank you to \u003ca href=\"https://github.com/lovelydinosaur\"\u003e\u003ccode\u003e@​lovelydinosaur\u003c/code\u003e\u003c/a\u003e, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏\u003c/p\u003e\n\u003cp\u003eThank you to \u003ca href=\"https://github.com/adriangb\"\u003e\u003ccode\u003e@​adriangb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/florimondmanca\"\u003e\u003ccode\u003e@​florimondmanca\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/alex-oleshkevich\"\u003e\u003ccode\u003e@​alex-oleshkevich\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/abersheeran\"\u003e\u003ccode\u003e@​abersheeran\u003c/code\u003e\u003c/a\u003e for helping make Starlette what it is today. And to all my sponsors - especially \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/huggingface\"\u003e\u003ccode\u003e@​huggingface\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/elevenlabs\"\u003e\u003ccode\u003e@​elevenlabs\u003c/code\u003e\u003c/a\u003e - thank you for your support!\u003c/p\u003e\n\u003cp\u003eThank you to all \u003ca href=\"https://github.com/encode/starlette/graphs/contributors\"\u003e290+ contributors\u003c/a\u003e who have shaped Starlette over the years!\u003c/p\u003e\n\u003cp\u003eCheck out the full release notes at \u003ca href=\"https://www.starlette.io/release-notes/#100rc1-february-23-2026\"\u003ehttps://www.starlette.io/release-notes/#100rc1-february-23-2026\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1\"\u003ehttps://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.52.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOnly use \u003ccode\u003etyping_extensions\u003c/code\u003e in older Python versions by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3109\"\u003eKludex/starlette#3109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.0 (March 22, 2026)\u003c/h2\u003e\n\u003cp\u003eStarlette 1.0 is here!\u003c/p\u003e\n\u003cp\u003eAfter nearly eight years since its creation, Starlette has reached its first stable release.\nThank you to everyone who tested the release candidate and reported issues.\u003c/p\u003e\n\u003cp\u003eYou can read more on the \u003ca href=\"https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eTrack session access and modification in \u003ccode\u003eSessionMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3166\"\u003e#3166\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle websocket denial responses in \u003ccode\u003eStreamingResponse\u003c/code\u003e and \u003ccode\u003eFileResponse\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3189\"\u003e#3189\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for field accumulation in \u003ccode\u003eFormParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3179\"\u003e#3179\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMove \u003ccode\u003eparser.finalize()\u003c/code\u003e inside try/except in \u003ccode\u003eMultiPartParser.parse()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3153\"\u003e#3153\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.0rc1 (February 23, 2026)\u003c/h2\u003e\n\u003cp\u003eWe're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.\u003c/p\u003e\n\u003cp\u003eStarlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded\nalmost \u003ca href=\"https://pypistats.org/packages/starlette\"\u003e10 million times a day\u003c/a\u003e, serves as the foundation for FastAPI,\nand has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a\ndependency of the Python MCP SDK.\u003c/p\u003e\n\u003cp\u003eThis release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some\nlast minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final\n1.0.0 release soon.\u003c/p\u003e\n\u003cp\u003eA huge thank you to all the contributors who have helped make Starlette what it is today.\nIn particular, I'd like to recognize:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lovelydinosaur\"\u003eKim Christie\u003c/a\u003e - The original creator of Starlette, Uvicorn, and MkDocs, and the\ncurrent maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adriangb\"\u003eAdrian Garcia Badaracco\u003c/a\u003e - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/graingert\"\u003eThomas Grainger\u003c/a\u003e - My async teacher, always ready to help with questions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm\"\u003eAlex Grönholm\u003c/a\u003e - Another async mentor, always prompt to help with questions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/florimondmanca\"\u003eFlorimond Manca\u003c/a\u003e - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee\"\u003eAmin Alaee\u003c/a\u003e - Contributed a lot with file-related PRs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiangolo\"\u003eSebastián Ramírez\u003c/a\u003e - Maintains FastAPI upstream, and always in contact to help with upstream issues.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alex-oleshkevich\"\u003eAlex Oleshkevich\u003c/a\u003e - Helped a lot on templates and many discussions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.50.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `strawberry-graphql` from 0.314.3 to 0.315.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/strawberry-graphql/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langwatch/langwatch/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/langwatch/langwatch/pull/4639","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/langwatch%2Flangwatch/issues/4639","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4639/packages"},{"uuid":"4590973663","node_id":"PR_kwDOR4q_jM7iyyZB","number":192,"state":"closed","title":"chore(deps): bump the uv group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":7,"pull_request":true,"closed_at":"2026-06-05T01:02:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T17:50:23.000Z","updated_at":"2026-06-05T01:02:36.000Z","time_to_close":25930,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the /python directory: [authlib](https://github.com/authlib/authlib), [idna](https://github.com/kjd/idna), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\nBumps the uv group with 5 updates in the /agileplus-mcp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KooshaPari/HexaKit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KooshaPari/HexaKit/pull/192","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2FHexaKit/issues/192","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/192/packages"},{"uuid":"4584246192","node_id":"PR_kwDOPbnv6M7ickcT","number":49,"state":"open","title":"Bump the pip group across 5 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:52:27.000Z","updated_at":"2026-06-03T22:54:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":7,"packages":[{"name":"pypdf","old_version":"6.9.1","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.48","new_version":"0.3.63"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"0.3.8"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps the pip group with 3 updates in the /embedchain directory: [pypdf](https://github.com/py-pdf/pypdf), [authlib](https://github.com/authlib/authlib) and [idna](https://github.com/kjd/idna).\nBumps the pip group with 1 update in the /embedchain/examples/discord_bot directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /embedchain/examples/rest-api directory: [python-multipart](https://github.com/Kludex/python-multipart).\nBumps the pip group with 1 update in the /embedchain/examples/telegram_bot directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /server directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\n\nUpdates `pypdf` from 6.9.1 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.9 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.48 to 0.3.63\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/19f2a92609652cfda1578d197d058e97b18bb434\"\u003e\u003ccode\u003e19f2a92\u003c/code\u003e\u003c/a\u003e core: release 0.3.63 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31419\"\u003e#31419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/394d42b4ae916a1738be4e8ec9d322cf886acc87\"\u003e\u003ccode\u003e394d42b\u003c/code\u003e\u003c/a\u003e docs: update default model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31420\"\u003e#31420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/afd349cc950e0299d9e6691cb4bdba30fea76fab\"\u003e\u003ccode\u003eafd349c\u003c/code\u003e\u003c/a\u003e openai: cache httpx client (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31260\"\u003e#31260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e6633a7efb10c0de3df4ff925d5a2f3476e1ff7b\"\u003e\u003ccode\u003ee6633a7\u003c/code\u003e\u003c/a\u003e langchain-core: Add image_generation tool to list of known openai tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31396\"\u003e#31396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d9631edd87c1ff533a3b2d411c0a8d4a1e470cce\"\u003e\u003ccode\u003ed9631ed\u003c/code\u003e\u003c/a\u003e docs: fix misspelled word in promptlayer.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31410\"\u003e#31410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c532facbc4b09e466da1726192c773f7ae6cd242\"\u003e\u003ccode\u003ec532fac\u003c/code\u003e\u003c/a\u003e docs: fix misspelled word in uptrain.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31411\"\u003e#31411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1917dd1ccd745c02fa6d0209faa56faec5d602e5\"\u003e\u003ccode\u003e1917dd1\u003c/code\u003e\u003c/a\u003e benchmarks: always run (not conditional on changes) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31409\"\u003e#31409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/49eeb0f3c3c6d82694f51815f6fef6f1008038b9\"\u003e\u003ccode\u003e49eeb0f\u003c/code\u003e\u003c/a\u003e standard-tests: add benchmarks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31302\"\u003e#31302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6d39e59c2e351684baada7f8982d8c5c758a1e1d\"\u003e\u003ccode\u003e6d39e59\u003c/code\u003e\u003c/a\u003e infra: update cassettes for notebook (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31407\"\u003e#31407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b808d272849516d1c0b902421edf1933a87d9afa\"\u003e\u003ccode\u003eb808d27\u003c/code\u003e\u003c/a\u003e docs: fix grammar in xai.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31399\"\u003e#31399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.48...langchain-core==0.3.63\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 0.3.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0c2c8c36c162cbeb8838bc38957b82f7b96186b6\"\u003e\u003ccode\u003e0c2c8c3\u003c/code\u003e\u003c/a\u003e text-splitters: release 0.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30671\"\u003e#30671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/59d508a2eef93a6a0a7936d49ba1bea45647cd70\"\u003e\u003ccode\u003e59d508a\u003c/code\u003e\u003c/a\u003e openai[patch]: make computer test more reliable (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30672\"\u003e#30672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c235328b3923738809517a45c870fc610b6bee33\"\u003e\u003ccode\u003ec235328\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;update langchain version and bump min core v\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d0f154dbaa578d930c22a4ffb3450902d764b714\"\u003e\u003ccode\u003ed0f154d\u003c/code\u003e\u003c/a\u003e update langchain version and bump min core v\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/32cd70d7d273063b9d2508ce49f519b307ed2495\"\u003e\u003ccode\u003e32cd70d\u003c/code\u003e\u003c/a\u003e release: bump core to \u003ccode\u003ev0.3.51\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30668\"\u003e#30668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/18cf457eec106d99e0098b42712299f5d0daa798\"\u003e\u003ccode\u003e18cf457\u003c/code\u003e\u003c/a\u003e langchain-runpod integration (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30648\"\u003e#30648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9c03cd5775a06a87f7411acb9b8cad5859de9eb3\"\u003e\u003ccode\u003e9c03cd5\u003c/code\u003e\u003c/a\u003e Fix tool description in serpapi.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30660\"\u003e#30660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af66ab098edafe624989c5897a9089ec5f2969db\"\u003e\u003ccode\u003eaf66ab0\u003c/code\u003e\u003c/a\u003e Adding \u003ccode\u003ePerplexity\u003c/code\u003e extra and deprecating the community version of `ChatPerpl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b8929e3d5f26c212831e32d6ed0ab6b6d166b666\"\u003e\u003ccode\u003eb8929e3\u003c/code\u003e\u003c/a\u003e docs: add image generation example to Google genai docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30650\"\u003e#30650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/374769e8fe35bf13f037e308df0c1f344a60dd0a\"\u003e\u003ccode\u003e374769e\u003c/code\u003e\u003c/a\u003e core[patch]: log information from certain errors (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30626\"\u003e#30626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==0.3.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003cc...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates 7 Python dependencies across 5 directories to their latest versions, including security fixes and compatibility improvements. The updates span from minor version bumps (python-dotenv 1.0.0→1.2.2) to major version increases (python-multipart 0.0.6→0.0.27, mem0ai 0.1.48→2.0.4).\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Multiple packages include critical security fixes, particularly pypdf (6.9.1→6.10.2) with CVE-2026-45409 mitigation and authlib (1.6.9→1.6.12) with CSRF vulnerability fixes\n- **Version Range Updates**: chromadb and mysql-connector-python moved from exact version pins to flexible ranges for better dependency resolution\n- **Cross-Directory Consistency**: python-dotenv updated consistently across Discord bot, REST API, Telegram bot, and server directories\n- **Major Version Bump**: mem0ai upgraded from 0.1.48 to 2.0.4, indicating significant API changes\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Security Vulnerabilities Detected]\n    B --\u003e C[Generate Version Updates]\n    C --\u003e D[Discord Bot Requirements]\n    C --\u003e E[REST API Requirements] \n    C --\u003e F[Telegram Bot Requirements]\n    C --\u003e G[Main pyproject.toml]\n    C --\u003e H[Server Requirements]\n    D --\u003e I[python-dotenv 1.0.0→1.2.2]\n    E --\u003e J[python-multipart 0.0.6→0.0.27]\n    F --\u003e I\n    G --\u003e K[chromadb ^0.5.10→\u003e=0.5.10,\u003c1.6.0]\n    G --\u003e L[mysql-connector-python ^8.1.0→\u003e=8.1,\u003c10.0]\n    H --\u003e M[mem0ai \u003e=0.1.48→\u003e=2.0.4]\n    H --\u003e I\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including XML entity declaration vulnerabilities, CSRF issues, and infinite loop protections\n- **Dependency Flexibility**: Version range updates reduce potential dependency conflicts and improve package resolution\n- **Breaking Changes**: mem0ai major version update and python-dotenv symlink behavior changes may require code adjustments\n- **Compatibility**: Adds Python 3.14 support and drops Python 3.9 support in some packages\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/mem0/pull/49","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fmem0/issues/49","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/49/packages"},{"uuid":"4576951460","node_id":"PR_kwDOSvmIV87iEdJn","number":12,"state":"closed","title":"Bump authlib from 1.6.9 to 1.7.2","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T05:38:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T04:47:23.000Z","updated_at":"2026-06-08T05:38:09.000Z","time_to_close":435037,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.7.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthorization and token endpoints request empty scope parameter management by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/847\"\u003eauthlib/authlib#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport from Python 3.10 to 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/850\"\u003eauthlib/authlib#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow composition of AuthorizationServerMetadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/853\"\u003eauthlib/authlib#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake require_oauth parenthesis optional by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/855\"\u003eauthlib/authlib#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at\u003c/code\u003e behavior when its value is 0 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/854\"\u003eauthlib/authlib#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigration to joserfc by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/852\"\u003eauthlib/authlib#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRP-initiated logout by \u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eget_jwt_config\u003c/code\u003e by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/858\"\u003eauthlib/authlib#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): Update PyPy version from 3.10 to 3.11 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove \u0026quot;none\u0026quot; from default authlib.jose.jwt algorithms by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/860\"\u003eauthlib/authlib#860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: normalize resolve_client_public_key method by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/861\"\u003eauthlib/authlib#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement rfc9700 PKCE downgrade countermeasure by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/864\"\u003eauthlib/authlib#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct syntax for tox.requires in tox.ini by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet client session User-Agent when fetching server metadata and JWKs by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/867\"\u003eauthlib/authlib#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use the real application object for Flask by \u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept the issuer URL as a valid audience by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/865\"\u003eauthlib/authlib#865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't nest InvalidTokenError extra attribute by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/872\"\u003eauthlib/authlib#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation overhaul by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/875\"\u003eauthlib/authlib#875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md docs.authlib.org/en/latest =\u0026gt; docs.authlib.org/en/stable by \u003ca href=\"https://github.com/guillett\"\u003e\u003ccode\u003e@​guillett\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/876\"\u003eauthlib/authlib#876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release/1.6 branch by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/877\"\u003eauthlib/authlib#877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/guillett\"\u003e\u003ccode\u003e@​guillett\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/876\"\u003eauthlib/authlib#876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.7.0\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.6.9\u0026new-version=1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/annoted-pullrequest/saleor__saleor-clone__qodo__PR22__20260603/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/annoted-pullrequest%2Fsaleor__saleor-clone__qodo__PR22__20260603/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4570508437","node_id":"PR_kwDOSb_fa87hvSO8","number":363,"state":"open","title":"chore(deps): update authlib requirement from \u003e=1.7.1 to \u003e=1.7.2 in /services/regulatory-reports","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T10:13:36.000Z","updated_at":"2026-06-02T10:13:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"authlib","old_version":"\u003e=1.7.1","new_version":"\u003e=1.7.2","repository_url":"https://github.com/authlib/authlib"}],"path":"/services/regulatory-reports","ecosystem":"pip"},"body":"Updates the requirements on [authlib](https://github.com/authlib/authlib) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/1.7.1...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Onegaishimas/wasat/pull/363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Onegaishimas%2Fwasat/issues/363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/363/packages"},{"uuid":"4556873885","node_id":"PR_kwDOShuGmM7hDpm4","number":1,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:19:25.000Z","updated_at":"2026-05-31T07:25:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.24","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.24` | `0.0.27` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `authlib` from 1.6.9 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.24 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/beauNate/friday-tony-stark-demo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/beauNate/friday-tony-stark-demo/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/beauNate%2Ffriday-tony-stark-demo/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4556799729","node_id":"PR_kwDOQ7bLOM7hDbuI","number":45,"state":"closed","title":"ci(deps): Bump authlib from 1.6.6 to 1.6.12","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-31T06:41:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T06:40:28.000Z","updated_at":"2026-05-31T06:43:58.000Z","time_to_close":72,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps): Bump","packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.6 to 1.6.12.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.6.6\u0026new-version=1.6.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/airbytehq/fastmcp-extensions/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/airbytehq/fastmcp-extensions/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbytehq%2Ffastmcp-extensions/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"},{"uuid":"4544368049","node_id":"PR_kwDOQbHgbc7gb0Ms","number":6,"state":"closed","title":"chore(deps): bump the pip group across 9 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:52:45.000Z","updated_at":"2026-05-28T22:52:54.000Z","time_to_close":7,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":18,"packages":[{"name":"authlib","old_version":"1.5.2","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"dulwich","old_version":"0.22.8","new_version":"1.2.5","repository_url":"https://github.com/dulwich/dulwich"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-openai","old_version":"0.3.11","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.3.19","new_version":"0.8.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"0.1.88","new_version":"2.0.0b2","repository_url":"https://github.com/mem0ai/mem0"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"poetry","old_version":"2.1.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"python-dotenv","old_version":"1.1.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pytorch-lightning","old_version":"2.5.1.post0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\n\nUpdates `authlib` from 1.5.2 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.5.2...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 0.22.8 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich 1.2.5\u003c/h2\u003e\n\u003cp\u003eThis is a security release. All users are encouraged to upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGHSA-gfhv-vqv2-4544\u003c/strong\u003e -- Validate submodule paths in \u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus \u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream repository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or any other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42305\u003c/strong\u003e -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects Windows path separators, the alternate data stream marker \u003ccode\u003e:\u003c/code\u003e, NTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e, and reserved Windows device names. \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every platform, and both \u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their correct option names. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42563\u003c/strong\u003e -- Shell-quote values substituted into \u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. A malicious branch could inject shell commands when a merge driver referencing \u003ccode\u003e%P\u003c/code\u003e was configured. (Reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-47712\u003c/strong\u003e -- Sanitize commit subjects used in \u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g. \u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ereceive.maxInputSize\u003c/strong\u003e -- Honour \u003ccode\u003ereceive.maxInputSize\u003c/code\u003e in \u003ccode\u003eReceivePackHandler\u003c/code\u003e. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge \u003ccode\u003edest_size\u003c/code\u003e and trigger hundreds of MB of allocation over \u003ccode\u003egit-receive-pack\u003c/code\u003e. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003edulwich-1.2.4\u003c/h2\u003e\n\u003cp\u003eTolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2192\"\u003e#2192\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0\u003c/h2\u003e\n\u003ch2\u003eNotable changes since 1.1.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam\u003c/code\u003e command and \u003ccode\u003eporcelain.am()\u003c/code\u003e for applying mailbox-style email patches (\u003ccode\u003egit am\u003c/code\u003e), with state persistence for \u003ccode\u003e--continue\u003c/code\u003e, \u003ccode\u003e--skip\u003c/code\u003e, \u003ccode\u003e--abort\u003c/code\u003e, and \u003ccode\u003e--quit\u003c/code\u003e recovery (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1692\"\u003e#1692\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply\u003c/code\u003e command and \u003ccode\u003eporcelain.apply_patch()\u003c/code\u003e for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and \u003ccode\u003e--3way\u003c/code\u003e merge fallback (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1784\"\u003e#1784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExpand \u003ccode\u003elog\u003c/code\u003e command options: \u003ccode\u003e--oneline\u003c/code\u003e, \u003ccode\u003e--abbrev-commit\u003c/code\u003e, \u003ccode\u003e--author\u003c/code\u003e, \u003ccode\u003e--committer\u003c/code\u003e, \u003ccode\u003e--grep\u003c/code\u003e, \u003ccode\u003e--since\u003c/code\u003e/\u003ccode\u003e--after\u003c/code\u003e, \u003ccode\u003e--until\u003c/code\u003e/\u003ccode\u003e--before\u003c/code\u003e, \u003ccode\u003e-n\u003c/code\u003e/\u003ccode\u003e--max-count\u003c/code\u003e, \u003ccode\u003e--no-merges\u003c/code\u003e, \u003ccode\u003e--merges\u003c/code\u003e, \u003ccode\u003e--stat\u003c/code\u003e, \u003ccode\u003e-p\u003c/code\u003e/\u003ccode\u003e--patch\u003c/code\u003e, \u003ccode\u003e--name-only\u003c/code\u003e, and \u003ccode\u003e--follow\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1779\"\u003e#1779\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for push options (\u003ccode\u003e-o\u003c/code\u003e/\u003ccode\u003e--push-option\u003c/code\u003e) in \u003ccode\u003epush\u003c/code\u003e, enabling AGit flow and other server-side push option workflows.\u003c/li\u003e\n\u003cli\u003eAdd missing push options: \u003ccode\u003e--all\u003c/code\u003e, \u003ccode\u003e--tags\u003c/code\u003e, \u003ccode\u003e--delete\u003c/code\u003e, \u003ccode\u003e--dry-run\u003c/code\u003e, \u003ccode\u003e--prune\u003c/code\u003e, \u003ccode\u003e--set-upstream\u003c/code\u003e, \u003ccode\u003e--follow-tags\u003c/code\u003e, and \u003ccode\u003e--mirror\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1844\"\u003e#1844\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for atomic push operations (\u003ccode\u003e--atomic\u003c/code\u003e): either all ref updates succeed or none are applied (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1781\"\u003e#1781\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eextensions.relativeworktrees\u003c/code\u003e repository extension, allowing worktrees to use relative paths (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2112\"\u003e#2112\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.5\t2026-05-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(GHSA-gfhv-vqv2-4544): Validate submodule paths in\n\u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus\n\u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream\nrepository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or\nany other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the\nsubmodule's tree contents to be written there with their executable\nbits intact -- dropping a hook that later commands would run. Submodule\npaths are now rejected if they are absolute or carry a component that\nthe configured path validator refuses, and the submodule's own tree is\nmaterialized with the same validator. This is the dulwich analogue of git's\nCVE-2024-32002 / CVE-2024-32004.\n(Jelmer Vernooij; reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-42305): Harden tree path validation against entry\nnames that are harmless on POSIX but dangerous when checked out on\nWindows. A crafted tree could previously carry such names through to\nthe work tree. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWindows path separators, so an entry named\n\u003ccode\u003e.git\\hooks\\pre-commit.exe\u003c/code\u003e can no longer materialize a file\ninside \u003ccode\u003e.git\u003c/code\u003e that Git for Windows would execute.\u003c/li\u003e\n\u003cli\u003eThe alternate data stream marker \u003ccode\u003e:\u003c/code\u003e (e.g.\n\u003ccode\u003e.git::$INDEX_ALLOCATION\u003c/code\u003e, which writes into \u003ccode\u003e.git\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003eNTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e (\u003ccode\u003egit~\u0026lt;digits\u0026gt;\u003c/code\u003e); only\n\u003ccode\u003egit~1\u003c/code\u003e was rejected before.\u003c/li\u003e\n\u003cli\u003eReserved Windows device names (\u003ccode\u003eCON\u003c/code\u003e, \u003ccode\u003ePRN\u003c/code\u003e, \u003ccode\u003eAUX\u003c/code\u003e, \u003ccode\u003eNUL\u003c/code\u003e,\n\u003ccode\u003eCOM1\u003c/code\u003e-\u003ccode\u003eCOM9\u003c/code\u003e, \u003ccode\u003eLPT1\u003c/code\u003e-\u003ccode\u003eLPT9\u003c/code\u003e), including with an extension or\ntrailing dots/spaces such as \u003ccode\u003eNUL.txt\u003c/code\u003e or \u003ccode\u003eCOM1 .bar\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every\nplatform (matching git after CVE-2019-1353), so a POSIX clone no longer\naccepts paths that would be unsafe on a later Windows clone, and both\n\u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their\ncorrect option names, having previously been silently ignored. POSIX\nusers who need literal NTFS-unsafe filenames can opt out with\n\u003ccode\u003ecore.protectNTFS=false\u003c/code\u003e.\n(Jelmer Vernooij; reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY (CVE-2026-42563): Shell-quote values substituted into\n\u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. \u003ccode\u003e%P\u003c/code\u003e is a path from the git\ntree, so a malicious branch could inject shell commands when the\nuser had a merge driver configured that referenced \u003ccode\u003e%P\u003c/code\u003e.\n(Jelmer Vernooij; reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-47712): Sanitize commit subjects used in\n\u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g.\n\u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e.\n\u003ccode\u003eget_summary\u003c/code\u003e now matches git's \u003ccode\u003eformat_sanitized_subject\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/073f4dfa9840af2da59887ed828b026b609faa6c\"\u003e\u003ccode\u003e073f4df\u003c/code\u003e\u003c/a\u003e Release 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/5f85d3e4b0d47dd7fbf37934f9a4b9b6b98bb467\"\u003e\u003ccode\u003e5f85d3e\u003c/code\u003e\u003c/a\u003e tests: fix Windows-only failures in NTFS and merge-driver tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/25313ad7f9d5036b03617dc3dfc284a586966dab\"\u003e\u003ccode\u003e25313ad\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421\"\u003e\u003ccode\u003e1ca1814\u003c/code\u003e\u003c/a\u003e submodule: Reject unsafe submodule paths in submodule_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/3559ef15c1e2a8d2a56c98f36b53b29c5d60b9fd\"\u003e\u003ccode\u003e3559ef1\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/f860ca489d63624ae6d7c7945fbbd19018b8125c\"\u003e\u003ccode\u003ef860ca4\u003c/code\u003e\u003c/a\u003e server: Honour receive.maxInputSize to bound received packs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0fd6e6bb61f8017b1af4b5fdbf7602ddbcf6d17e\"\u003e\u003ccode\u003e0fd6e6b\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0110b885a1ab5b2128473263a6ff5b7230732e49\"\u003e\u003ccode\u003e0110b88\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290\"\u003e\u003ccode\u003e49eb56e\u003c/code\u003e\u003c/a\u003e Add NEWS entry for CVE-2026-42305\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9\"\u003e\u003ccode\u003e57efc4a\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-0.22.8...dulwich-1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.3.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.3.11...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.3.19 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(js,py): JS 0.6.0, Py 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831\"\u003elangchain-ai/langsmith-sdk#2831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.6.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832\"\u003elangchain-ai/langsmith-sdk#2832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833\"\u003elangchain-ai/langsmith-sdk#2833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Qwen3-RailroadEngineer1959-RL/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FQwen3-RailroadEngineer1959-RL/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4544339041","node_id":"PR_kwDOBiBroc7gbuQ_","number":1351,"state":"open","title":"Bump authlib from 1.6.9 to 1.6.12","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T22:46:13.000Z","updated_at":"2026-05-28T23:37:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.6.12.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=pip\u0026previous-version=1.6.9\u0026new-version=1.6.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/uc-cdis/fence/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/uc-cdis/fence/pull/1351","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/uc-cdis%2Ffence/issues/1351","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1351/packages"},{"uuid":"4544271300","node_id":"PR_kwDOQGHg-s7gbgHq","number":15,"state":"closed","title":"Bump authlib from 1.7.0 to 1.7.1 in the uv group across 1 directory","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T22:51:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:32:13.000Z","updated_at":"2026-05-28T22:51:18.000Z","time_to_close":1136,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"}],"path":"the uv group across 1 directory","ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the / directory: [authlib](https://github.com/authlib/authlib).\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.7.0\u0026new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/geoff-davis/async-batch-llm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/geoff-davis/async-batch-llm/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geoff-davis%2Fasync-batch-llm/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4520310526","node_id":"PR_kwDOSKFNzM7fNcsi","number":38,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["ignore-for-release"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:23:31.000Z","updated_at":"2026-05-26T00:23:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":28,"packages":[{"name":"ruff","old_version":"0.15.11","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"authlib","old_version":"1.7.0","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"google-auth","old_version":"2.47.0","new_version":"2.53.0","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"typing-extensions","old_version":"4.14.1","new_version":"4.15.0","repository_url":"https://github.com/python/typing_extensions"},{"name":"anyio","old_version":"4.10.0","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"typer","old_version":"0.16.0","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.35.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"openai","old_version":"2.14.0","new_version":"2.38.0","repository_url":"https://github.com/openai/openai-python"},{"name":"mcp","old_version":"1.25.0","new_version":"1.27.1","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"fastapi","old_version":"0.129.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.20.3","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"boto3","old_version":"1.42.28","new_version":"1.43.14","repository_url":"https://github.com/boto/boto3"},{"name":"ollama","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/ollama/ollama-python"},{"name":"psutil","old_version":"7.0.0","new_version":"7.2.2","repository_url":"https://github.com/giampaolo/psutil"},{"name":"opentelemetry-instrumentation-openai","old_version":"0.52.5","new_version":"0.60.0","repository_url":"https://github.com/traceloop/openllmetry"},{"name":"langgraph","old_version":"1.0.6","new_version":"1.2.1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"openai-agents","old_version":"0.6.5","new_version":"0.17.3","repository_url":"https://github.com/openai/openai-agents-python"},{"name":"pyyaml","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/yaml/pyyaml"},{"name":"langchain-openai","old_version":"1.1.7","new_version":"1.2.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langgraph-checkpoint-sqlite","old_version":"3.0.3","new_version":"3.1.0","repository_url":"https://github.com/langchain-ai/langgraph"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 23 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.14` |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.2` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.47.0` | `2.53.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.10.0` | `4.13.0` |\n| [typer](https://github.com/fastapi/typer) | `0.16.0` | `0.25.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.35.0` | `0.48.0` |\n| [openai](https://github.com/openai/openai-python) | `2.14.0` | `2.38.0` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.25.0` | `1.27.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.129.0` | `0.136.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.20.3` | `3.29.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.29` |\n| [boto3](https://github.com/boto/boto3) | `1.42.28` | `1.43.14` |\n| [ollama](https://github.com/ollama/ollama-python) | `0.6.1` | `0.6.2` |\n| [psutil](https://github.com/giampaolo/psutil) | `7.0.0` | `7.2.2` |\n| [opentelemetry-instrumentation-openai](https://github.com/traceloop/openllmetry) | `0.52.5` | `0.60.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.6` | `1.2.1` |\n| [openai-agents](https://github.com/openai/openai-agents-python) | `0.6.5` | `0.17.3` |\n| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `1.1.7` | `1.2.2` |\n| [langgraph-checkpoint-sqlite](https://github.com/langchain-ai/langgraph) | `3.0.3` | `3.1.0` |\n\n\nUpdates `ruff` from 0.15.11 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.11...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth` from 2.47.0 to 2.53.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/releases\"\u003egoogle-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.49.0.dev0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.48.0...v2.49.0-dev0\"\u003e2.49.0-dev0\u003c/a\u003e (2026-01-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated rsa dependency (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e98cf69284d3620619a70b54fb0b9533caf11878\"\u003ee98cf69284d3620619a70b54fb0b9533caf11878\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogle-auth 2.48.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0\"\u003e2.48.0\u003c/a\u003e (2026-01-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ehonor \u003ccode\u003eNO_GCE_CHECK\u003c/code\u003e environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827\"\u003e383c9827\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b\"\u003e454b441b\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2\"\u003e52558ae2\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport the mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1\"\u003e8dcf91a1\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eresolve circular imports (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1942\"\u003e#1942\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/25c1b064\"\u003e25c1b064\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse \u003ccode\u003euser_verification=preferred\u003c/code\u003e for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a240\"\u003e3f88a240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eremoves \u003ccode\u003econtent-header\u003c/code\u003e from AWS IMDS get request (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e\"\u003e97bfea9e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edetect correct auth when ADC env var is set but empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e10\"\u003ebfc07e10\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20c\"\u003ee431f20c\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.48.0rc0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0rc0\"\u003e2.48.0rc0\u003c/a\u003e (2026-01-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor NO_GCE_CHECK environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827536d9376e8248370ce4c2b83e468d027\"\u003e383c98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\"\u003e454b44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1b05c85fbbd0bcee78d66e498099102ab\"\u003e8dcf91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2881b1e6555f6f5c0d76365c15807ead9\"\u003e52558a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse user_verification=preferred for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a24089c4ee6822d510de0db210b54260d873\"\u003e3f88a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20cf73ccac71926a23ec454468cea92e053\"\u003ee431f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetect correct auth when ADC env var is set by empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\"\u003ebfc07e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremoved content-header from AWS IMDS (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\"\u003e97bfea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md\"\u003egoogle-auth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://pypi.org/project/google-auth/#history\"\u003ePyPI History\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0\"\u003e2.48.0\u003c/a\u003e (2026-01-22)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2881b1e6555f6f5c0d76365c15807ead9\"\u003e52558ae2881b1e6555f6f5c0d76365c15807ead9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport the mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1b05c85fbbd0bcee78d66e498099102ab\"\u003e8dcf91a1b05c85fbbd0bcee78d66e498099102ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\"\u003e454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehonor \u003ccode\u003eNO_GCE_CHECK\u003c/code\u003e environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827536d9376e8248370ce4c2b83e468d027\"\u003e383c9827536d9376e8248370ce4c2b83e468d027\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eresolve circular imports (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1942\"\u003e#1942\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/25c1b064545702cbef087cfcd15fbbb6ef1af74f\"\u003e25c1b064545702cbef087cfcd15fbbb6ef1af74f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremoves \u003ccode\u003econtent-header\u003c/code\u003e from AWS IMDS get request (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\"\u003e97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetect correct auth when ADC env var is set but empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\"\u003ebfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20cf73ccac71926a23ec454468cea92e053\"\u003ee431f20cf73ccac71926a23ec454468cea92e053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003euser_verification=preferred\u003c/code\u003e for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a24089c4ee6822d510de0db210b54260d873\"\u003e3f88a24089c4ee6822d510de0db210b54260d873\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-auth-library-python/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typing-extensions` from 4.14.1 to 4.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/typing_extensions/releases\"\u003etyping-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.15.0\u003c/h2\u003e\n\u003cp\u003eNo user-facing changes since 4.15.0rc1.\u003c/p\u003e\n\u003cp\u003eNew features since 4.14.1:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.15.0rc1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/typing_extensions/blob/main/CHANGELOG.md\"\u003etyping-extensions's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 4.15.0 (August 25, 2025)\u003c/h1\u003e\n\u003cp\u003eNo user-facing changes since 4.15.0rc1.\u003c/p\u003e\n\u003ch1\u003eRelease 4.15.0rc1 (August 18, 2025)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/9d1637e264b5c1a6b7acee3e907015f89b20c2c9\"\u003e\u003ccode\u003e9d1637e\u003c/code\u003e\u003c/a\u003e Prepare release 4.15.0 (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/4bd67c5be5d9443c7d33c314d02a56ee125eb88d\"\u003e\u003ccode\u003e4bd67c5\u003c/code\u003e\u003c/a\u003e Coverage: exclude some noise (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/e589a26da73b075c5276bae40b86db1af0144f84\"\u003e\u003ccode\u003ee589a26\u003c/code\u003e\u003c/a\u003e Coverage: add detailed report to job summary (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/655\"\u003e#655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/67d37fed1298e050f74d5acc95b2621bd37837ad\"\u003e\u003ccode\u003e67d37fe\u003c/code\u003e\u003c/a\u003e Coverage: Implement fail_under (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/e9ae26f5286edee9262727755ecb9ad16e999192\"\u003e\u003ccode\u003ee9ae26f\u003c/code\u003e\u003c/a\u003e Don't delete previous coverage comment (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/653\"\u003e#653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/ac80bb728a3006fc88ef7373b92f0c25cfcc7895\"\u003e\u003ccode\u003eac80bb7\u003c/code\u003e\u003c/a\u003e Add Coverage workflow (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/623\"\u003e#623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/abaaafd98c1cc7e5baf098ec287a3d22cb339670\"\u003e\u003ccode\u003eabaaafd\u003c/code\u003e\u003c/a\u003e Prepare release 4.15.0rc1 (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/650\"\u003e#650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/98104053ea8d49bcdd247804e5fa9f73136acbd4\"\u003e\u003ccode\u003e9810405\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003e@disjoint_base\u003c/code\u003e (PEP 800) (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/7ee9e05fd484d06899ce56e80f5e1aa4c760fc03\"\u003e\u003ccode\u003e7ee9e05\u003c/code\u003e\u003c/a\u003e Backport type_params fix from CPython (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/1e8eb9c06ef51b3a1e1f05303a16feca13f5ed98\"\u003e\u003ccode\u003e1e8eb9c\u003c/code\u003e\u003c/a\u003e Do not refer to PEP 705 as being experimental (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/648\"\u003e#648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/typing_extensions/compare/4.14.1...4.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.10.0 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged all functions currently raising the private \u003ccode\u003eNoCurrentAsyncBackend\u003c/code\u003e exception (since v4.12.0) to instead raise the public \u003ccode\u003eNoEventLoopError\u003c/code\u003e exception (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with instance methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for asyncio's \u003ca href=\"https://docs.python.org/3/library/asyncio-graph.html\"\u003etask call graphs\u003c/a\u003e on Python 3.14 and later when using AnyIO's task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1025\"\u003e#1025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded an asynchronous implementation of the \u003ccode\u003efunctools\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003euvloop=True\u003c/code\u003e on Windows via the \u003ca href=\"https://github.com/Vizonex/Winloop\"\u003ewinloop\u003c/a\u003e implementation (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/960\"\u003e#960\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Vizonex\"\u003e\u003ccode\u003e@​Vizonex\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for use as a context manager to \u003ccode\u003eanyio.lowlevel.RunVar\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1003\"\u003e#1003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e__all__\u003c/code\u003e declarations to public submodules (\u003ccode\u003eanyio.lowlevel\u003c/code\u003e etc.) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1009\"\u003e#1009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to set the token count of a \u003ccode\u003eCapacityLimiter\u003c/code\u003e to zero (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1019\"\u003e#1019\u003c/a\u003e; requires Python 3.10 or later when using Trio)\u003c/li\u003e\n\u003cli\u003eAdded parameters \u003ccode\u003ecase_sensitive\u003c/code\u003e and \u003ccode\u003erecurse_symlinks\u003c/code\u003e along with support for path-like objects to \u003ccode\u003eanyio.Path.glob()\u003c/code\u003e and \u003ccode\u003eanyio.Path.rglob()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1033\"\u003e#1033\u003c/a\u003e; PR by \u003ca href=\"https://github.com/northisup\"\u003e\u003ccode\u003e@​northisup\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped \u003ccode\u003esniffio\u003c/code\u003e as a direct dependency and added the \u003ccode\u003eget_available_backends()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not raising \u003ccode\u003eClosedResourceError\u003c/code\u003e and \u003ccode\u003eBrokenResourceError\u003c/code\u003e on asyncio. Previously, a non-AnyIO exception was raised in such cases (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not checkpointing before writing data on asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1002\"\u003e#1002\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a race condition where cancelling a \u003ccode\u003eFuture\u003c/code\u003e from \u003ccode\u003eBlockingPortal.start_task_soon()\u003c/code\u003e would sometimes not cancel the async function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1011\"\u003e#1011\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the presence of the pytest plugin causing breakage with older versions of pytest (\u0026lt;= 6.1.2) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1028\"\u003e#1028\u003c/a\u003e; PR by \u003ca href=\"https://github.com/saper\"\u003e\u003ccode\u003e@​saper\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a rarely occurring \u003ccode\u003eRuntimeError: Set changed size during iteration\u003c/code\u003e while shutting down the process pool when using the asyncio backend (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for cancellation reasons (the \u003ccode\u003ereason\u003c/code\u003e parameter to \u003ccode\u003eCancelScope.cancel()\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum version of Trio to v0.31.0\u003c/li\u003e\n\u003cli\u003eAdded the ability to enter the event loop from foreign (non-worker) threads by passing the return value of \u003ccode\u003eanyio.lowlevel.current_token()\u003c/code\u003e to \u003ccode\u003eanyio.from_thread.run()\u003c/code\u003e and \u003ccode\u003eanyio.from_thread.run_sync()\u003c/code\u003e as the \u003ccode\u003etoken\u003c/code\u003e keyword argument (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded pytest option (\u003ccode\u003eanyio_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e) to make the pytest plugin automatically handle all async tests (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/971\"\u003e#971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eanyio.Condition.wait_for()\u003c/code\u003e method for feature parity with asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the default type argument of \u003ccode\u003eanyio.abc.TaskStatus\u003c/code\u003e from \u003ccode\u003eAny\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when \u003ccode\u003elocal_port=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/857\"\u003e#857\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed inconsistency between Trio and asyncio where a TCP stream that previously raised a \u003ccode\u003eBrokenResourceError\u003c/code\u003e on \u003ccode\u003esend()\u003c/code\u003e would still raise \u003ccode\u003eBrokenResourceError\u003c/code\u003e after the stream was closed on asyncio, but \u003ccode\u003eClosedResourceError\u003c/code\u003e on Trio. They now both raise a \u003ccode\u003eClosedResourceError\u003c/code\u003e in this scenario. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.10.0...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.16.0 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1699\"\u003e#1699\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.30 to 0.0.31. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1696\"\u003e#1696\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.0 to 2.13.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1697\"\u003e#1697\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2026-04-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2 (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/cfcc2ef9f948bcce67897a6c7e689d39da690bf9\"\u003e\u003ccode\u003ecfcc2ef\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/13846cc59bd574567a9a1f56eae3cd42b9aa2a4f\"\u003e\u003ccode\u003e13846cc\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a43746997ad6f2b4a8829c69c919f4d4c2cc0698\"\u003e\u003ccode\u003ea437469\u003c/code\u003e\u003c/a\u003e 🔧 Add Typer Library Skill for Agents (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1620\"\u003e#1620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/ba6cc2c9e7cba35f891c91118e228e1d2da35edb\"\u003e\u003ccode\u003eba6cc2c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/0f3ead07c2bb384fdd590e895ca6705582c58d89\"\u003e\u003ccode\u003e0f3ead0\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.11 to 0.15.12 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1722\"\u003e#1722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/db4ade64936599b3460f2fc0a7c550c3fedc33b0\"\u003e\u003ccode\u003edb4ade6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5a5206ceed2afdf234f88a6e2ef74ad9ebdf0d92\"\u003e\u003ccode\u003e5a5206c\u003c/code\u003e\u003c/a\u003e ⬆ Bump prek from 0.3.10 to 0.3.11 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1723\"\u003e#1723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959845e173b4bec0d606d99247815c2710613ca8\"\u003e\u003ccode\u003e959845e\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5e1fcfb5935e7ac3ff3c7526ef297eae31bd4822\"\u003e\u003ccode\u003e5e1fcfb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/dfb21ad034804584702d553ebfba40d8f4d791b9\"\u003e\u003ccode\u003edfb21ad\u003c/code\u003e\u003c/a\u003e 🚸 Don't truncate code lines in traceback when formatted with Rich (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1695\"\u003e#1695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.16.0...0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.35.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#...\n\n_Description has been truncated_","html_url":"https://github.com/tmohanvamsi/kagent/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmohanvamsi%2Fkagent/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"},{"uuid":"4513542773","node_id":"PR_kwDOQFZ20c7e3pTQ","number":96,"state":"open","title":"chore(deps): bump the python-minor group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T00:57:43.000Z","updated_at":"2026-05-25T00:58:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor","update_count":26,"packages":[{"name":"fastapi","old_version":"0.135.2","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"pyjwt","old_version":"2.12.0","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.28.0","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.15.5","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"anyio","old_version":"4.12.0","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"authlib","old_version":"1.6.11","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"limits","old_version":"5.6.0","new_version":"5.8.0","repository_url":"https://github.com/alisaifee/limits"},{"name":"mako","old_version":"1.3.10","new_version":"1.3.12","repository_url":"https://github.com/sqlalchemy/mako"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wrapt","old_version":"2.0.1","new_version":"2.2.1","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.12.0","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"librt","old_version":"0.7.5","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor group with 26 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.2` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.48.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.29` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.50` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.0` | `2.13.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.28.0` | `3.29.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.14` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.0` | `4.13.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.11` | `1.7.2` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [limits](https://github.com/alisaifee/limits) | `5.6.0` | `5.8.0` |\n| [mako](https://github.com/sqlalchemy/mako) | `1.3.10` | `1.3.12` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.47.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.0.1` | `2.2.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.12.0` | `7.14.0` |\n| [librt](https://github.com/mypyc/librt) | `0.7.5` | `0.11.0` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n\n\nUpdates `fastapi` from 0.135.2 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.2...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.41.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.41.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.5.0 (2026-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the \u003ccode\u003eatexit\u003c/code\u003e callback. This callback caused greenlet APIs\nto become unavailable far too soon during interpreter shutdown. Now\nthey remain available while all \u003ccode\u003eatexit\u003c/code\u003e callbacks run. Sometime\nafter \u003ccode\u003ePy_IsFinalizing\u003c/code\u003e becomes true, they may begin misbehaving.\nBecause the order in which C extensions are finalized is undefined,\nC extensions that are sensitive to this need to check the results of\nthat function before invoking greenlet APIs. As a convenience,\n\u003ccode\u003ePyGreenlet_GetCurrent\u003c/code\u003e sets an exception and returns \u003ccode\u003eNULL\u003c/code\u003e\nwhen this happens (and \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e begins returning\n\u003ccode\u003eNone\u003c/code\u003e); other greenlet C API functions have undefined behaviour.\nMethods invoked directly on pre-existing \u003ccode\u003egreenlet.greenlet\u003c/code\u003e\nobjects will continue to function at least until the greenlet C\nextension has been garbage collected and finalized.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 508 \u0026lt;https://github.com/python-greenlet/greenlet/pull/508\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c7acc72000572811d6462ebe01733a974f194990\"\u003e\u003ccode\u003ec7acc72\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/d08f99bf40801c5d57af6e13631c0ba68300ecf7\"\u003e\u003ccode\u003ed08f99b\u003c/code\u003e\u003c/a\u003e CHANGES: Update link from \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/507\"\u003e#507\u003c/a\u003e to more full description in \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/fd3391e33cedc7a17a86059f18dfbec2b3a320bd\"\u003e\u003ccode\u003efd3391e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e from python-greenlet/issue507-remove-atexit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.0 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd typing_extensions dependency for Python \u0026lt; 3.11 by \u003ca href=\"https://github.com/jpadilla\"\u003e\u003ccode\u003e@​jpadilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1151\"\u003ejpadilla/pyjwt#1151\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/py...\n\n_Description has been truncated_","html_url":"https://github.com/Dashtid/portfolio-site/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dashtid%2Fportfolio-site/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"},{"uuid":"4499084785","node_id":"PR_kwDORf90e87eKkop","number":88,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:37:23.000Z","updated_at":"2026-05-22T01:39:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":4,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"boto3","old_version":"1.43.1","new_version":"1.43.6","repository_url":"https://github.com/boto/boto3"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.59.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 4 updates: [authlib](https://github.com/authlib/authlib), [boto3](https://github.com/boto/boto3), [sentry-sdk](https://github.com/getsentry/sentry-python) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `authlib` from 1.7.0 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.43.1 to 1.43.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ffb57127b34717b2fc7bec24fa40cf704f0a8be3\"\u003e\u003ccode\u003effb5712\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/cc7756ae5fc938dcdb7faf040f784bba104e99b8\"\u003e\u003ccode\u003ecc7756a\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/500f6a7eb0e3f6f42b2bbebf17e247876ec19ec3\"\u003e\u003ccode\u003e500f6a7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05f562852738753a48281fa921b41dd2dd0c1829\"\u003e\u003ccode\u003e05f5628\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.5' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/65d9798835899f8c93db40ed64e1fba12c2523f8\"\u003e\u003ccode\u003e65d9798\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/357614a4cd164e04f77644e834a759532d2a6d1d\"\u003e\u003ccode\u003e357614a\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5128f23a87085e297fb40e3bc4c8b194fa0173ba\"\u003e\u003ccode\u003e5128f23\u003c/code\u003e\u003c/a\u003e Bump \u003ca href=\"https://github.com/astral-sh/ruff-pre-commit\"\u003ehttps://github.com/astral-sh/ruff-pre-commit\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4785\"\u003e#4785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/96f1897f47cb95d6105d8752d56813fd7140e6d1\"\u003e\u003ccode\u003e96f1897\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/91de1d8888a5fcc50622157a0527de344e217c8d\"\u003e\u003ccode\u003e91de1d8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.4' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.43.1...1.43.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.58.0 to 2.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.59.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e on Invoke Agent Spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5926\"\u003e#5926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_tool_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5925\"\u003e#5925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_chat_model_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5924\"\u003e#5924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ci) Cancel in-progress PR workflows on new commit push by \u003ca href=\"https://github.com/joshuarli\"\u003e\u003ccode\u003e@​joshuarli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5994\"\u003e#5994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(consts) Add updated span convention constants to SPANDATA by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6093\"\u003e#6093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(fastapi) Support span streaming in active thread tracking by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6118\"\u003e#6118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(httpx) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6084\"\u003e#6084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(huggingface_hub) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6124\"\u003e#6124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(mcp) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6131\"\u003e#6131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edb.driver.name\u003c/code\u003e spans to database integrations by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6082\"\u003e#6082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cp\u003eWe've put additional data that might contain sensitive information, like GraphQL documents, behind the \u003ccode\u003esend_default_pii\u003c/code\u003e option.\u003c/p\u003e\n\u003ch4\u003eHttpx\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eConsistently early-exit when adding request source by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6151\"\u003e#6151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003ecode.namespace\u003c/code\u003e and \u003ccode\u003ecode.function\u003c/code\u003e instead of \u003ccode\u003ecode.function.name\u003c/code\u003e in span streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6150\"\u003e#6150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e for text completions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6073\"\u003e#6073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet agent name as \u003ccode\u003egen_ai.agent.name\u003c/code\u003e for chat and tool spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5877\"\u003e#5877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(asgi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e on Python 3.14+ by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6135\"\u003e#6135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(batcher) Reset lock and flusher in child after fork by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6163\"\u003e#6163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(google_genai) Redact binary data in inline_data and fix multi-part message extraction by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5977\"\u003e#5977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(grpc) Add isolation_scope to async server interceptor by \u003ca href=\"https://github.com/robinvd\"\u003e\u003ccode\u003e@​robinvd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5940\"\u003e#5940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(metrics,logs) Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6162\"\u003e#6162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(monitor) Release \u003ccode\u003eMonitor._thread_lock\u003c/code\u003e after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6148\"\u003e#6148\u003c/a\u003e) by \u003ca href=\"https://github.com/vokracko\"\u003e\u003ccode\u003e@​vokracko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6159\"\u003e#6159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Resolve agent from \u003ccode\u003ebindings\u003c/code\u003e for openai-agents \u0026gt;= 0.14 by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6102\"\u003e#6102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(profiler) Stop nulling buffer on teardown by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6075\"\u003e#6075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(quart) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Quart does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6133\"\u003e#6133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(security) Prevent GitHub script injection in update-tox workflow by \u003ca href=\"https://github.com/fix-it-felix-sentry\"\u003e\u003ccode\u003e@​fix-it-felix-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6171\"\u003e#6171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(starlette/fastapi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Starlette does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6134\"\u003e#6134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(tornado) Make sure context manager doesn't double yield by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6152\"\u003e#6152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compatible by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6177\"\u003e#6177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.59.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e on Invoke Agent Spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5926\"\u003e#5926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_tool_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5925\"\u003e#5925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_chat_model_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5924\"\u003e#5924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ci) Cancel in-progress PR workflows on new commit push by \u003ca href=\"https://github.com/joshuarli\"\u003e\u003ccode\u003e@​joshuarli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5994\"\u003e#5994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(consts) Add updated span convention constants to SPANDATA by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6093\"\u003e#6093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(fastapi) Support span streaming in active thread tracking by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6118\"\u003e#6118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(httpx) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6084\"\u003e#6084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(huggingface_hub) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6124\"\u003e#6124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(mcp) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6131\"\u003e#6131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edb.driver.name\u003c/code\u003e spans to database integrations by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6082\"\u003e#6082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cp\u003eWe've put additional data that might contain sensitive information, like GraphQL documents, behind the \u003ccode\u003esend_default_pii\u003c/code\u003e option.\u003c/p\u003e\n\u003ch4\u003eHttpx\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eConsistently early-exit when adding request source by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6151\"\u003e#6151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003ecode.namespace\u003c/code\u003e and \u003ccode\u003ecode.function\u003c/code\u003e instead of \u003ccode\u003ecode.function.name\u003c/code\u003e in span streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6150\"\u003e#6150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e for text completions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6073\"\u003e#6073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet agent name as \u003ccode\u003egen_ai.agent.name\u003c/code\u003e for chat and tool spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5877\"\u003e#5877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(asgi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e on Python 3.14+ by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6135\"\u003e#6135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(batcher) Reset lock and flusher in child after fork by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6163\"\u003e#6163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(google_genai) Redact binary data in inline_data and fix multi-part message extraction by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5977\"\u003e#5977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(grpc) Add isolation_scope to async server interceptor by \u003ca href=\"https://github.com/robinvd\"\u003e\u003ccode\u003e@​robinvd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5940\"\u003e#5940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(metrics,logs) Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6162\"\u003e#6162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(monitor) Release \u003ccode\u003eMonitor._thread_lock\u003c/code\u003e after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6148\"\u003e#6148\u003c/a\u003e) by \u003ca href=\"https://github.com/vokracko\"\u003e\u003ccode\u003e@​vokracko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6159\"\u003e#6159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Resolve agent from \u003ccode\u003ebindings\u003c/code\u003e for openai-agents \u0026gt;= 0.14 by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6102\"\u003e#6102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(profiler) Stop nulling buffer on teardown by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6075\"\u003e#6075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(quart) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Quart does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6133\"\u003e#6133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(security) Prevent GitHub script injection in update-tox workflow by \u003ca href=\"https://github.com/fix-it-felix-sentry\"\u003e\u003ccode\u003e@​fix-it-felix-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6171\"\u003e#6171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(starlette/fastapi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Starlette does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6134\"\u003e#6134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(tornado) Make sure context manager doesn't double yield by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6152\"\u003e#6152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compatible by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6177\"\u003e#6177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/689cb97e333534f093f16f75f2c212a986bab7e5\"\u003e\u003ccode\u003e689cb97\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/397dda917fa40782e48e24ac01ecf822de0771fc\"\u003e\u003ccode\u003e397dda9\u003c/code\u003e\u003c/a\u003e release: 2.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c254a8f8bbd2009c409b12c50d6075e262c6f8\"\u003e\u003ccode\u003ec0c254a\u003c/code\u003e\u003c/a\u003e test: Rename file (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6194\"\u003e#6194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d90a9238ccf84dd49b2c994e8cbc9cc7b8fdbf80\"\u003e\u003ccode\u003ed90a923\u003c/code\u003e\u003c/a\u003e ref(batcher): Only flush the bucket that triggered the flush event (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6168\"\u003e#6168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/6436518b21943881122e0cc6e0e49fe1355fd23f\"\u003e\u003ccode\u003e6436518\u003c/code\u003e\u003c/a\u003e ci: 🤖 Update test matrix with new releases (05/04) (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6186\"\u003e#6186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/98294ceeb77376237ce9c4cac66b1925adb37f54\"\u003e\u003ccode\u003e98294ce\u003c/code\u003e\u003c/a\u003e fix: Introduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compati...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66b3c6b8178dd6fa8e2e976481a642b53db27319\"\u003e\u003ccode\u003e66b3c6b\u003c/code\u003e\u003c/a\u003e test(fastmcp): Span streaming tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6167\"\u003e#6167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/b5735abb51b21dba8cee1f35a918dbe51babf038\"\u003e\u003ccode\u003eb5735ab\u003c/code\u003e\u003c/a\u003e fix(batcher): Reset lock and flusher in child after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6163\"\u003e#6163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/fc3eab43a6ee9af6fced602d5c56467e2d690603\"\u003e\u003ccode\u003efc3eab4\u003c/code\u003e\u003c/a\u003e fix(metrics,logs): Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6162\"\u003e#6162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/8e5bd96c7a21839b54849f813d834d46969abd2a\"\u003e\u003ccode\u003e8e5bd96\u003c/code\u003e\u003c/a\u003e test: Assert presence of profile chunks after shutdown (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6174\"\u003e#6174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.58.0...2.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"},{"uuid":"4495480402","node_id":"PR_kwDOP3ly0c7d-0P5","number":381,"state":"closed","title":"deps(deps): bump the uv-minor-patch group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T11:25:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T14:44:10.000Z","updated_at":"2026-05-30T11:25:52.000Z","time_to_close":765701,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"uv-minor-patch","update_count":20,"packages":[{"name":"fastapi","old_version":"0.128.7","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.47.0"},{"name":"sqlalchemy","old_version":"2.0.46","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"azure-core","old_version":"1.38.1","new_version":"1.41.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-identity","old_version":"1.25.2","new_version":"1.25.3","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-storage-blob","old_version":"12.28.0","new_version":"12.29.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"psycopg","old_version":"3.3.2","new_version":"3.3.4"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"orjson","old_version":"3.11.7","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"greenlet","old_version":"3.3.1","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"authlib","old_version":"1.6.7","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"sse-starlette","old_version":"3.2.0","new_version":"3.4.4","repository_url":"https://github.com/sysid/sse-starlette"},{"name":"typer","old_version":"0.21.2","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uv","old_version":"0.10.2","new_version":"0.11.16","repository_url":"https://github.com/astral-sh/uv"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.14.14","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"openapi-spec-validator","old_version":"0.7.2","new_version":"0.9.0","repository_url":"https://github.com/python-openapi/openapi-spec-validator"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-minor-patch group with 20 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.7` | `0.136.1` |\n| [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.47.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.46` | `2.0.49` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.1` | `1.41.0` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` |\n| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.28.0` | `12.29.0` |\n| [psycopg[binary]](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.1` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.7` | `3.11.9` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.1` | `3.5.1` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.7` | `1.7.2` |\n| [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.4.4` |\n| [typer](https://github.com/fastapi/typer) | `0.21.2` | `0.25.1` |\n| [uv](https://github.com/astral-sh/uv) | `0.10.2` | `0.11.16` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.14` |\n| [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.7.2` | `0.9.0` |\n\n\nUpdates `fastapi` from 0.128.7 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.7...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn[standard]` from 0.40.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn[standard]'s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEmit \u003ccode\u003ehttp.disconnect\u003c/code\u003e ASGI \u003ccode\u003ereceive()\u003c/code\u003e event on server shutting down for streaming responses (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse native \u003ccode\u003econtext\u003c/code\u003e parameter for \u003ccode\u003ecreate_task\u003c/code\u003e on Python 3.11+ (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2859\"\u003e#2859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop cast in ASGI types (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2875\"\u003e#2875\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn[standard]'s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0 (April 6, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2888\"\u003e#2888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.43.0 (April 3, 2026)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.40.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.46 to 2.0.49\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.49\u003c/h1\u003e\n\u003cp\u003eReleased: April 3, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.Session.get()\u003c/code\u003e would bypass the identity map\nand emit unnecessary SQL when \u003ccode\u003ewith_for_update=False\u003c/code\u003e was passed,\nrather than treating it equivalently to the default of \u003ccode\u003eNone\u003c/code\u003e.\nPull request courtesy of Joshua Swanson.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13176\"\u003e#13176\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where chained \u003ccode\u003e_orm.joinedload()\u003c/code\u003e options would not be\napplied correctly when the final relationship in the chain is declared on a\nbase mapper and accessed through a subclass mapper in a\n\u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e query. The path registry now correctly\ncomputes the natural path when a property declared on a base class is\naccessed through a path containing a subclass mapper, ensuring the loader\noption can be located during query compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13193\"\u003e#13193\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug] [inheritance]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.Load.options()\u003c/code\u003e to apply a chained loader\noption such as \u003ccode\u003e_orm.joinedload()\u003c/code\u003e or \u003ccode\u003e_orm.selectinload()\u003c/code\u003e with\n\u003ccode\u003e_orm.PropComparator.of_type()\u003c/code\u003e for a polymorphic relationship would\nnot generate the necessary clauses for the polymorphic subclasses. The\npolymorphic loading strategy is now correctly propagated when using a call\nsuch as \u003ccode\u003ejoinedload(A.b).options(joinedload(B.c.of_type(poly)))\u003c/code\u003e to match\nthe behavior of direct chaining e.g.\n\u003ccode\u003ejoinedload(A.b).joinedload(B.c.of_type(poly))\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13202\"\u003e#13202\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug] [inheritance]\u003c/strong\u003e Fixed issue where using chained loader options such as\n\u003ccode\u003e_orm.selectinload()\u003c/code\u003e after \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003e_orm.PropComparator.of_type()\u003c/code\u003e for a polymorphic relationship would\nnot properly apply the chained loader option. The loader option is now\ncorrectly applied when using a call such as\n\u003ccode\u003ejoinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c)\u003c/code\u003e to eagerly\nload related objects.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13209\"\u003e#13209\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003etyping\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e[typing] [bug]\u003c/strong\u003e Fixed a typing issue where the typed members of :data:\u003ccode\u003e.func\u003c/code\u003e would return\nthe appropriate class of the same name, however this creates an issue for\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-core` from 1.38.1 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-core_1.41.0\u003c/h2\u003e\n\u003ch2\u003e1.41.0 (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e now accepts \u003ccode\u003eVERBOSE\u003c/code\u003e (case-insensitive) as an alias for \u003ccode\u003eDEBUG\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eInvalid values for the \u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e, \u003ccode\u003eAZURE_TRACING_ENABLED\u003c/code\u003e, and \u003ccode\u003eAZURE_SDK_TRACING_IMPLEMENTATION\u003c/code\u003e environment variables no longer raise errors. Instead, a warning is logged and the default value is used (\u003ccode\u003eINFO\u003c/code\u003e for \u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eazure-core_1.40.0\u003c/h2\u003e\n\u003ch2\u003e1.40.0 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for per-operation \u003ccode\u003ehttp_logging_level\u003c/code\u003e overrides in \u003ccode\u003eHttpLoggingPolicy\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44115\"\u003e#44115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduced the keyword argument \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e to \u003ccode\u003eDistributedTracingPolicy\u003c/code\u003e and \u003ccode\u003eHttpLoggingPolicy\u003c/code\u003e to allow users to specify additional URL query parameters that should not be redacted in span attributes or logs. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eUsers can specify this at the SDK client level by passing \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e to the client constructor. For example: \u003ccode\u003eclient = ServiceClient(..., additional_allowed_query_params={\u0026quot;custom_param\u0026quot;})\u003c/code\u003e. This will apply to all operations performed by the client.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eURL attributes in HTTP tracing spans will now have query parameters sanitized by default. To add additional query parameters that should not be redacted, use the \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e argument in your client constructor. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.9 is no longer supported. Please use Python version 3.10 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/26802e41e25313136e4fa60788113262eaab8130\"\u003e\u003ccode\u003e26802e4\u003c/code\u003e\u003c/a\u003e update version and release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46738\"\u003e#46738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/34539ef0d7bc6c8248fb28c8509b83530033fd23\"\u003e\u003ccode\u003e34539ef\u003c/code\u003e\u003c/a\u003e auto fallback when loading settings from env (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/71121118731e3190e671ebeceab222ec7c0a0539\"\u003e\u003ccode\u003e7112111\u003c/code\u003e\u003c/a\u003e Increment version for core releases (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46660\"\u003e#46660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/c14e6ba98f0302547bb22fa341cdf727214377e5\"\u003e\u003ccode\u003ec14e6ba\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46612\"\u003e#46612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a08ffff3a2a0960b904b869f059bd9b19d3ace26\"\u003e\u003ccode\u003ea08ffff\u003c/code\u003e\u003c/a\u003e [Core] Set kwarg explicitly in method signatures (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46633\"\u003e#46633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/2bdb89e8f7e7036619df22d0d8230365f74d9863\"\u003e\u003ccode\u003e2bdb89e\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46631\"\u003e#46631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/73df99a4d919be6c63773a15167134398ef47347\"\u003e\u003ccode\u003e73df99a\u003c/code\u003e\u003c/a\u003e [Core] Add + refactor query param sanitization (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3db7fb5cb797be5149d974b4af3d8049addcb69d\"\u003e\u003ccode\u003e3db7fb5\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ecore\u003c/code\u003e flask server startup (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46263\"\u003e#46263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e18edb6361ce9b1ec62cf72c22d4425a277cfef7\"\u003e\u003ccode\u003ee18edb6\u003c/code\u003e\u003c/a\u003e Swap CI to \u003ccode\u003eCFS\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45995\"\u003e#45995\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/bd33bafb4f19d65965e0f2c9b1e77af694a517ba\"\u003e\u003ccode\u003ebd33baf\u003c/code\u003e\u003c/a\u003e \u003cem\u003e\u003cstrong\u003eNO_CI\u003c/strong\u003e\u003c/em\u003e [Doc] Update references to wiki pages (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46169\"\u003e#46169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.38.1...azure-core_1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-identity` from 1.25.2 to 1.25.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a989ea467731265fdf097b622ba254703187746b\"\u003e\u003ccode\u003ea989ea4\u003c/code\u003e\u003c/a\u003e [Identity] Prep patch release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/79728834e7f38018d372860cf9117bf51d9ed417\"\u003e\u003ccode\u003e7972883\u003c/code\u003e\u003c/a\u003e [Identity] Adjust refresh logic (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45496\"\u003e#45496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/04764a9a8a0cb59aab6421b41152246853dfcfe8\"\u003e\u003ccode\u003e04764a9\u003c/code\u003e\u003c/a\u003e add psscript to convert apiview json files to md (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45589\"\u003e#45589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/50e01659d7204865dfa07c5ece1019ed9a229b4f\"\u003e\u003ccode\u003e50e0165\u003c/code\u003e\u003c/a\u003e Sync eng/common directory with azure-sdk-tools for PR 14461 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45646\"\u003e#45646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5333117e0e181404ff4deaa757e9b6ef86dabf8b\"\u003e\u003ccode\u003e5333117\u003c/code\u003e\u003c/a\u003e Add Bo to /sdk/ai/azure-ai-projects owner list (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45664\"\u003e#45664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/775d6942e4335422fc69da8e997a6069e356b104\"\u003e\u003ccode\u003e775d694\u003c/code\u003e\u003c/a\u003e Doc and automation updates for .github sync directory changes (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45630\"\u003e#45630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/c6e48b5cd71adf5728a5e2f33bc9f62fb221221f\"\u003e\u003ccode\u003ec6e48b5\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45656\"\u003e#45656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ae769c4e9379c8d309bffa5ccb76dcfba64e1f71\"\u003e\u003ccode\u003eae769c4\u003c/code\u003e\u003c/a\u003e Fix custom Memory Stores LRO poller operation (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45662\"\u003e#45662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6074492844d670316eb171756483f1394a6c94c7\"\u003e\u003ccode\u003e6074492\u003c/code\u003e\u003c/a\u003e Add asset id none check in dt (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45618\"\u003e#45618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e1a986aeb7a8001bd3a4f336cf096c2b050aa480\"\u003e\u003ccode\u003ee1a986a\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.10 to 7.5.11 in /eng/common/tsp-client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45640\"\u003e#45640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-identity_1.25.2...azure-identity_1.25.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-storage-blob` from 12.28.0 to 12.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-storage-blob's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-storage-blob_12.29.0\u003c/h2\u003e\n\u003ch2\u003e12.29.0 (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStable release of features from 12.29.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eBlobClient\u003c/code\u003e's \u003ccode\u003edownload_blob\u003c/code\u003e did not retry upon\n\u003ccode\u003eServiceReponseError\u003c/code\u003e and \u003ccode\u003eServiceResponseTimeoutError\u003c/code\u003e exceptions\u003c/li\u003e\n\u003cli\u003eFixed various issues with configuring logging via \u003ccode\u003elogging_enable\u003c/code\u003e and \u003ccode\u003elogging_body\u003c/code\u003e keywords on a per-request\nbasis and with retries. Prior to this fix logging may have not behaved as expected, especially on retries.\u003c/li\u003e\n\u003cli\u003eFix a potential memory leak caused by improper exception handling that could occur under rare circumstances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e73548b8a2e8fa20c3ae9114e94b548cb69a309e\"\u003e\u003ccode\u003ee73548b\u003c/code\u003e\u003c/a\u003e Release date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/60f7b1669ff9fbb04fb0655054ac8963a1a7c8fc\"\u003e\u003ccode\u003e60f7b16\u003c/code\u003e\u003c/a\u003e Changed release date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5280297029137c50a658d9076eee9f0904314ff1\"\u003e\u003ccode\u003e5280297\u003c/code\u003e\u003c/a\u003e Modified release date to 5/12/2026\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/15e1ae938b23ef5615b354c9d0e0ce4d53b45080\"\u003e\u003ccode\u003e15e1ae9\u003c/code\u003e\u003c/a\u003e \u003cem\u003e\u003cstrong\u003eNO_CI\u003c/strong\u003e\u003c/em\u003e [Doc] Update references to wiki pages (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46169\"\u003e#46169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3f5c4d24273a6de44dbbb3499a6df1684a0dbba2\"\u003e\u003ccode\u003e3f5c4d2\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ecibuildwheel\u003c/code\u003e not necessary in \u003ccode\u003ebuild-system\u003c/code\u003e metadata for `azure-storage-ex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5b5b757fd10bd3df17085d1d2004185652154c93\"\u003e\u003ccode\u003e5b5b757\u003c/code\u003e\u003c/a\u003e Modified release date to 2026-05-11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/8b9a3e5b05be15f247d0b01fa82bce38dfda627a\"\u003e\u003ccode\u003e8b9a3e5\u003c/code\u003e\u003c/a\u003e [Storage][101] Cherry pick recent fixes and release prep (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46659\"\u003e#46659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fdae976c1db9fbab1b313bd41703e1c3c863404b\"\u003e\u003ccode\u003efdae976\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into release/storage/stg101\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/1e540de672e6e5f51f4e9302491b0809978e8966\"\u003e\u003ccode\u003e1e540de\u003c/code\u003e\u003c/a\u003e Fix typing contract for max_concurrency in File Share client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45637\"\u003e#45637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fa44dea36fbb8948acb7035a25b2a918cb9e29db\"\u003e\u003ccode\u003efa44dea\u003c/code\u003e\u003c/a\u003e Fix typing contract for max_concurrency in Datalake client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45631\"\u003e#45631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-storage-blob_12.28.0...azure-storage-blob_12.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg[binary]` from 3.3.2 to 3.3.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg/blob/master/docs/news.rst\"\u003epsycopg[binary]'s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. currentmodule:: psycopg\u003c/p\u003e\n\u003cp\u003e.. index::\nsingle: Release notes\nsingle: News\u003c/p\u003e\n\u003ch1\u003e\u003ccode\u003epsycopg\u003c/code\u003e release notes\u003c/h1\u003e\n\u003ch2\u003eFuture releases\u003c/h2\u003e\n\u003cp\u003ePsycopg 3.3.5 (unreleased)\n^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDiscard prepared statements upon :sql:\u003ccode\u003eALTER *\u003c/code\u003e or \u003ccode\u003eDISCARD *\u003c/code\u003e\n(:ticket:\u003ccode\u003e[#1307](https://github.com/psycopg/psycopg/issues/1307)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003ePsycopg 3.3.4\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix possible spurious connection timeout in systems with very long uptimes\nin C extension (:ticket:\u003ccode\u003e[#1280](https://github.com/psycopg/psycopg/issues/1280)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix client-side adaptation of enums whose name require quotes\n(:ticket:\u003ccode\u003e[#1298](https://github.com/psycopg/psycopg/issues/1298)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eConsistently populate \u003ccode\u003e~Cursor.statusmessage\u003c/code\u003e after \u003ccode\u003e~Cursor.executemany()\u003c/code\u003e\n(:ticket:\u003ccode\u003e[#1302](https://github.com/psycopg/psycopg/issues/1302)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePsycopg 3.3.3\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRetain \u003ccode\u003eError.pgconn\u003c/code\u003e when raising a single exception for multiple connection\nattempt errors (:ticket:\u003ccode\u003e[#1246](https://github.com/psycopg/psycopg/issues/1246)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eReturn a proper error when server sends \u003ccode\u003eErrorResponse\u003c/code\u003e for a \u003ccode\u003eSync\u003c/code\u003e after\na \u003ccode\u003eParse\u003c/code\u003e (:ticket:\u003ccode\u003e[#1260](https://github.com/psycopg/psycopg/issues/1260)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePsycopg 3.3.2\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eFix race condition in adapters at startup (:ticket:\u003ccode\u003e[#1230](https://github.com/psycopg/psycopg/issues/1230)\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003ePsycopg 3.3.1\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/83f110367cdd249cc0a352e2246ecea9e878e5a0\"\u003e\u003ccode\u003e83f1103\u003c/code\u003e\u003c/a\u003e chore: bump psycopg_pool package version to 3.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/18287707f56a2b4f0817d9c23d137f5d69db6e31\"\u003e\u003ccode\u003e1828770\u003c/code\u003e\u003c/a\u003e chore: bump psycopg package version to 3.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/8be14bbc18f74de7652606d2777e0950ec804cc0\"\u003e\u003ccode\u003e8be14bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg/issues/1301\"\u003e#1301\u003c/a\u003e from oliverhaas/fix/sync-pool-open-race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/aee0bf2659db77c31154acf583baf0a98675c192\"\u003e\u003ccode\u003eaee0bf2\u003c/code\u003e\u003c/a\u003e fix(pool): fix race in the construction of the sync ConnectionPool lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/bc4d30375557fc32f2a91c2f8b75a5d21711ea89\"\u003e\u003ccode\u003ebc4d303\u003c/code\u003e\u003c/a\u003e chore(deps): bump the actions group across 1 directory with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/785379f196fc17473d312451a1fd4a06ef8dc895\"\u003e\u003ccode\u003e785379f\u003c/code\u003e\u003c/a\u003e fix: retain statusmessage after executemany with returning=False\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/8882a73871e65727549657085922d043a106127c\"\u003e\u003ccode\u003e8882a73\u003c/code\u003e\u003c/a\u003e perf: do less if X in Y: return Y[X] for cache-like patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/2f785395c189e709da5fa74a02d3797bfb9db6a4\"\u003e\u003ccode\u003e2f78539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg/issues/1299\"\u003e#1299\u003c/a\u003e from dvarrazzo/fix-camel-enum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/37ef1dc4e6d19dc4af062d45a63243cb96a261c2\"\u003e\u003ccode\u003e37ef1dc\u003c/code\u003e\u003c/a\u003e test: skip test on crdb depending on precise regtype behaviour\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/7f2f1d159df881260e3086fd61ea71343ca98e58\"\u003e\u003ccode\u003e7f2f1d1\u003c/code\u003e\u003c/a\u003e fix: fix client-side representation of enums requiring quotes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg/compare/3.3.2...3.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.12.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.11.7 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.8\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.8 - 2026-03-31\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/5cbb3d0398a2f42de51210270286fecd798c5d78\"\u003e\u003ccode\u003e5cbb3d0\u003c/code\u003e\u003c/a\u003e 3.11.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4195d7f263e33076295b75efdcbaf6a55af8674e\"\u003e\u003ccode\u003e4195d7f\u003c/code\u003e\u003c/a\u003e writer::half\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d00641b69410728a735f0855eb1c2843b0a5819b\"\u003e\u003ccode\u003ed00641b\u003c/code\u003e\u003c/a\u003e writer::uuid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c84d9b4ba4853781af943fa5c493e261e2f82b84\"\u003e\u003ccode\u003ec84d9b4\u003c/code\u003e\u003c/a\u003e build and compatibility misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4547234b681fac5e0e0734cf44c21e75f9654e43\"\u003e\u003ccode\u003e4547234\u003c/code\u003e\u003c/a\u003e ffi::numpy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/0d4a5ad1f17a72528ba027554466fdec6580cdeb\"\u003e\u003ccode\u003e0d4a5ad\u003c/code\u003e\u003c/a\u003e datetime PyRef idiom\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/e93a13d372ec956d027e71d023eb534b8445ac85\"\u003e\u003ccode\u003ee93a13d\u003c/code\u003e\u003c/a\u003e Cross-compile avoids maturin v1.12 build-details.json error\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.7...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FI...\n\n_Description has been truncated_","html_url":"https://github.com/clac-ca/automatic-data-extractor/pull/381","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/clac-ca%2Fautomatic-data-extractor/issues/381","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/381/packages"},{"uuid":"4481151523","node_id":"PR_kwDOPRTWIc7dQkTM","number":2085,"state":"open","title":"build(deps): bump the uv group across 8 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:22:46.000Z","updated_at":"2026-05-19T21:25:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n\nBumps the uv group with 1 update in the /microservices/auditor_service directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 5 updates in the /microservices/memory_agent directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\nBumps the uv group with 5 updates in the /microservices/observability_service directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\nBumps the uv group with 1 update in the /microservices/planning_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 1 update in the /microservices/reasoning_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 1 update in the /microservices/research_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 5 updates in the /microservices/user_service directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\n\nUpdates `authlib` from 1.6.6 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `litellm` from 1.50.0 to 1.83.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-trace-dev-v1.81.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(vertex): add gemini-3.1-flash-image-preview to model DB by \u003ca href=\"https://github.com/emerzon\"\u003e\u003ccode\u003e@​emerzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22223\"\u003eBerriAI/litellm#22223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(spendlogs): optimize old spendlog deletion cron job by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21930\"\u003eBerriAI/litellm#21930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix converse handling for parallel_tool_calls by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22267\"\u003eBerriAI/litellm#22267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix]Preserve forwarding server side called tools by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22260\"\u003eBerriAI/litellm#22260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix free models working from UI by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22258\"\u003eBerriAI/litellm#22258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v1 for anthropic responses transformation by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22087\"\u003eBerriAI/litellm#22087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Bug]Add ChatCompletionImageObject in OpenAIChatCompletionAssistantMessage by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22155\"\u003eBerriAI/litellm#22155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: poetry lock by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22293\"\u003eBerriAI/litellm#22293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable local file support for OCR by \u003ca href=\"https://github.com/noahnistler\"\u003e\u003ccode\u003e@​noahnistler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22133\"\u003eBerriAI/litellm#22133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mcp): Strip stale mcp-session-id to prevent 400 errors across proxy workers by \u003ca href=\"https://github.com/gavksingh\"\u003e\u003ccode\u003e@​gavksingh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21417\"\u003eBerriAI/litellm#21417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] Access group CRUD: Bidirectional team/key sync by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22253\"\u003eBerriAI/litellm#22253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd LLMClientCache regression tests for httpx client eviction safety by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22306\"\u003eBerriAI/litellm#22306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(models): add gpt-audio-1.5 to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22303\"\u003eBerriAI/litellm#22303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(models): add gpt-realtime-1.5 to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22304\"\u003eBerriAI/litellm#22304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(models): function calling for PublicAI Apertus models by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21582\"\u003eBerriAI/litellm#21582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests: add llmclientcache regression tests by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22313\"\u003eBerriAI/litellm#22313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd deprecation dates for xAI grok-2-vision-1212 and grok-3-mini models by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20102\"\u003eBerriAI/litellm#20102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(model_prices): add OpenRouter native models to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20520\"\u003eBerriAI/litellm#20520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenRouter Opus 4.6 to model map and update Claude Opus 4.6 docs by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20525\"\u003eBerriAI/litellm#20525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Include timestamps in /project/list response by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22323\"\u003eBerriAI/litellm#22323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Projects: Add Projects page with list and create flows by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22315\"\u003eBerriAI/litellm#22315\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/claude code plugin schema by \u003ca...\n\n_Description has been truncated_","html_url":"https://github.com/HOUSSAM16ai/NAAS-Agentic-Core/pull/2085","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HOUSSAM16ai%2FNAAS-Agentic-Core/issues/2085","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2085/packages"},{"uuid":"4481035747","node_id":"PR_kwDONhLw9c7dQL5A","number":185,"state":"open","title":"Bump the uv group across 12 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:04:35.000Z","updated_at":"2026-06-01T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":9,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"banks","old_version":"2.3.0","new_version":"2.4.2","repository_url":"https://github.com/masci/banks"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /backend directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /platform-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /prompt-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /runner directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 3 updates in the /tool-sidecar directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 7 updates in the /unstract/connectors directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.3.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.1` | `5.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/filesystem directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/sdk1 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.4` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/tool-registry directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 6 updates in the /unstract/workflow-execution directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.4.1` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n\nBumps the uv group with 1 update in the /workers directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /x2text-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/unstract/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Funstract/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"},{"uuid":"4463158238","node_id":"PR_kwDOPPVzR87cW-il","number":111,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T10:29:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T10:22:52.000Z","updated_at":"2026-05-17T10:29:13.000Z","time_to_close":372,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":2,"packages":[{"name":"authlib","old_version":"1.6.11","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `authlib` from 1.6.11 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/luarss/openroad-mcp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/luarss/openroad-mcp/pull/111","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarss%2Fopenroad-mcp/issues/111","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/111/packages"},{"uuid":"4461881090","node_id":"PR_kwDOSR0SFM7cTPUb","number":12,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T22:53:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T01:19:45.000Z","updated_at":"2026-05-19T22:53:44.000Z","time_to_close":250437,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"langchain-core","old_version":"1.3.1","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pip","old_version":"26.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"langsmith","old_version":"0.7.34","new_version":"0.8.5","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"smolagents","old_version":"1.22.0","new_version":"1.25.0","repository_url":"https://github.com/huggingface/smolagents"},{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"python-liquid","old_version":"2.1.0","new_version":"2.2.0","repository_url":"https://github.com/jg-rp/liquid"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.3.1` | `1.3.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.34` | `0.8.5` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.22.0` | `1.25.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [python-liquid](https://github.com/jg-rp/liquid) | `2.1.0` | `2.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `langchain-core` from 1.3.1 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.1...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.7.34 to 0.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.7.0 by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890\"\u003elangchain-ai/langsmith-sdk#2890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): add alias for \u003ccode\u003eexperimental/sandbox\u003c/code\u003e to appease broad peer dep range within \u003ccode\u003edeepagents\u003c/code\u003e by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893\"\u003elangchain-ai/langsmith-sdk#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): allow disabling multipart streaming via env variable by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900\"\u003elangchain-ai/langsmith-sdk#2900\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(python): add Client.close() to release session [closes LSDK-183] by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866\"\u003elangchain-ai/langsmith-sdk#2866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sandbox): forward client default headers on exec WebSocket by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899\"\u003elangchain-ai/langsmith-sdk#2899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.7.1 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902\"\u003elangchain-ai/langsmith-sdk#2902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.5 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903\"\u003elangchain-ai/langsmith-sdk#2903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.6.3 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864\"\u003elangchain-ai/langsmith-sdk#2864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859\"\u003elangchain-ai/langsmith-sdk#2859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.91.1 to 0.92.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858\"\u003elangchain-ai/langsmith-sdk#2858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857\"\u003elangchain-ai/langsmith-sdk#2857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump hono from 4.12.15 to 4.12.18 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860\"\u003elangchain-ai/langsmith-sdk#2860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867\"\u003elangchain-ai/langsmith-sdk#2867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.92.0 to 0.93.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869\"\u003elangchain-ai/langsmith-sdk#2869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873\"\u003elangchain-ai/langsmith-sdk#2873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 12 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876\"\u003elangchain-ai/langsmith-sdk#2876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 16 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877\"\u003elangchain-ai/langsmith-sdk#2877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879\"\u003elangchain-ai/langsmith-sdk#2879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868\"\u003elangchain-ai/langsmith-sdk#2868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.93.0 to 0.94.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878\"\u003elangchain-ai/langsmith-sdk#2878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(js): rename experimental/sandbox -\u0026gt; sandbox (breaking) by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885\"\u003elangchain-ai/langsmith-sdk#2885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(py): drop sandbox alpha/experimental warnings by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884\"\u003elangchain-ai/langsmith-sdk#2884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sandbox): make snapshot optional and add TS options overload by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887\"\u003elangchain-ai/langsmith-sdk#2887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.4 by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889\"\u003elangchain-ai/langsmith-sdk#2889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(js): prevent sending [object Object] as span attribute when dealing with nested objects, send full langsmith.usage_metadata if present by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2845\"\u003elangchain-ai/langsmith-sdk#2845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): bump to 0.6.2 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2856\"\u003elangchain-ai/langsmith-sdk#2856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(py): replace ttl_seconds with idle_ttl_seconds + delete_after_stop_seconds by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2853\"\u003elangchain-ai/langsmith-sdk#2853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2854\"\u003elangchain-ai/langsmith-sdk#2854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix push_agent URL owner for name-only identifiers by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2862\"\u003elangchain-ai/langsmith-sdk#2862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(langsmith): clarify trust boundaries when working with hub by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2861\"\u003elangchain-ai/langsmith-sdk#2861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.3 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2863\"\u003elangchain-ai/langsmith-sdk#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/ef9fcd5b47f99ae5a05e4cd18fb784216dd179b9\"\u003e\u003ccode\u003eef9fcd5\u003c/code\u003e\u003c/a\u003e release(py): 0.8.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/63b402eb3e8bb23cc365990d8a56a1adad59a0d1\"\u003e\u003ccode\u003e63b402e\u003c/code\u003e\u003c/a\u003e release(js): 0.7.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2902\"\u003e#2902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/602a27ab115f7907c7ee7aa03bae5d5b4bc372bf\"\u003e\u003ccode\u003e602a27a\u003c/code\u003e\u003c/a\u003e feat(sandbox): forward client default headers on exec WebSocket (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/126ef522f5f3be67c2952ae9ef39eb43db494af9\"\u003e\u003ccode\u003e126ef52\u003c/code\u003e\u003c/a\u003e feat(python): add Client.close() to release session [closes LSDK-183] (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2866\"\u003e#2866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/fddf88dd25132040e45ab97f6b1327bba7162291\"\u003e\u003ccode\u003efddf88d\u003c/code\u003e\u003c/a\u003e feat(js): allow disabling multipart streaming via env variable (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2900\"\u003e#2900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/19bfc57231a4e47d814ce2ed0fa8444c03283e1c\"\u003e\u003ccode\u003e19bfc57\u003c/code\u003e\u003c/a\u003e fix(js): add alias for \u003ccode\u003eexperimental/sandbox\u003c/code\u003e to appease broad peer dep range...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/6717def07f1a6d3fec76b9c384dd6527fc4731c4\"\u003e\u003ccode\u003e6717def\u003c/code\u003e\u003c/a\u003e release(js): 0.7.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2890\"\u003e#2890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/273f8f9b0deccb7b21f899fbe6ee0474702a9860\"\u003e\u003ccode\u003e273f8f9\u003c/code\u003e\u003c/a\u003e release(py): 0.8.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2889\"\u003e#2889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/afbf4fb970f1b1d5bc4b8fb3e233a8bef1a5eac9\"\u003e\u003ccode\u003eafbf4fb\u003c/code\u003e\u003c/a\u003e feat(sandbox): make snapshot optional and add TS options overload (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2887\"\u003e#2887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/54da5410a2ab7ee67b2eed9137f8dcbbc1426355\"\u003e\u003ccode\u003e54da541\u003c/code\u003e\u003c/a\u003e sdk(py): drop sandbox alpha/experimental warnings (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2884\"\u003e#2884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.34...v0.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `smolagents` from 1.22.0 to 1.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/smolagents/releases\"\u003esmolagents's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump dev version: v1.25.0.dev0 by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1939\"\u003ehuggingface/smolagents#1939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix import of TokenUsage by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1943\"\u003ehuggingface/smolagents#1943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLflow integration doc by \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1884\"\u003ehuggingface/smolagents#1884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor agent/model deserialization: Replace importlib with registry pattern by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1944\"\u003ehuggingface/smolagents#1944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate _function_type_hints_utils.py: CohereForAI -\u0026gt; CohereLabs by \u003ca href=\"https://github.com/Michellehbn\"\u003e\u003ccode\u003e@​Michellehbn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1946\"\u003ehuggingface/smolagents#1946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix High impact vulnerability on remote executors by \u003ca href=\"https://github.com/nnfrog\"\u003e\u003ccode\u003e@​nnfrog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1637\"\u003ehuggingface/smolagents#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix SafeSerializer.get_deserializer_code by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1983\"\u003ehuggingface/smolagents#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RemotePythonExecutor._deserialize_final_answer for legacy no-prefix pickle by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1984\"\u003ehuggingface/smolagents#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest 'pickle:...' payloads are properly decoded by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1985\"\u003ehuggingface/smolagents#1985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove support for legacy no-prefix pickle by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1986\"\u003ehuggingface/smolagents#1986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate docs reference page for Python executors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1987\"\u003ehuggingface/smolagents#1987\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIsolate WasmExecutor Deno cache to per-instance temp directory by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1995\"\u003ehuggingface/smolagents#1995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch wildcard bind to loopback-only endpoint in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2025\"\u003ehuggingface/smolagents#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse token in DockerExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2027\"\u003ehuggingface/smolagents#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove allow_origin from Docker and Modal executors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2028\"\u003ehuggingface/smolagents#2028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse token in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2031\"\u003ehuggingface/smolagents#2031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluate_with() calling \u003cstrong\u003eexit\u003c/strong\u003e on wrong object by \u003ca href=\"https://github.com/dubin555\"\u003e\u003ccode\u003e@​dubin555\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2029\"\u003ehuggingface/smolagents#2029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluate_with by suppressing exception if truthy \u003cstrong\u003eexit\u003c/strong\u003e by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2033\"\u003ehuggingface/smolagents#2033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse requests.Session in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2032\"\u003ehuggingface/smolagents#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Rich MarkupError in AgentLogger.log_task by rendering untrusted text safely by \u003ca href=\"https://github.com/Barcavin\"\u003e\u003ccode\u003e@​Barcavin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1894\"\u003ehuggingface/smolagents#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmphasise sandboxing is required; LocalPythonExecutor is not a security tool by \u003ca href=\"https://github.com/zsims\"\u003e\u003ccode\u003e@​zsims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2039\"\u003ehuggingface/smolagents#2039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix log_error rendering brackets as Rich markup by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2077\"\u003ehuggingface/smolagents#2077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport huggingface-hub \u0026gt;= 1 by \u003ca href=\"https://github.com/merveenoyan\"\u003e\u003ccode\u003e@​merveenoyan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2075\"\u003ehuggingface/smolagents#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused safe_serialization param from _websocket_run_code_raise_errors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2131\"\u003ehuggingface/smolagents#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet allow_pickle default to False in internal calls by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2132\"\u003ehuggingface/smolagents#2132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Pin GitHub Actions to commit SHAs by \u003ca href=\"https://github.com/paulinebm\"\u003e\u003ccode\u003e@​paulinebm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2149\"\u003ehuggingface/smolagents#2149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump doc-builder SHA for PR upload workflow by \u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2194\"\u003ehuggingface/smolagents#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump doc-builder SHA for main doc build workflow by \u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2219\"\u003ehuggingface/smolagents#2219\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1884\"\u003ehuggingface/smolagents#1884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Michellehbn\"\u003e\u003ccode\u003e@​Michellehbn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1946\"\u003ehuggingface/smolagents#1946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dubin555\"\u003e\u003ccode\u003e@​dubin555\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2029\"\u003ehuggingface/smolagents#2029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsims\"\u003e\u003ccode\u003e@​zsims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2039\"\u003ehuggingface/smolagents#2039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paulinebm\"\u003e\u003ccode\u003e@​paulinebm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2149\"\u003ehuggingface/smolagents#2149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2194\"\u003ehuggingface/smolagents#2194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/smolagents/compare/v1.24.0...v1.25.0\"\u003ehttps://github.com/huggingface/smolagents/compare/v1.24.0...v1.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump version to 1.24 by \u003ca href=\"https://github.com/aymeric-roucher\"\u003e\u003ccode\u003e@​aymeric-roucher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1871\"\u003ehuggingface/smolagents#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Add backward compatibility for deprecated HfApiModel by \u003ca href=\"https://github.com/MohammadKassas143\"\u003e\u003ccode\u003e@​MohammadKassas143\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1863\"\u003ehuggingface/smolagents#1863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in secure_code_execution.md by \u003ca href=\"https://github.com/jonathanagustin\"\u003e\u003ccode\u003e@​jonathanagustin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1892\"\u003ehuggingface/smolagents#1892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate no-stop-sequence model list to support gpt-5.2* by \u003ca href=\"https://github.com/aymeric-roucher\"\u003e\u003ccode\u003e@​aymeric-roucher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1895\"\u003ehuggingface/smolagents#1895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix run_gaia.py token_counts when managed agent is called more than once by \u003ca href=\"https://github.com/suryabdev\"\u003e\u003ccode\u003e@​suryabdev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1878\"\u003ehuggingface/smolagents#1878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🌐 [i18n-KO] Translated \u003ccode\u003etools.md\u003c/code\u003e to Korean by \u003ca href=\"https://github.com/Kim-Ju-won\"\u003e\u003ccode\u003e@​Kim-Ju-won\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1835\"\u003ehuggingface/smolagents#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport passing additional params to apply_chat_template by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1902\"\u003ehuggingface/smolagents#1902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/huggingface/smolagents/compare/v1.22.0...v1.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-liquid` from 2.1.0 to 2.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jg-rp/liquid/releases\"\u003epython-liquid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e to reject absolute paths.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ereject_symlinks\u003c/code\u003e keyword argument to \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e. When \u003ccode\u003eTrue\u003c/code\u003e, symlinks pointing to files outside the search path will be rejected. \u003ccode\u003ereject_symlinks\u003c/code\u003e defaults to \u003ccode\u003eFalse\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003esquish\u003c/code\u003e filter. \u003ccode\u003e{{ x | squish }}\u003c/code\u003e is equivalent to \u003ccode\u003e{{ x | strip | split | join }}\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/195\"\u003e#195\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eBoundTemplate.comments()\u003c/code\u003e and \u003ccode\u003eBoundTemplate.docs()\u003c/code\u003e for statically retrieving \u003ccode\u003e{% comment %}\u003c/code\u003e, \u003ccode\u003e{% # inline comment %}\u003c/code\u003e and \u003ccode\u003e{% doc %}\u003c/code\u003e nodes.\u003c/li\u003e\n\u003cli\u003eAdded an \u003cstrong\u003eexperimental\u003c/strong\u003e \u003ccode\u003e{% snippet %}\u003c/code\u003e tag. Shopify/liquid released then quickly removed \u003ccode\u003e{% snippet %}\u003c/code\u003e. We're calling it \u0026quot;experimental\u0026quot; and keeping it disabled by default, pending more activity from Shopify/liquid. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/191\"\u003e#191\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImproved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with \u003ccode\u003e{% render %}\u003c/code\u003e. Now we visit partial templates once for each distinct set of arguments passed to \u003ccode\u003e{% render %}\u003c/code\u003e, potentially reporting \u0026quot;global\u0026quot; variables that we'd previously missed.\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003estring_filter\u003c/code\u003e decorator to coerce \u003ccode\u003eNone\u003c/code\u003e to an empty string instead of \u003ccode\u003e\u0026quot;None\u0026quot;\u003c/code\u003e. This is what Shopify/liquid does with \u003ccode\u003enil.to_s\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jg-rp/liquid/blob/main/CHANGES.md\"\u003epython-liquid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e to reject absolute paths.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ereject_symlinks\u003c/code\u003e keyword argument to \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e. When \u003ccode\u003eTrue\u003c/code\u003e, symlinks pointing to files outside the search path will be rejected. \u003ccode\u003ereject_symlinks\u003c/code\u003e defaults to \u003ccode\u003eFalse\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003esquish\u003c/code\u003e filter. \u003ccode\u003e{{ x | squish }}\u003c/code\u003e is equivalent to \u003ccode\u003e{{ x | strip | split | join }}\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/195\"\u003e#195\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eBoundTemplate.comments()\u003c/code\u003e and \u003ccode\u003eBoundTemplate.docs()\u003c/code\u003e for statically retrieving \u003ccode\u003e{% comment %}\u003c/code\u003e, \u003ccode\u003e{% # inline comment %}\u003c/code\u003e and \u003ccode\u003e{% doc %}\u003c/code\u003e nodes.\u003c/li\u003e\n\u003cli\u003eAdded an \u003cstrong\u003eexperimental\u003c/strong\u003e \u003ccode\u003e{% snippet %}\u003c/code\u003e tag. Shopify/liquid released then quickly removed \u003ccode\u003e{% snippet %}\u003c/code\u003e. We're calling it \u0026quot;experimental\u0026quot; and keeping it disabled by default, pending more activity from Shopify/liquid. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/191\"\u003e#191\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImproved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with \u003ccode\u003e{% render %}\u003c/code\u003e. Now we visit partial templates once for each distinct set of arguments passed to \u003ccode\u003e{% render %}\u003c/code\u003e, potentially reporting \u0026quot;global\u0026quot; variables that we'd previously missed.\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003estring_filter\u003c/code\u003e decorator to coerce \u003ccode\u003eNone\u003c/code\u003e to an empty string instead of \u003ccode\u003e\u0026quot;None\u0026quot;\u003c/code\u003e. This is what Shopify/liquid does with \u003ccode\u003enil.to_s\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/e390178599a0a346e6ebabafec21285860b5cc8b\"\u003e\u003ccode\u003ee390178\u003c/code\u003e\u003c/a\u003e Release version 2.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/b9413b350dfca5fd49e9bdb78e29e4a2dc766d28\"\u003e\u003ccode\u003eb9413b3\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/f351620eb95f80cb0956332a8e338aaf6644746f\"\u003e\u003ccode\u003ef351620\u003c/code\u003e\u003c/a\u003e Fix caching loader constructor and update doc comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/e17b1f98df3afa44a677ce097348a03b9c486be1\"\u003e\u003ccode\u003ee17b1f9\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eis_file\u003c/code\u003e check and optionally reject symlinks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/1d9eeed8f38defe753120d708035afc6afff80ac\"\u003e\u003ccode\u003e1d9eeed\u003c/code\u003e\u003c/a\u003e Fix absolute paths escpae loader template root\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/011d2bdaf763e53ae309779700f1ae0ad69cee6a\"\u003e\u003ccode\u003e011d2bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/200\"\u003e#200\u003c/a\u003e from jg-rp/static-comment-helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/fb9c5821d266f3fedf6a7b09b2e74d2c75c3b672\"\u003e\u003ccode\u003efb9c582\u003c/code\u003e\u003c/a\u003e Add static comment helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/d2177cb481325b43c14b86b03a32f2af94c520ad\"\u003e\u003ccode\u003ed2177cb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/198\"\u003e#198\u003c/a\u003e from jg-rp/restore-docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/42270bfb9e99cbb6880f9829e83e63289b082a2d\"\u003e\u003ccode\u003e42270bf\u003c/code\u003e\u003c/a\u003e docs: restore the error handling section of the known issues page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/8981056013ad4109c0aff3b29e28857a9b1fd526\"\u003e\u003ccode\u003e8981056\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/195\"\u003e#195\u003c/a\u003e from jg-rp/squish\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jg-rp/liquid/compare/v2.1.0...v2.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rafaelfiguereod-stack/langflow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/rafaelfiguereod-stack/langflow/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rafaelfiguereod-stack%2Flangflow/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4449631361","node_id":"PR_kwDOKdDCc87bsy8f","number":24734,"state":"closed","title":"build(deps): bump the uv group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-14T22:02:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T22:02:22.000Z","updated_at":"2026-05-14T22:02:37.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":17,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24734","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24734","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24734/packages"}],"issue_packages":[{"old_version":"1.7.0","new_version":"1.7.1","update_type":"patch","path":null,"pr_created_at":"2026-06-06T09:40:30.000Z","version_change":"1.7.0 → 1.7.1","issue":{"uuid":"4602827351","node_id":"PR_kwDOR4q_jM7jZrzZ","number":199,"state":"open","title":"chore(deps): bump the uv group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-06T09:40:30.000Z","updated_at":"2026-06-06T09:41:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /agileplus-mcp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\nBumps the uv group with 4 updates in the /python directory: [authlib](https://github.com/authlib/authlib), [idna](https://github.com/kjd/idna), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KooshaPari/HexaKit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KooshaPari/HexaKit/pull/199","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2FHexaKit/issues/199","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/199/packages"}},{"old_version":"1.6.11","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-06-06T00:17:39.000Z","version_change":"1.6.11 → 1.6.12","issue":{"uuid":"4601007916","node_id":"PR_kwDOKRXhvM7jT1Ls","number":4639,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-06T00:17:39.000Z","updated_at":"2026-06-07T10:59:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":10,"packages":[{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"transformers","old_version":"4.57.6","new_version":"5.0.0rc3","repository_url":"https://github.com/huggingface/transformers"},{"name":"langchain-openai","old_version":"0.2.14","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"authlib","old_version":"1.6.11","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pyarrow","old_version":"23.0.0","new_version":"23.0.1","repository_url":"https://github.com/apache/arrow"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.50.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"strawberry-graphql","old_version":"0.314.3","new_version":"0.315.7","repository_url":"https://github.com/sponsors/strawberry-graphql"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 9 updates in the /langevals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [transformers](https://github.com/huggingface/transformers) | `4.57.6` | `5.0.0rc3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.2.14` | `1.1.14` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.11` | `1.6.12` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [pyarrow](https://github.com/apache/arrow) | `23.0.0` | `23.0.1` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `1.0.1` |\n| [strawberry-graphql](https://github.com/sponsors/strawberry-graphql) | `0.314.3` | `0.315.7` |\n\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 4.57.6 to 5.0.0rc3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/cb5079fa72456d8ce27fc2041389beb5e1357f48\"\u003e\u003ccode\u003ecb5079f\u003c/code\u003e\u003c/a\u003e v5.0.0rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d1808f2c36c02faad537f9737a76165e49b041f9\"\u003e\u003ccode\u003ed1808f2\u003c/code\u003e\u003c/a\u003e [ci] Fixing some failing tests for important models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43231\"\u003e#43231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/3d276453a2b7c74f3259b1c136db3dd79c51756b\"\u003e\u003ccode\u003e3d27645\u003c/code\u003e\u003c/a\u003e Add LightOnOCR model implementation (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/41621\"\u003e#41621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/77146cc9088ec8fc1dd476b40b1c6cdb0792afe3\"\u003e\u003ccode\u003e77146cc\u003c/code\u003e\u003c/a\u003e fix crash in when running FSDP2+TP (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43226\"\u003e#43226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/61317f5ac78511a1c02b08c0e73012d9542183ed\"\u003e\u003ccode\u003e61317f5\u003c/code\u003e\u003c/a\u003e [CB] Ensure parallel decoding test passes using FA (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43277\"\u003e#43277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1efe1a633a47628134a2ba6376512af99cc3c9df\"\u003e\u003ccode\u003e1efe1a6\u003c/code\u003e\u003c/a\u003e Fix failing  \u003ccode\u003ePegasusX\u003c/code\u003e, \u003ccode\u003eMvp\u003c/code\u003e \u0026amp; \u003ccode\u003eLED\u003c/code\u003e model integration tests (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43245\"\u003e#43245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e8ae373133be1eff2254c5dd71fcd628445cb4a4\"\u003e\u003ccode\u003ee8ae373\u003c/code\u003e\u003c/a\u003e [consistency] Ensure models are added to the \u003ccode\u003e_toctree.yml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43264\"\u003e#43264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/c85be9899355c72771b3237f2434c7c84748427a\"\u003e\u003ccode\u003ec85be98\u003c/code\u003e\u003c/a\u003e [docs] tensorrt-llm (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43176\"\u003e#43176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/38022fd891209fa1e386b9afb971a9d2d35ec175\"\u003e\u003ccode\u003e38022fd\u003c/code\u003e\u003c/a\u003e [style] Fix init isort and align makefile and CI (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43260\"\u003e#43260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e977446e632670f9972fc4ff1432b414c8b813cb\"\u003e\u003ccode\u003ee977446\u003c/code\u003e\u003c/a\u003e Fix failing \u003ccode\u003eHiera\u003c/code\u003e, \u003ccode\u003eSwiftFormer\u003c/code\u003e \u0026amp; \u003ccode\u003eLED\u003c/code\u003e Model integration tests (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43225\"\u003e#43225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v4.57.6...v5.0.0rc3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.2.14 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.2.14...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.86 to 1.2.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.31\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.30\u003c/p\u003e\n\u003cp\u003erelease(core): port 36816 to v1.2 and release 1.2.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36817\"\u003e#36817\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.30\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.29\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\nchore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.29\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.28\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.28\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.27\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\nfix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.27\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.26\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\nfix(core): handle symlinks in deprecated prompt save path (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.26\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.25\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nfix(core): add init validator and serialization mappings for Bedrock models (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34510\"\u003e#34510\u003c/a\u003e)\nfeat(core): add \u003ccode\u003eChatBaseten\u003c/code\u003e to serializable mapping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36510\"\u003e#36510\u003c/a\u003e)\nchore(core): drop \u003ccode\u003egpt-3.5-turbo\u003c/code\u003e from docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36497\"\u003e#36497\u003c/a\u003e)\nfix(core): correct parameter names in filter_messages docstring example (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36462\"\u003e#36462\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.25\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.24\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.25 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36473\"\u003e#36473\u003c/a\u003e)\nfix(core): harden check for txt files in deprecated prompt loading functions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue resolved in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.24\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8dcbcefdd44d4a318993e18122f5088ec7d3be69\"\u003e\u003ccode\u003e8dcbcef\u003c/code\u003e\u003c/a\u003e release(core): port 36816 to v1.2 and release 1.2.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36817\"\u003e#36817\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8f1c920f7d5f4d8e46eaf922a1c2f6d4458b9e91\"\u003e\u003ccode\u003e8f1c920\u003c/code\u003e\u003c/a\u003e release(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7bafe6f6fff4cfce09c5e5dcfc0d302efebdb3aa\"\u003e\u003ccode\u003e7bafe6f\u003c/code\u003e\u003c/a\u003e chore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/479a2552b304c29ec005e5bf459e9c546087e68d\"\u003e\u003ccode\u003e479a255\u003c/code\u003e\u003c/a\u003e release(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/396711b228f986bb536f2c971dd9663f8b18c864\"\u003e\u003ccode\u003e396711b\u003c/code\u003e\u003c/a\u003e ci: pin all actions to full-length commit SHAs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36621\"\u003e#36621\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36728\"\u003e#36728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dd7c3eb3a4acfc834b038ec9dbde94478c66776e\"\u003e\u003ccode\u003edd7c3eb\u003c/code\u003e\u003c/a\u003e release(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258\"\u003e\u003ccode\u003eaf2ed47\u003c/code\u003e\u003c/a\u003e fix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7e5858d8078124f98f10102da21414689467c132\"\u003e\u003ccode\u003e7e5858d\u003c/code\u003e\u003c/a\u003e release(standard-tests): 1.1.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36610\"\u003e#36610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fe99cb29123b704a90f5c8587a757def3b1471e0\"\u003e\u003ccode\u003efe99cb2\u003c/code\u003e\u003c/a\u003e fix(standard-tests): update standard tests for sandbox backends (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36036\"\u003e#36036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/65bbd47cb2721c51ef8638f9e7da35247c4bfdde\"\u003e\u003ccode\u003e65bbd47\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36596\"\u003e#36596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.86...langchain-core==1.2.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.11 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyarrow` from 23.0.0 to 23.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/arrow/releases\"\u003epyarrow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Arrow 23.0.1\u003c/h2\u003e\n\u003cp\u003eRelease Notes URL: \u003ca href=\"https://arrow.apache.org/release/23.0.1.html\"\u003ehttps://arrow.apache.org/release/23.0.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eApache Arrow 23.0.1 RC0\u003c/h2\u003e\n\u003cp\u003eRelease Notes: Release Candidate: 23.0.1 RC0\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/82a374e5f3de5b744f26591e6cd96de6349c76d9\"\u003e\u003ccode\u003e82a374e\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update versions for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/c1ae37c4a597f466b1806e65a9e011be1060dfc5\"\u003e\u003ccode\u003ec1ae37c\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/8f6e55736f60f1f95aee1e8765c6b75ad9589111\"\u003e\u003ccode\u003e8f6e557\u003c/code\u003e\u003c/a\u003e MINOR: [Release] Update CHANGELOG.md for 23.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/4e16a1aeed83a65e6b49556c2fed8e9061cdf980\"\u003e\u003ccode\u003e4e16a1a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49159\"\u003eGH-49159\u003c/a\u003e: [C++][Gandiva] Detect overflow in repeat() (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49160\"\u003e#49160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/985621dbfcf3fd2061889e43c50b59825df84f3f\"\u003e\u003ccode\u003e985621d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/48817\"\u003eGH-48817\u003c/a\u003e [R][C++] Bump C++20 in R build infrastructure (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/48819\"\u003e#48819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/1bea06ad4e14d75dd97a78a0148cd9cf6f4df0bc\"\u003e\u003ccode\u003e1bea06a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49024\"\u003eGH-49024\u003c/a\u003e: [CI] Update Debian version in \u003ccode\u003e.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49032\"\u003e#49032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/147bcd6d8f3fef05dd06968d3b60c17721c60334\"\u003e\u003ccode\u003e147bcd6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49156\"\u003eGH-49156\u003c/a\u003e: [Python] Require GIL for string comparison (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49161\"\u003e#49161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/e4f922b1621b6c833f583cf26500f115ab5bc483\"\u003e\u003ccode\u003ee4f922b\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49138\"\u003eGH-49138\u003c/a\u003e: [Packaging][Python] Remove nightly cython install from manylinux wh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/f9376e4721b81bad9fe3fe840926a3283f95ee30\"\u003e\u003ccode\u003ef9376e4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49003\"\u003eGH-49003\u003c/a\u003e: [C++] Don't consider \u003ccode\u003eout_of_range\u003c/code\u003e an error in float parsing (\u003ca href=\"https://redirect.github.com/apache/arrow/issues/49095\"\u003e#49095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/arrow/commit/ab2c0ad6b23d05d5f77fc8a34d5a1c4baaacb0a4\"\u003e\u003ccode\u003eab2c0ad\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/apache/arrow/issues/49044\"\u003eGH-49044\u003c/a\u003e: [CI][Python] Fix test_download_tzdata_on_windows by adding required...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/arrow/compare/apache-arrow-23.0.0...apache-arrow-23.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.50.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.0\u003c/h2\u003e\n\u003cp\u003eStarlette 1.0 is here! 🎉\u003c/p\u003e\n\u003cp\u003eAfter nearly eight years since its creation, Starlette has reached its first stable release.\u003c/p\u003e\n\u003cp\u003eA special thank you to \u003ca href=\"https://github.com/lovelydinosaur\"\u003e\u003ccode\u003e@​lovelydinosaur\u003c/code\u003e\u003c/a\u003e, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏\u003c/p\u003e\n\u003cp\u003eThank you to \u003ca href=\"https://github.com/adriangb\"\u003e\u003ccode\u003e@​adriangb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/florimondmanca\"\u003e\u003ccode\u003e@​florimondmanca\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/alex-oleshkevich\"\u003e\u003ccode\u003e@​alex-oleshkevich\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/abersheeran\"\u003e\u003ccode\u003e@​abersheeran\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/uSpike\"\u003e\u003ccode\u003e@​uSpike\u003c/code\u003e\u003c/a\u003e for helping make Starlette what it is today. And to all my sponsors - especially \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/huggingface\"\u003e\u003ccode\u003e@​huggingface\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/elevenlabs\"\u003e\u003ccode\u003e@​elevenlabs\u003c/code\u003e\u003c/a\u003e - thank you for your support!\u003c/p\u003e\n\u003cp\u003eThank you to all \u003ca href=\"https://github.com/encode/starlette/graphs/contributors\"\u003e290+ contributors\u003c/a\u003e who have shaped Starlette over the years! ❤️\u003c/p\u003e\n\u003cp\u003eRead more on the \u003ca href=\"https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eCheck out the full release notes at \u003ca href=\"https://www.starlette.io/release-notes/#100-march-22-2026\"\u003ehttps://www.starlette.io/release-notes/#100-march-22-2026\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0\"\u003ehttps://github.com/encode/starlette/compare/1.0.0rc1...1.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.0rc1\u003c/h2\u003e\n\u003cp\u003eWe're ready! 🚀\u003c/p\u003e\n\u003cp\u003eThe first release candidate for Starlette 1.0 is here! After years on ZeroVer, we're finally making the jump.\u003c/p\u003e\n\u003cp\u003eThis release removes all deprecated features marked for 1.0.0, along with some last-minute bug fixes.\u003c/p\u003e\n\u003cp\u003eA special thank you to \u003ca href=\"https://github.com/lovelydinosaur\"\u003e\u003ccode\u003e@​lovelydinosaur\u003c/code\u003e\u003c/a\u003e, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏\u003c/p\u003e\n\u003cp\u003eThank you to \u003ca href=\"https://github.com/adriangb\"\u003e\u003ccode\u003e@​adriangb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/florimondmanca\"\u003e\u003ccode\u003e@​florimondmanca\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/alex-oleshkevich\"\u003e\u003ccode\u003e@​alex-oleshkevich\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/abersheeran\"\u003e\u003ccode\u003e@​abersheeran\u003c/code\u003e\u003c/a\u003e for helping make Starlette what it is today. And to all my sponsors - especially \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/huggingface\"\u003e\u003ccode\u003e@​huggingface\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/elevenlabs\"\u003e\u003ccode\u003e@​elevenlabs\u003c/code\u003e\u003c/a\u003e - thank you for your support!\u003c/p\u003e\n\u003cp\u003eThank you to all \u003ca href=\"https://github.com/encode/starlette/graphs/contributors\"\u003e290+ contributors\u003c/a\u003e who have shaped Starlette over the years!\u003c/p\u003e\n\u003cp\u003eCheck out the full release notes at \u003ca href=\"https://www.starlette.io/release-notes/#100rc1-february-23-2026\"\u003ehttps://www.starlette.io/release-notes/#100rc1-february-23-2026\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1\"\u003ehttps://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.52.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOnly use \u003ccode\u003etyping_extensions\u003c/code\u003e in older Python versions by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3109\"\u003eKludex/starlette#3109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.0 (March 22, 2026)\u003c/h2\u003e\n\u003cp\u003eStarlette 1.0 is here!\u003c/p\u003e\n\u003cp\u003eAfter nearly eight years since its creation, Starlette has reached its first stable release.\nThank you to everyone who tested the release candidate and reported issues.\u003c/p\u003e\n\u003cp\u003eYou can read more on the \u003ca href=\"https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eTrack session access and modification in \u003ccode\u003eSessionMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3166\"\u003e#3166\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle websocket denial responses in \u003ccode\u003eStreamingResponse\u003c/code\u003e and \u003ccode\u003eFileResponse\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3189\"\u003e#3189\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for field accumulation in \u003ccode\u003eFormParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3179\"\u003e#3179\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMove \u003ccode\u003eparser.finalize()\u003c/code\u003e inside try/except in \u003ccode\u003eMultiPartParser.parse()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3153\"\u003e#3153\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.0rc1 (February 23, 2026)\u003c/h2\u003e\n\u003cp\u003eWe're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.\u003c/p\u003e\n\u003cp\u003eStarlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded\nalmost \u003ca href=\"https://pypistats.org/packages/starlette\"\u003e10 million times a day\u003c/a\u003e, serves as the foundation for FastAPI,\nand has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a\ndependency of the Python MCP SDK.\u003c/p\u003e\n\u003cp\u003eThis release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some\nlast minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final\n1.0.0 release soon.\u003c/p\u003e\n\u003cp\u003eA huge thank you to all the contributors who have helped make Starlette what it is today.\nIn particular, I'd like to recognize:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lovelydinosaur\"\u003eKim Christie\u003c/a\u003e - The original creator of Starlette, Uvicorn, and MkDocs, and the\ncurrent maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adriangb\"\u003eAdrian Garcia Badaracco\u003c/a\u003e - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/graingert\"\u003eThomas Grainger\u003c/a\u003e - My async teacher, always ready to help with questions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm\"\u003eAlex Grönholm\u003c/a\u003e - Another async mentor, always prompt to help with questions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/florimondmanca\"\u003eFlorimond Manca\u003c/a\u003e - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee\"\u003eAmin Alaee\u003c/a\u003e - Contributed a lot with file-related PRs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiangolo\"\u003eSebastián Ramírez\u003c/a\u003e - Maintains FastAPI upstream, and always in contact to help with upstream issues.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alex-oleshkevich\"\u003eAlex Oleshkevich\u003c/a\u003e - Helped a lot on templates and many discussions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.50.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `strawberry-graphql` from 0.314.3 to 0.315.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/strawberry-graphql/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langwatch/langwatch/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/langwatch/langwatch/pull/4639","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/langwatch%2Flangwatch/issues/4639","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4639/packages"}},{"old_version":"1.7.0","new_version":"1.7.1","update_type":"patch","path":null,"pr_created_at":"2026-06-04T17:50:23.000Z","version_change":"1.7.0 → 1.7.1","issue":{"uuid":"4590973663","node_id":"PR_kwDOR4q_jM7iyyZB","number":192,"state":"closed","title":"chore(deps): bump the uv group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":7,"pull_request":true,"closed_at":"2026-06-05T01:02:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T17:50:23.000Z","updated_at":"2026-06-05T01:02:36.000Z","time_to_close":25930,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the /python directory: [authlib](https://github.com/authlib/authlib), [idna](https://github.com/kjd/idna), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\nBumps the uv group with 5 updates in the /agileplus-mcp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KooshaPari/HexaKit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KooshaPari/HexaKit/pull/192","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2FHexaKit/issues/192","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/192/packages"}},{"old_version":"1.6.9","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-06-03T22:52:27.000Z","version_change":"1.6.9 → 1.6.12","issue":{"uuid":"4584246192","node_id":"PR_kwDOPbnv6M7ickcT","number":49,"state":"open","title":"Bump the pip group across 5 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:52:27.000Z","updated_at":"2026-06-03T22:54:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":7,"packages":[{"name":"pypdf","old_version":"6.9.1","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.48","new_version":"0.3.63"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"0.3.8"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps the pip group with 3 updates in the /embedchain directory: [pypdf](https://github.com/py-pdf/pypdf), [authlib](https://github.com/authlib/authlib) and [idna](https://github.com/kjd/idna).\nBumps the pip group with 1 update in the /embedchain/examples/discord_bot directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /embedchain/examples/rest-api directory: [python-multipart](https://github.com/Kludex/python-multipart).\nBumps the pip group with 1 update in the /embedchain/examples/telegram_bot directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /server directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\n\nUpdates `pypdf` from 6.9.1 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.9 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.48 to 0.3.63\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/19f2a92609652cfda1578d197d058e97b18bb434\"\u003e\u003ccode\u003e19f2a92\u003c/code\u003e\u003c/a\u003e core: release 0.3.63 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31419\"\u003e#31419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/394d42b4ae916a1738be4e8ec9d322cf886acc87\"\u003e\u003ccode\u003e394d42b\u003c/code\u003e\u003c/a\u003e docs: update default model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31420\"\u003e#31420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/afd349cc950e0299d9e6691cb4bdba30fea76fab\"\u003e\u003ccode\u003eafd349c\u003c/code\u003e\u003c/a\u003e openai: cache httpx client (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31260\"\u003e#31260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e6633a7efb10c0de3df4ff925d5a2f3476e1ff7b\"\u003e\u003ccode\u003ee6633a7\u003c/code\u003e\u003c/a\u003e langchain-core: Add image_generation tool to list of known openai tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31396\"\u003e#31396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d9631edd87c1ff533a3b2d411c0a8d4a1e470cce\"\u003e\u003ccode\u003ed9631ed\u003c/code\u003e\u003c/a\u003e docs: fix misspelled word in promptlayer.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31410\"\u003e#31410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c532facbc4b09e466da1726192c773f7ae6cd242\"\u003e\u003ccode\u003ec532fac\u003c/code\u003e\u003c/a\u003e docs: fix misspelled word in uptrain.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31411\"\u003e#31411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1917dd1ccd745c02fa6d0209faa56faec5d602e5\"\u003e\u003ccode\u003e1917dd1\u003c/code\u003e\u003c/a\u003e benchmarks: always run (not conditional on changes) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31409\"\u003e#31409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/49eeb0f3c3c6d82694f51815f6fef6f1008038b9\"\u003e\u003ccode\u003e49eeb0f\u003c/code\u003e\u003c/a\u003e standard-tests: add benchmarks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31302\"\u003e#31302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6d39e59c2e351684baada7f8982d8c5c758a1e1d\"\u003e\u003ccode\u003e6d39e59\u003c/code\u003e\u003c/a\u003e infra: update cassettes for notebook (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31407\"\u003e#31407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b808d272849516d1c0b902421edf1933a87d9afa\"\u003e\u003ccode\u003eb808d27\u003c/code\u003e\u003c/a\u003e docs: fix grammar in xai.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/31399\"\u003e#31399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.48...langchain-core==0.3.63\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 0.3.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0c2c8c36c162cbeb8838bc38957b82f7b96186b6\"\u003e\u003ccode\u003e0c2c8c3\u003c/code\u003e\u003c/a\u003e text-splitters: release 0.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30671\"\u003e#30671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/59d508a2eef93a6a0a7936d49ba1bea45647cd70\"\u003e\u003ccode\u003e59d508a\u003c/code\u003e\u003c/a\u003e openai[patch]: make computer test more reliable (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30672\"\u003e#30672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c235328b3923738809517a45c870fc610b6bee33\"\u003e\u003ccode\u003ec235328\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;update langchain version and bump min core v\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d0f154dbaa578d930c22a4ffb3450902d764b714\"\u003e\u003ccode\u003ed0f154d\u003c/code\u003e\u003c/a\u003e update langchain version and bump min core v\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/32cd70d7d273063b9d2508ce49f519b307ed2495\"\u003e\u003ccode\u003e32cd70d\u003c/code\u003e\u003c/a\u003e release: bump core to \u003ccode\u003ev0.3.51\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30668\"\u003e#30668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/18cf457eec106d99e0098b42712299f5d0daa798\"\u003e\u003ccode\u003e18cf457\u003c/code\u003e\u003c/a\u003e langchain-runpod integration (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30648\"\u003e#30648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9c03cd5775a06a87f7411acb9b8cad5859de9eb3\"\u003e\u003ccode\u003e9c03cd5\u003c/code\u003e\u003c/a\u003e Fix tool description in serpapi.ipynb (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30660\"\u003e#30660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af66ab098edafe624989c5897a9089ec5f2969db\"\u003e\u003ccode\u003eaf66ab0\u003c/code\u003e\u003c/a\u003e Adding \u003ccode\u003ePerplexity\u003c/code\u003e extra and deprecating the community version of `ChatPerpl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b8929e3d5f26c212831e32d6ed0ab6b6d166b666\"\u003e\u003ccode\u003eb8929e3\u003c/code\u003e\u003c/a\u003e docs: add image generation example to Google genai docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30650\"\u003e#30650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/374769e8fe35bf13f037e308df0c1f344a60dd0a\"\u003e\u003ccode\u003e374769e\u003c/code\u003e\u003c/a\u003e core[patch]: log information from certain errors (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/30626\"\u003e#30626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==0.3.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003cc...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates 7 Python dependencies across 5 directories to their latest versions, including security fixes and compatibility improvements. The updates span from minor version bumps (python-dotenv 1.0.0→1.2.2) to major version increases (python-multipart 0.0.6→0.0.27, mem0ai 0.1.48→2.0.4).\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Multiple packages include critical security fixes, particularly pypdf (6.9.1→6.10.2) with CVE-2026-45409 mitigation and authlib (1.6.9→1.6.12) with CSRF vulnerability fixes\n- **Version Range Updates**: chromadb and mysql-connector-python moved from exact version pins to flexible ranges for better dependency resolution\n- **Cross-Directory Consistency**: python-dotenv updated consistently across Discord bot, REST API, Telegram bot, and server directories\n- **Major Version Bump**: mem0ai upgraded from 0.1.48 to 2.0.4, indicating significant API changes\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Security Vulnerabilities Detected]\n    B --\u003e C[Generate Version Updates]\n    C --\u003e D[Discord Bot Requirements]\n    C --\u003e E[REST API Requirements] \n    C --\u003e F[Telegram Bot Requirements]\n    C --\u003e G[Main pyproject.toml]\n    C --\u003e H[Server Requirements]\n    D --\u003e I[python-dotenv 1.0.0→1.2.2]\n    E --\u003e J[python-multipart 0.0.6→0.0.27]\n    F --\u003e I\n    G --\u003e K[chromadb ^0.5.10→\u003e=0.5.10,\u003c1.6.0]\n    G --\u003e L[mysql-connector-python ^8.1.0→\u003e=8.1,\u003c10.0]\n    H --\u003e M[mem0ai \u003e=0.1.48→\u003e=2.0.4]\n    H --\u003e I\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including XML entity declaration vulnerabilities, CSRF issues, and infinite loop protections\n- **Dependency Flexibility**: Version range updates reduce potential dependency conflicts and improve package resolution\n- **Breaking Changes**: mem0ai major version update and python-dotenv symlink behavior changes may require code adjustments\n- **Compatibility**: Adds Python 3.14 support and drops Python 3.9 support in some packages\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/mem0/pull/49","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fmem0/issues/49","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/49/packages"}},{"old_version":"1.6.9","new_version":"1.7.2","update_type":"minor","path":null,"pr_created_at":"2026-06-03T04:47:23.000Z","version_change":"1.6.9 → 1.7.2","issue":{"uuid":"4576951460","node_id":"PR_kwDOSvmIV87iEdJn","number":12,"state":"closed","title":"Bump authlib from 1.6.9 to 1.7.2","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T05:38:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T04:47:23.000Z","updated_at":"2026-06-08T05:38:09.000Z","time_to_close":435037,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.7.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthorization and token endpoints request empty scope parameter management by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/847\"\u003eauthlib/authlib#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport from Python 3.10 to 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/850\"\u003eauthlib/authlib#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow composition of AuthorizationServerMetadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/853\"\u003eauthlib/authlib#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake require_oauth parenthesis optional by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/855\"\u003eauthlib/authlib#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at\u003c/code\u003e behavior when its value is 0 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/854\"\u003eauthlib/authlib#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigration to joserfc by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/852\"\u003eauthlib/authlib#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRP-initiated logout by \u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eget_jwt_config\u003c/code\u003e by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/858\"\u003eauthlib/authlib#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): Update PyPy version from 3.10 to 3.11 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove \u0026quot;none\u0026quot; from default authlib.jose.jwt algorithms by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/860\"\u003eauthlib/authlib#860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: normalize resolve_client_public_key method by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/861\"\u003eauthlib/authlib#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement rfc9700 PKCE downgrade countermeasure by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/864\"\u003eauthlib/authlib#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct syntax for tox.requires in tox.ini by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet client session User-Agent when fetching server metadata and JWKs by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/867\"\u003eauthlib/authlib#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use the real application object for Flask by \u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept the issuer URL as a valid audience by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/865\"\u003eauthlib/authlib#865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't nest InvalidTokenError extra attribute by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/872\"\u003eauthlib/authlib#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation overhaul by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/875\"\u003eauthlib/authlib#875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md docs.authlib.org/en/latest =\u0026gt; docs.authlib.org/en/stable by \u003ca href=\"https://github.com/guillett\"\u003e\u003ccode\u003e@​guillett\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/876\"\u003eauthlib/authlib#876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release/1.6 branch by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/877\"\u003eauthlib/authlib#877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/guillett\"\u003e\u003ccode\u003e@​guillett\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/876\"\u003eauthlib/authlib#876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.7.0\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.6.9\u0026new-version=1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/annoted-pullrequest/saleor__saleor-clone__qodo__PR22__20260603/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/annoted-pullrequest%2Fsaleor__saleor-clone__qodo__PR22__20260603/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"\u003e=1.7.1","new_version":"\u003e=1.7.2","update_type":"patch","path":"/services/regulatory-reports","pr_created_at":"2026-06-02T10:13:36.000Z","version_change":"\u003e=1.7.1 → \u003e=1.7.2","issue":{"uuid":"4570508437","node_id":"PR_kwDOSb_fa87hvSO8","number":363,"state":"open","title":"chore(deps): update authlib requirement from \u003e=1.7.1 to \u003e=1.7.2 in /services/regulatory-reports","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T10:13:36.000Z","updated_at":"2026-06-02T10:13:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"authlib","old_version":"\u003e=1.7.1","new_version":"\u003e=1.7.2","repository_url":"https://github.com/authlib/authlib"}],"path":"/services/regulatory-reports","ecosystem":"pip"},"body":"Updates the requirements on [authlib](https://github.com/authlib/authlib) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/1.7.1...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Onegaishimas/wasat/pull/363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Onegaishimas%2Fwasat/issues/363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/363/packages"}},{"old_version":"1.6.9","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-31T07:19:25.000Z","version_change":"1.6.9 → 1.6.12","issue":{"uuid":"4556873885","node_id":"PR_kwDOShuGmM7hDpm4","number":1,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:19:25.000Z","updated_at":"2026-05-31T07:25:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":5,"packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"python-multipart","old_version":"0.0.24","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.24` | `0.0.27` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `authlib` from 1.6.9 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.24 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/beauNate/friday-tony-stark-demo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/beauNate/friday-tony-stark-demo/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/beauNate%2Ffriday-tony-stark-demo/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.6.6","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-31T06:40:28.000Z","version_change":"1.6.6 → 1.6.12","issue":{"uuid":"4556799729","node_id":"PR_kwDOQ7bLOM7hDbuI","number":45,"state":"closed","title":"ci(deps): Bump authlib from 1.6.6 to 1.6.12","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-31T06:41:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T06:40:28.000Z","updated_at":"2026-05-31T06:43:58.000Z","time_to_close":72,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps): Bump","packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.6 to 1.6.12.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.6.6\u0026new-version=1.6.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/airbytehq/fastmcp-extensions/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/airbytehq/fastmcp-extensions/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbytehq%2Ffastmcp-extensions/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"}},{"old_version":"1.5.2","new_version":"1.6.12","update_type":"minor","path":null,"pr_created_at":"2026-05-28T22:52:45.000Z","version_change":"1.5.2 → 1.6.12","issue":{"uuid":"4544368049","node_id":"PR_kwDOQbHgbc7gb0Ms","number":6,"state":"closed","title":"chore(deps): bump the pip group across 9 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:52:45.000Z","updated_at":"2026-05-28T22:52:54.000Z","time_to_close":7,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":18,"packages":[{"name":"authlib","old_version":"1.5.2","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"dulwich","old_version":"0.22.8","new_version":"1.2.5","repository_url":"https://github.com/dulwich/dulwich"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-openai","old_version":"0.3.11","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.3.19","new_version":"0.8.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"0.1.88","new_version":"2.0.0b2","repository_url":"https://github.com/mem0ai/mem0"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"poetry","old_version":"2.1.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"python-dotenv","old_version":"1.1.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pytorch-lightning","old_version":"2.5.1.post0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\n\nUpdates `authlib` from 1.5.2 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.5.2...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 0.22.8 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich 1.2.5\u003c/h2\u003e\n\u003cp\u003eThis is a security release. All users are encouraged to upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGHSA-gfhv-vqv2-4544\u003c/strong\u003e -- Validate submodule paths in \u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus \u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream repository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or any other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42305\u003c/strong\u003e -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects Windows path separators, the alternate data stream marker \u003ccode\u003e:\u003c/code\u003e, NTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e, and reserved Windows device names. \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every platform, and both \u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their correct option names. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42563\u003c/strong\u003e -- Shell-quote values substituted into \u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. A malicious branch could inject shell commands when a merge driver referencing \u003ccode\u003e%P\u003c/code\u003e was configured. (Reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-47712\u003c/strong\u003e -- Sanitize commit subjects used in \u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g. \u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ereceive.maxInputSize\u003c/strong\u003e -- Honour \u003ccode\u003ereceive.maxInputSize\u003c/code\u003e in \u003ccode\u003eReceivePackHandler\u003c/code\u003e. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge \u003ccode\u003edest_size\u003c/code\u003e and trigger hundreds of MB of allocation over \u003ccode\u003egit-receive-pack\u003c/code\u003e. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003edulwich-1.2.4\u003c/h2\u003e\n\u003cp\u003eTolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2192\"\u003e#2192\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0\u003c/h2\u003e\n\u003ch2\u003eNotable changes since 1.1.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam\u003c/code\u003e command and \u003ccode\u003eporcelain.am()\u003c/code\u003e for applying mailbox-style email patches (\u003ccode\u003egit am\u003c/code\u003e), with state persistence for \u003ccode\u003e--continue\u003c/code\u003e, \u003ccode\u003e--skip\u003c/code\u003e, \u003ccode\u003e--abort\u003c/code\u003e, and \u003ccode\u003e--quit\u003c/code\u003e recovery (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1692\"\u003e#1692\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply\u003c/code\u003e command and \u003ccode\u003eporcelain.apply_patch()\u003c/code\u003e for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and \u003ccode\u003e--3way\u003c/code\u003e merge fallback (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1784\"\u003e#1784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExpand \u003ccode\u003elog\u003c/code\u003e command options: \u003ccode\u003e--oneline\u003c/code\u003e, \u003ccode\u003e--abbrev-commit\u003c/code\u003e, \u003ccode\u003e--author\u003c/code\u003e, \u003ccode\u003e--committer\u003c/code\u003e, \u003ccode\u003e--grep\u003c/code\u003e, \u003ccode\u003e--since\u003c/code\u003e/\u003ccode\u003e--after\u003c/code\u003e, \u003ccode\u003e--until\u003c/code\u003e/\u003ccode\u003e--before\u003c/code\u003e, \u003ccode\u003e-n\u003c/code\u003e/\u003ccode\u003e--max-count\u003c/code\u003e, \u003ccode\u003e--no-merges\u003c/code\u003e, \u003ccode\u003e--merges\u003c/code\u003e, \u003ccode\u003e--stat\u003c/code\u003e, \u003ccode\u003e-p\u003c/code\u003e/\u003ccode\u003e--patch\u003c/code\u003e, \u003ccode\u003e--name-only\u003c/code\u003e, and \u003ccode\u003e--follow\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1779\"\u003e#1779\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for push options (\u003ccode\u003e-o\u003c/code\u003e/\u003ccode\u003e--push-option\u003c/code\u003e) in \u003ccode\u003epush\u003c/code\u003e, enabling AGit flow and other server-side push option workflows.\u003c/li\u003e\n\u003cli\u003eAdd missing push options: \u003ccode\u003e--all\u003c/code\u003e, \u003ccode\u003e--tags\u003c/code\u003e, \u003ccode\u003e--delete\u003c/code\u003e, \u003ccode\u003e--dry-run\u003c/code\u003e, \u003ccode\u003e--prune\u003c/code\u003e, \u003ccode\u003e--set-upstream\u003c/code\u003e, \u003ccode\u003e--follow-tags\u003c/code\u003e, and \u003ccode\u003e--mirror\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1844\"\u003e#1844\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for atomic push operations (\u003ccode\u003e--atomic\u003c/code\u003e): either all ref updates succeed or none are applied (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1781\"\u003e#1781\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eextensions.relativeworktrees\u003c/code\u003e repository extension, allowing worktrees to use relative paths (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2112\"\u003e#2112\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.5\t2026-05-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(GHSA-gfhv-vqv2-4544): Validate submodule paths in\n\u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus\n\u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream\nrepository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or\nany other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the\nsubmodule's tree contents to be written there with their executable\nbits intact -- dropping a hook that later commands would run. Submodule\npaths are now rejected if they are absolute or carry a component that\nthe configured path validator refuses, and the submodule's own tree is\nmaterialized with the same validator. This is the dulwich analogue of git's\nCVE-2024-32002 / CVE-2024-32004.\n(Jelmer Vernooij; reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-42305): Harden tree path validation against entry\nnames that are harmless on POSIX but dangerous when checked out on\nWindows. A crafted tree could previously carry such names through to\nthe work tree. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWindows path separators, so an entry named\n\u003ccode\u003e.git\\hooks\\pre-commit.exe\u003c/code\u003e can no longer materialize a file\ninside \u003ccode\u003e.git\u003c/code\u003e that Git for Windows would execute.\u003c/li\u003e\n\u003cli\u003eThe alternate data stream marker \u003ccode\u003e:\u003c/code\u003e (e.g.\n\u003ccode\u003e.git::$INDEX_ALLOCATION\u003c/code\u003e, which writes into \u003ccode\u003e.git\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003eNTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e (\u003ccode\u003egit~\u0026lt;digits\u0026gt;\u003c/code\u003e); only\n\u003ccode\u003egit~1\u003c/code\u003e was rejected before.\u003c/li\u003e\n\u003cli\u003eReserved Windows device names (\u003ccode\u003eCON\u003c/code\u003e, \u003ccode\u003ePRN\u003c/code\u003e, \u003ccode\u003eAUX\u003c/code\u003e, \u003ccode\u003eNUL\u003c/code\u003e,\n\u003ccode\u003eCOM1\u003c/code\u003e-\u003ccode\u003eCOM9\u003c/code\u003e, \u003ccode\u003eLPT1\u003c/code\u003e-\u003ccode\u003eLPT9\u003c/code\u003e), including with an extension or\ntrailing dots/spaces such as \u003ccode\u003eNUL.txt\u003c/code\u003e or \u003ccode\u003eCOM1 .bar\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every\nplatform (matching git after CVE-2019-1353), so a POSIX clone no longer\naccepts paths that would be unsafe on a later Windows clone, and both\n\u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their\ncorrect option names, having previously been silently ignored. POSIX\nusers who need literal NTFS-unsafe filenames can opt out with\n\u003ccode\u003ecore.protectNTFS=false\u003c/code\u003e.\n(Jelmer Vernooij; reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY (CVE-2026-42563): Shell-quote values substituted into\n\u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. \u003ccode\u003e%P\u003c/code\u003e is a path from the git\ntree, so a malicious branch could inject shell commands when the\nuser had a merge driver configured that referenced \u003ccode\u003e%P\u003c/code\u003e.\n(Jelmer Vernooij; reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-47712): Sanitize commit subjects used in\n\u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g.\n\u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e.\n\u003ccode\u003eget_summary\u003c/code\u003e now matches git's \u003ccode\u003eformat_sanitized_subject\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/073f4dfa9840af2da59887ed828b026b609faa6c\"\u003e\u003ccode\u003e073f4df\u003c/code\u003e\u003c/a\u003e Release 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/5f85d3e4b0d47dd7fbf37934f9a4b9b6b98bb467\"\u003e\u003ccode\u003e5f85d3e\u003c/code\u003e\u003c/a\u003e tests: fix Windows-only failures in NTFS and merge-driver tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/25313ad7f9d5036b03617dc3dfc284a586966dab\"\u003e\u003ccode\u003e25313ad\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421\"\u003e\u003ccode\u003e1ca1814\u003c/code\u003e\u003c/a\u003e submodule: Reject unsafe submodule paths in submodule_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/3559ef15c1e2a8d2a56c98f36b53b29c5d60b9fd\"\u003e\u003ccode\u003e3559ef1\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/f860ca489d63624ae6d7c7945fbbd19018b8125c\"\u003e\u003ccode\u003ef860ca4\u003c/code\u003e\u003c/a\u003e server: Honour receive.maxInputSize to bound received packs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0fd6e6bb61f8017b1af4b5fdbf7602ddbcf6d17e\"\u003e\u003ccode\u003e0fd6e6b\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0110b885a1ab5b2128473263a6ff5b7230732e49\"\u003e\u003ccode\u003e0110b88\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290\"\u003e\u003ccode\u003e49eb56e\u003c/code\u003e\u003c/a\u003e Add NEWS entry for CVE-2026-42305\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9\"\u003e\u003ccode\u003e57efc4a\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-0.22.8...dulwich-1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.3.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.3.11...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.3.19 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(js,py): JS 0.6.0, Py 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831\"\u003elangchain-ai/langsmith-sdk#2831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.6.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832\"\u003elangchain-ai/langsmith-sdk#2832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833\"\u003elangchain-ai/langsmith-sdk#2833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Qwen3-RailroadEngineer1959-RL/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FQwen3-RailroadEngineer1959-RL/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"1.6.9","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-28T22:46:13.000Z","version_change":"1.6.9 → 1.6.12","issue":{"uuid":"4544339041","node_id":"PR_kwDOBiBroc7gbuQ_","number":1351,"state":"open","title":"Bump authlib from 1.6.9 to 1.6.12","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T22:46:13.000Z","updated_at":"2026-05-28T23:37:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"}],"path":null,"ecosystem":"pip"},"body":"Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.6.12.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=pip\u0026previous-version=1.6.9\u0026new-version=1.6.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/uc-cdis/fence/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/uc-cdis/fence/pull/1351","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/uc-cdis%2Ffence/issues/1351","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1351/packages"}},{"old_version":"1.7.0","new_version":"1.7.1","update_type":"patch","path":"the uv group across 1 directory","pr_created_at":"2026-05-28T22:32:13.000Z","version_change":"1.7.0 → 1.7.1","issue":{"uuid":"4544271300","node_id":"PR_kwDOQGHg-s7gbgHq","number":15,"state":"closed","title":"Bump authlib from 1.7.0 to 1.7.1 in the uv group across 1 directory","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T22:51:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:32:13.000Z","updated_at":"2026-05-28T22:51:18.000Z","time_to_close":1136,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"}],"path":"the uv group across 1 directory","ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the / directory: [authlib](https://github.com/authlib/authlib).\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib\u0026package-manager=uv\u0026previous-version=1.7.0\u0026new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/geoff-davis/async-batch-llm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/geoff-davis/async-batch-llm/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geoff-davis%2Fasync-batch-llm/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"1.7.0","new_version":"1.7.2","update_type":"patch","path":null,"pr_created_at":"2026-05-26T00:23:31.000Z","version_change":"1.7.0 → 1.7.2","issue":{"uuid":"4520310526","node_id":"PR_kwDOSKFNzM7fNcsi","number":38,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["ignore-for-release"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:23:31.000Z","updated_at":"2026-05-26T00:23:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":28,"packages":[{"name":"ruff","old_version":"0.15.11","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"authlib","old_version":"1.7.0","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"google-auth","old_version":"2.47.0","new_version":"2.53.0","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"typing-extensions","old_version":"4.14.1","new_version":"4.15.0","repository_url":"https://github.com/python/typing_extensions"},{"name":"anyio","old_version":"4.10.0","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"typer","old_version":"0.16.0","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.35.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"openai","old_version":"2.14.0","new_version":"2.38.0","repository_url":"https://github.com/openai/openai-python"},{"name":"mcp","old_version":"1.25.0","new_version":"1.27.1","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"fastapi","old_version":"0.129.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.20.3","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"boto3","old_version":"1.42.28","new_version":"1.43.14","repository_url":"https://github.com/boto/boto3"},{"name":"ollama","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/ollama/ollama-python"},{"name":"psutil","old_version":"7.0.0","new_version":"7.2.2","repository_url":"https://github.com/giampaolo/psutil"},{"name":"opentelemetry-instrumentation-openai","old_version":"0.52.5","new_version":"0.60.0","repository_url":"https://github.com/traceloop/openllmetry"},{"name":"langgraph","old_version":"1.0.6","new_version":"1.2.1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"openai-agents","old_version":"0.6.5","new_version":"0.17.3","repository_url":"https://github.com/openai/openai-agents-python"},{"name":"pyyaml","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/yaml/pyyaml"},{"name":"langchain-openai","old_version":"1.1.7","new_version":"1.2.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langgraph-checkpoint-sqlite","old_version":"3.0.3","new_version":"3.1.0","repository_url":"https://github.com/langchain-ai/langgraph"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 23 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.14` |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.2` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.47.0` | `2.53.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.10.0` | `4.13.0` |\n| [typer](https://github.com/fastapi/typer) | `0.16.0` | `0.25.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.35.0` | `0.48.0` |\n| [openai](https://github.com/openai/openai-python) | `2.14.0` | `2.38.0` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.25.0` | `1.27.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.129.0` | `0.136.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.20.3` | `3.29.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.29` |\n| [boto3](https://github.com/boto/boto3) | `1.42.28` | `1.43.14` |\n| [ollama](https://github.com/ollama/ollama-python) | `0.6.1` | `0.6.2` |\n| [psutil](https://github.com/giampaolo/psutil) | `7.0.0` | `7.2.2` |\n| [opentelemetry-instrumentation-openai](https://github.com/traceloop/openllmetry) | `0.52.5` | `0.60.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.6` | `1.2.1` |\n| [openai-agents](https://github.com/openai/openai-agents-python) | `0.6.5` | `0.17.3` |\n| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `1.1.7` | `1.2.2` |\n| [langgraph-checkpoint-sqlite](https://github.com/langchain-ai/langgraph) | `3.0.3` | `3.1.0` |\n\n\nUpdates `ruff` from 0.15.11 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.11...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth` from 2.47.0 to 2.53.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/releases\"\u003egoogle-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.49.0.dev0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.48.0...v2.49.0-dev0\"\u003e2.49.0-dev0\u003c/a\u003e (2026-01-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated rsa dependency (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e98cf69284d3620619a70b54fb0b9533caf11878\"\u003ee98cf69284d3620619a70b54fb0b9533caf11878\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogle-auth 2.48.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0\"\u003e2.48.0\u003c/a\u003e (2026-01-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ehonor \u003ccode\u003eNO_GCE_CHECK\u003c/code\u003e environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827\"\u003e383c9827\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b\"\u003e454b441b\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2\"\u003e52558ae2\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport the mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1\"\u003e8dcf91a1\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eresolve circular imports (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1942\"\u003e#1942\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/25c1b064\"\u003e25c1b064\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse \u003ccode\u003euser_verification=preferred\u003c/code\u003e for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a240\"\u003e3f88a240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eremoves \u003ccode\u003econtent-header\u003c/code\u003e from AWS IMDS get request (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e\"\u003e97bfea9e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edetect correct auth when ADC env var is set but empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e10\"\u003ebfc07e10\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20c\"\u003ee431f20c\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.48.0rc0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0rc0\"\u003e2.48.0rc0\u003c/a\u003e (2026-01-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor NO_GCE_CHECK environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827536d9376e8248370ce4c2b83e468d027\"\u003e383c98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\"\u003e454b44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1b05c85fbbd0bcee78d66e498099102ab\"\u003e8dcf91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2881b1e6555f6f5c0d76365c15807ead9\"\u003e52558a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse user_verification=preferred for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a24089c4ee6822d510de0db210b54260d873\"\u003e3f88a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20cf73ccac71926a23ec454468cea92e053\"\u003ee431f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetect correct auth when ADC env var is set by empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\"\u003ebfc07e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremoved content-header from AWS IMDS (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\"\u003e97bfea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md\"\u003egoogle-auth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://pypi.org/project/google-auth/#history\"\u003ePyPI History\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0\"\u003e2.48.0\u003c/a\u003e (2026-01-22)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cryptography as required dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1929\"\u003e#1929\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/52558ae2881b1e6555f6f5c0d76365c15807ead9\"\u003e52558ae2881b1e6555f6f5c0d76365c15807ead9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport the mTLS IAM domain for Certificate based Access (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1938\"\u003e#1938\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/8dcf91a1b05c85fbbd0bcee78d66e498099102ab\"\u003e8dcf91a1b05c85fbbd0bcee78d66e498099102ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd configurable GCE Metadata Server retries (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1488\"\u003e#1488\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\"\u003e454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehonor \u003ccode\u003eNO_GCE_CHECK\u003c/code\u003e environment variable (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1610\"\u003e#1610\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/383c9827536d9376e8248370ce4c2b83e468d027\"\u003e383c9827536d9376e8248370ce4c2b83e468d027\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eresolve circular imports (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1942\"\u003e#1942\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/25c1b064545702cbef087cfcd15fbbb6ef1af74f\"\u003e25c1b064545702cbef087cfcd15fbbb6ef1af74f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremoves \u003ccode\u003econtent-header\u003c/code\u003e from AWS IMDS get request (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1934\"\u003e#1934\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\"\u003e97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetect correct auth when ADC env var is set but empty (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1374\"\u003e#1374\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\"\u003ebfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated utcfromtimestamp (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1799\"\u003e#1799\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e431f20cf73ccac71926a23ec454468cea92e053\"\u003ee431f20cf73ccac71926a23ec454468cea92e053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003euser_verification=preferred\u003c/code\u003e for ReAuth WebAuthn challenge (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-python/issues/1798\"\u003e#1798\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/3f88a24089c4ee6822d510de0db210b54260d873\"\u003e3f88a24089c4ee6822d510de0db210b54260d873\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-auth-library-python/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typing-extensions` from 4.14.1 to 4.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/typing_extensions/releases\"\u003etyping-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.15.0\u003c/h2\u003e\n\u003cp\u003eNo user-facing changes since 4.15.0rc1.\u003c/p\u003e\n\u003cp\u003eNew features since 4.14.1:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.15.0rc1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/typing_extensions/blob/main/CHANGELOG.md\"\u003etyping-extensions's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 4.15.0 (August 25, 2025)\u003c/h1\u003e\n\u003cp\u003eNo user-facing changes since 4.15.0rc1.\u003c/p\u003e\n\u003ch1\u003eRelease 4.15.0rc1 (August 18, 2025)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003e@typing_extensions.disjoint_base\u003c/code\u003e decorator, as specified\nin PEP 800. Patch by Jelle Zijlstra.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etyping_extensions.type_repr\u003c/code\u003e, a backport of\n\u003ca href=\"https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr\"\u003e\u003ccode\u003eannotationlib.type_repr\u003c/code\u003e\u003c/a\u003e,\nintroduced in Python 3.14 (CPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/124551\"\u003e#124551\u003c/a\u003e,\noriginally by Jelle Zijlstra). Patch by Semyon Moroz.\u003c/li\u003e\n\u003cli\u003eFix behavior of type params in \u003ccode\u003etyping_extensions.evaluate_forward_ref\u003c/code\u003e. Backport of\nCPython PR \u003ca href=\"https://redirect.github.com/python/cpython/pull/137227\"\u003e#137227\u003c/a\u003e by Jelle Zijlstra.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/9d1637e264b5c1a6b7acee3e907015f89b20c2c9\"\u003e\u003ccode\u003e9d1637e\u003c/code\u003e\u003c/a\u003e Prepare release 4.15.0 (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/4bd67c5be5d9443c7d33c314d02a56ee125eb88d\"\u003e\u003ccode\u003e4bd67c5\u003c/code\u003e\u003c/a\u003e Coverage: exclude some noise (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/e589a26da73b075c5276bae40b86db1af0144f84\"\u003e\u003ccode\u003ee589a26\u003c/code\u003e\u003c/a\u003e Coverage: add detailed report to job summary (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/655\"\u003e#655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/67d37fed1298e050f74d5acc95b2621bd37837ad\"\u003e\u003ccode\u003e67d37fe\u003c/code\u003e\u003c/a\u003e Coverage: Implement fail_under (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/e9ae26f5286edee9262727755ecb9ad16e999192\"\u003e\u003ccode\u003ee9ae26f\u003c/code\u003e\u003c/a\u003e Don't delete previous coverage comment (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/653\"\u003e#653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/ac80bb728a3006fc88ef7373b92f0c25cfcc7895\"\u003e\u003ccode\u003eac80bb7\u003c/code\u003e\u003c/a\u003e Add Coverage workflow (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/623\"\u003e#623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/abaaafd98c1cc7e5baf098ec287a3d22cb339670\"\u003e\u003ccode\u003eabaaafd\u003c/code\u003e\u003c/a\u003e Prepare release 4.15.0rc1 (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/650\"\u003e#650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/98104053ea8d49bcdd247804e5fa9f73136acbd4\"\u003e\u003ccode\u003e9810405\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003e@disjoint_base\u003c/code\u003e (PEP 800) (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/7ee9e05fd484d06899ce56e80f5e1aa4c760fc03\"\u003e\u003ccode\u003e7ee9e05\u003c/code\u003e\u003c/a\u003e Backport type_params fix from CPython (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/typing_extensions/commit/1e8eb9c06ef51b3a1e1f05303a16feca13f5ed98\"\u003e\u003ccode\u003e1e8eb9c\u003c/code\u003e\u003c/a\u003e Do not refer to PEP 705 as being experimental (\u003ca href=\"https://redirect.github.com/python/typing_extensions/issues/648\"\u003e#648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/typing_extensions/compare/4.14.1...4.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.10.0 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged all functions currently raising the private \u003ccode\u003eNoCurrentAsyncBackend\u003c/code\u003e exception (since v4.12.0) to instead raise the public \u003ccode\u003eNoEventLoopError\u003c/code\u003e exception (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with instance methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for asyncio's \u003ca href=\"https://docs.python.org/3/library/asyncio-graph.html\"\u003etask call graphs\u003c/a\u003e on Python 3.14 and later when using AnyIO's task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1025\"\u003e#1025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded an asynchronous implementation of the \u003ccode\u003efunctools\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003euvloop=True\u003c/code\u003e on Windows via the \u003ca href=\"https://github.com/Vizonex/Winloop\"\u003ewinloop\u003c/a\u003e implementation (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/960\"\u003e#960\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Vizonex\"\u003e\u003ccode\u003e@​Vizonex\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for use as a context manager to \u003ccode\u003eanyio.lowlevel.RunVar\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1003\"\u003e#1003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e__all__\u003c/code\u003e declarations to public submodules (\u003ccode\u003eanyio.lowlevel\u003c/code\u003e etc.) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1009\"\u003e#1009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to set the token count of a \u003ccode\u003eCapacityLimiter\u003c/code\u003e to zero (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1019\"\u003e#1019\u003c/a\u003e; requires Python 3.10 or later when using Trio)\u003c/li\u003e\n\u003cli\u003eAdded parameters \u003ccode\u003ecase_sensitive\u003c/code\u003e and \u003ccode\u003erecurse_symlinks\u003c/code\u003e along with support for path-like objects to \u003ccode\u003eanyio.Path.glob()\u003c/code\u003e and \u003ccode\u003eanyio.Path.rglob()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1033\"\u003e#1033\u003c/a\u003e; PR by \u003ca href=\"https://github.com/northisup\"\u003e\u003ccode\u003e@​northisup\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped \u003ccode\u003esniffio\u003c/code\u003e as a direct dependency and added the \u003ccode\u003eget_available_backends()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not raising \u003ccode\u003eClosedResourceError\u003c/code\u003e and \u003ccode\u003eBrokenResourceError\u003c/code\u003e on asyncio. Previously, a non-AnyIO exception was raised in such cases (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not checkpointing before writing data on asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1002\"\u003e#1002\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a race condition where cancelling a \u003ccode\u003eFuture\u003c/code\u003e from \u003ccode\u003eBlockingPortal.start_task_soon()\u003c/code\u003e would sometimes not cancel the async function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1011\"\u003e#1011\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the presence of the pytest plugin causing breakage with older versions of pytest (\u0026lt;= 6.1.2) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1028\"\u003e#1028\u003c/a\u003e; PR by \u003ca href=\"https://github.com/saper\"\u003e\u003ccode\u003e@​saper\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a rarely occurring \u003ccode\u003eRuntimeError: Set changed size during iteration\u003c/code\u003e while shutting down the process pool when using the asyncio backend (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for cancellation reasons (the \u003ccode\u003ereason\u003c/code\u003e parameter to \u003ccode\u003eCancelScope.cancel()\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum version of Trio to v0.31.0\u003c/li\u003e\n\u003cli\u003eAdded the ability to enter the event loop from foreign (non-worker) threads by passing the return value of \u003ccode\u003eanyio.lowlevel.current_token()\u003c/code\u003e to \u003ccode\u003eanyio.from_thread.run()\u003c/code\u003e and \u003ccode\u003eanyio.from_thread.run_sync()\u003c/code\u003e as the \u003ccode\u003etoken\u003c/code\u003e keyword argument (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded pytest option (\u003ccode\u003eanyio_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e) to make the pytest plugin automatically handle all async tests (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/971\"\u003e#971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eanyio.Condition.wait_for()\u003c/code\u003e method for feature parity with asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the default type argument of \u003ccode\u003eanyio.abc.TaskStatus\u003c/code\u003e from \u003ccode\u003eAny\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when \u003ccode\u003elocal_port=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/857\"\u003e#857\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed inconsistency between Trio and asyncio where a TCP stream that previously raised a \u003ccode\u003eBrokenResourceError\u003c/code\u003e on \u003ccode\u003esend()\u003c/code\u003e would still raise \u003ccode\u003eBrokenResourceError\u003c/code\u003e after the stream was closed on asyncio, but \u003ccode\u003eClosedResourceError\u003c/code\u003e on Trio. They now both raise a \u003ccode\u003eClosedResourceError\u003c/code\u003e in this scenario. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.10.0...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.16.0 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1699\"\u003e#1699\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.30 to 0.0.31. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1696\"\u003e#1696\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.0 to 2.13.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1697\"\u003e#1697\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2026-04-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2 (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/cfcc2ef9f948bcce67897a6c7e689d39da690bf9\"\u003e\u003ccode\u003ecfcc2ef\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/13846cc59bd574567a9a1f56eae3cd42b9aa2a4f\"\u003e\u003ccode\u003e13846cc\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a43746997ad6f2b4a8829c69c919f4d4c2cc0698\"\u003e\u003ccode\u003ea437469\u003c/code\u003e\u003c/a\u003e 🔧 Add Typer Library Skill for Agents (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1620\"\u003e#1620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/ba6cc2c9e7cba35f891c91118e228e1d2da35edb\"\u003e\u003ccode\u003eba6cc2c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/0f3ead07c2bb384fdd590e895ca6705582c58d89\"\u003e\u003ccode\u003e0f3ead0\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.11 to 0.15.12 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1722\"\u003e#1722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/db4ade64936599b3460f2fc0a7c550c3fedc33b0\"\u003e\u003ccode\u003edb4ade6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5a5206ceed2afdf234f88a6e2ef74ad9ebdf0d92\"\u003e\u003ccode\u003e5a5206c\u003c/code\u003e\u003c/a\u003e ⬆ Bump prek from 0.3.10 to 0.3.11 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1723\"\u003e#1723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959845e173b4bec0d606d99247815c2710613ca8\"\u003e\u003ccode\u003e959845e\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5e1fcfb5935e7ac3ff3c7526ef297eae31bd4822\"\u003e\u003ccode\u003e5e1fcfb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/dfb21ad034804584702d553ebfba40d8f4d791b9\"\u003e\u003ccode\u003edfb21ad\u003c/code\u003e\u003c/a\u003e 🚸 Don't truncate code lines in traceback when formatted with Rich (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1695\"\u003e#1695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.16.0...0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.35.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#...\n\n_Description has been truncated_","html_url":"https://github.com/tmohanvamsi/kagent/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmohanvamsi%2Fkagent/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}},{"old_version":"1.6.11","new_version":"1.7.2","update_type":"minor","path":null,"pr_created_at":"2026-05-25T00:57:43.000Z","version_change":"1.6.11 → 1.7.2","issue":{"uuid":"4513542773","node_id":"PR_kwDOQFZ20c7e3pTQ","number":96,"state":"open","title":"chore(deps): bump the python-minor group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T00:57:43.000Z","updated_at":"2026-05-25T00:58:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor","update_count":26,"packages":[{"name":"fastapi","old_version":"0.135.2","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"pyjwt","old_version":"2.12.0","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.28.0","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.15.5","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"anyio","old_version":"4.12.0","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"authlib","old_version":"1.6.11","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"limits","old_version":"5.6.0","new_version":"5.8.0","repository_url":"https://github.com/alisaifee/limits"},{"name":"mako","old_version":"1.3.10","new_version":"1.3.12","repository_url":"https://github.com/sqlalchemy/mako"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wrapt","old_version":"2.0.1","new_version":"2.2.1","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.12.0","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"librt","old_version":"0.7.5","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor group with 26 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.2` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.48.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.29` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.50` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.0` | `2.13.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.28.0` | `3.29.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.14` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.0` | `4.13.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.11` | `1.7.2` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [limits](https://github.com/alisaifee/limits) | `5.6.0` | `5.8.0` |\n| [mako](https://github.com/sqlalchemy/mako) | `1.3.10` | `1.3.12` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.47.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.0.1` | `2.2.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.12.0` | `7.14.0` |\n| [librt](https://github.com/mypyc/librt) | `0.7.5` | `0.11.0` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n\n\nUpdates `fastapi` from 0.135.2 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.2...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.41.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.41.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.5.0 (2026-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the \u003ccode\u003eatexit\u003c/code\u003e callback. This callback caused greenlet APIs\nto become unavailable far too soon during interpreter shutdown. Now\nthey remain available while all \u003ccode\u003eatexit\u003c/code\u003e callbacks run. Sometime\nafter \u003ccode\u003ePy_IsFinalizing\u003c/code\u003e becomes true, they may begin misbehaving.\nBecause the order in which C extensions are finalized is undefined,\nC extensions that are sensitive to this need to check the results of\nthat function before invoking greenlet APIs. As a convenience,\n\u003ccode\u003ePyGreenlet_GetCurrent\u003c/code\u003e sets an exception and returns \u003ccode\u003eNULL\u003c/code\u003e\nwhen this happens (and \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e begins returning\n\u003ccode\u003eNone\u003c/code\u003e); other greenlet C API functions have undefined behaviour.\nMethods invoked directly on pre-existing \u003ccode\u003egreenlet.greenlet\u003c/code\u003e\nobjects will continue to function at least until the greenlet C\nextension has been garbage collected and finalized.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 508 \u0026lt;https://github.com/python-greenlet/greenlet/pull/508\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c7acc72000572811d6462ebe01733a974f194990\"\u003e\u003ccode\u003ec7acc72\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/d08f99bf40801c5d57af6e13631c0ba68300ecf7\"\u003e\u003ccode\u003ed08f99b\u003c/code\u003e\u003c/a\u003e CHANGES: Update link from \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/507\"\u003e#507\u003c/a\u003e to more full description in \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/fd3391e33cedc7a17a86059f18dfbec2b3a320bd\"\u003e\u003ccode\u003efd3391e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e from python-greenlet/issue507-remove-atexit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.0 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd typing_extensions dependency for Python \u0026lt; 3.11 by \u003ca href=\"https://github.com/jpadilla\"\u003e\u003ccode\u003e@​jpadilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1151\"\u003ejpadilla/pyjwt#1151\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/py...\n\n_Description has been truncated_","html_url":"https://github.com/Dashtid/portfolio-site/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dashtid%2Fportfolio-site/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"}},{"old_version":"1.7.0","new_version":"1.7.2","update_type":"patch","path":null,"pr_created_at":"2026-05-22T01:37:23.000Z","version_change":"1.7.0 → 1.7.2","issue":{"uuid":"4499084785","node_id":"PR_kwDORf90e87eKkop","number":88,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:37:23.000Z","updated_at":"2026-05-22T01:39:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":4,"packages":[{"name":"authlib","old_version":"1.7.0","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"boto3","old_version":"1.43.1","new_version":"1.43.6","repository_url":"https://github.com/boto/boto3"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.59.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 4 updates: [authlib](https://github.com/authlib/authlib), [boto3](https://github.com/boto/boto3), [sentry-sdk](https://github.com/getsentry/sentry-python) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `authlib` from 1.7.0 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a0b76fac3fa114d7759af2010546bfc332364b63\"\u003e\u003ccode\u003ea0b76fa\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c85c7f2b02faf2667f62b27aa60df042dbc9b4ab\"\u003e\u003ccode\u003ec85c7f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/884\"\u003e#884\u003c/a\u003e from azmeuk/852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a3b2adda43b4452ba9f384d224f95848974b4eb4\"\u003e\u003ccode\u003ea3b2add\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/873\"\u003e#873\u003c/a\u003e from azmeuk/bcp47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/f2578eaa198aedbaaaf3bb00eccc451e15e45e3a\"\u003e\u003ccode\u003ef2578ea\u003c/code\u003e\u003c/a\u003e fix: Import RSAKey in auth.py for additional key support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b57182cf46a53da19623208dd852270ddec8ebcc\"\u003e\u003ccode\u003eb57182c\u003c/code\u003e\u003c/a\u003e fix: fallback support RSAKey when client_secret is text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4e7590292ca9f948a0766640b27025618750e6c1\"\u003e\u003ccode\u003e4e75902\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into 852-rfc7523-key-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5eb4a860600ea2f3acc1a2a9c3e621a430da9d0f\"\u003e\u003ccode\u003e5eb4a86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/887\"\u003e#887\u003c/a\u003e from azmeuk/883-alg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5633f37c47bd8352b962f982cb916bc8b95bb5d5\"\u003e\u003ccode\u003e5633f37\u003c/code\u003e\u003c/a\u003e fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4c8e7b381aaef68f60e2323a25ba96cdb346f82f\"\u003e\u003ccode\u003e4c8e7b3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/886\"\u003e#886\u003c/a\u003e from azmeuk/885-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/23b333e48a17ebf9f032a0e0f9eb3f990a06f97b\"\u003e\u003ccode\u003e23b333e\u003c/code\u003e\u003c/a\u003e docs: fix the readme links\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.43.1 to 1.43.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ffb57127b34717b2fc7bec24fa40cf704f0a8be3\"\u003e\u003ccode\u003effb5712\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/cc7756ae5fc938dcdb7faf040f784bba104e99b8\"\u003e\u003ccode\u003ecc7756a\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/500f6a7eb0e3f6f42b2bbebf17e247876ec19ec3\"\u003e\u003ccode\u003e500f6a7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05f562852738753a48281fa921b41dd2dd0c1829\"\u003e\u003ccode\u003e05f5628\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.5' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/65d9798835899f8c93db40ed64e1fba12c2523f8\"\u003e\u003ccode\u003e65d9798\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/357614a4cd164e04f77644e834a759532d2a6d1d\"\u003e\u003ccode\u003e357614a\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5128f23a87085e297fb40e3bc4c8b194fa0173ba\"\u003e\u003ccode\u003e5128f23\u003c/code\u003e\u003c/a\u003e Bump \u003ca href=\"https://github.com/astral-sh/ruff-pre-commit\"\u003ehttps://github.com/astral-sh/ruff-pre-commit\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4785\"\u003e#4785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/96f1897f47cb95d6105d8752d56813fd7140e6d1\"\u003e\u003ccode\u003e96f1897\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/91de1d8888a5fcc50622157a0527de344e217c8d\"\u003e\u003ccode\u003e91de1d8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.4' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.43.1...1.43.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.58.0 to 2.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.59.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e on Invoke Agent Spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5926\"\u003e#5926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_tool_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5925\"\u003e#5925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_chat_model_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5924\"\u003e#5924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ci) Cancel in-progress PR workflows on new commit push by \u003ca href=\"https://github.com/joshuarli\"\u003e\u003ccode\u003e@​joshuarli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5994\"\u003e#5994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(consts) Add updated span convention constants to SPANDATA by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6093\"\u003e#6093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(fastapi) Support span streaming in active thread tracking by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6118\"\u003e#6118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(httpx) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6084\"\u003e#6084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(huggingface_hub) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6124\"\u003e#6124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(mcp) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6131\"\u003e#6131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edb.driver.name\u003c/code\u003e spans to database integrations by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6082\"\u003e#6082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cp\u003eWe've put additional data that might contain sensitive information, like GraphQL documents, behind the \u003ccode\u003esend_default_pii\u003c/code\u003e option.\u003c/p\u003e\n\u003ch4\u003eHttpx\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eConsistently early-exit when adding request source by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6151\"\u003e#6151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003ecode.namespace\u003c/code\u003e and \u003ccode\u003ecode.function\u003c/code\u003e instead of \u003ccode\u003ecode.function.name\u003c/code\u003e in span streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6150\"\u003e#6150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e for text completions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6073\"\u003e#6073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet agent name as \u003ccode\u003egen_ai.agent.name\u003c/code\u003e for chat and tool spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5877\"\u003e#5877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(asgi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e on Python 3.14+ by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6135\"\u003e#6135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(batcher) Reset lock and flusher in child after fork by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6163\"\u003e#6163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(google_genai) Redact binary data in inline_data and fix multi-part message extraction by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5977\"\u003e#5977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(grpc) Add isolation_scope to async server interceptor by \u003ca href=\"https://github.com/robinvd\"\u003e\u003ccode\u003e@​robinvd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5940\"\u003e#5940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(metrics,logs) Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6162\"\u003e#6162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(monitor) Release \u003ccode\u003eMonitor._thread_lock\u003c/code\u003e after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6148\"\u003e#6148\u003c/a\u003e) by \u003ca href=\"https://github.com/vokracko\"\u003e\u003ccode\u003e@​vokracko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6159\"\u003e#6159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Resolve agent from \u003ccode\u003ebindings\u003c/code\u003e for openai-agents \u0026gt;= 0.14 by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6102\"\u003e#6102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(profiler) Stop nulling buffer on teardown by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6075\"\u003e#6075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(quart) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Quart does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6133\"\u003e#6133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(security) Prevent GitHub script injection in update-tox workflow by \u003ca href=\"https://github.com/fix-it-felix-sentry\"\u003e\u003ccode\u003e@​fix-it-felix-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6171\"\u003e#6171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(starlette/fastapi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Starlette does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6134\"\u003e#6134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(tornado) Make sure context manager doesn't double yield by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6152\"\u003e#6152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compatible by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6177\"\u003e#6177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.59.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e on Invoke Agent Spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5926\"\u003e#5926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_tool_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5925\"\u003e#5925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e in \u003ccode\u003eon_chat_model_start\u003c/code\u003e by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5924\"\u003e#5924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ci) Cancel in-progress PR workflows on new commit push by \u003ca href=\"https://github.com/joshuarli\"\u003e\u003ccode\u003e@​joshuarli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5994\"\u003e#5994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(consts) Add updated span convention constants to SPANDATA by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6093\"\u003e#6093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(fastapi) Support span streaming in active thread tracking by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6118\"\u003e#6118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(httpx) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6084\"\u003e#6084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(huggingface_hub) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6124\"\u003e#6124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(mcp) Migrate to span first by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6131\"\u003e#6131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edb.driver.name\u003c/code\u003e spans to database integrations by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6082\"\u003e#6082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cp\u003eWe've put additional data that might contain sensitive information, like GraphQL documents, behind the \u003ccode\u003esend_default_pii\u003c/code\u003e option.\u003c/p\u003e\n\u003ch4\u003eHttpx\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eConsistently early-exit when adding request source by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6151\"\u003e#6151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003ecode.namespace\u003c/code\u003e and \u003ccode\u003ecode.function\u003c/code\u003e instead of \u003ccode\u003ecode.function.name\u003c/code\u003e in span streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6150\"\u003e#6150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eLangchain\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRecord \u003ccode\u003erun_name\u003c/code\u003e as \u003ccode\u003egen_ai.function_id\u003c/code\u003e for text completions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6073\"\u003e#6073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet agent name as \u003ccode\u003egen_ai.agent.name\u003c/code\u003e for chat and tool spans by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5877\"\u003e#5877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(asgi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e on Python 3.14+ by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6135\"\u003e#6135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(batcher) Reset lock and flusher in child after fork by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6163\"\u003e#6163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(google_genai) Redact binary data in inline_data and fix multi-part message extraction by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5977\"\u003e#5977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(grpc) Add isolation_scope to async server interceptor by \u003ca href=\"https://github.com/robinvd\"\u003e\u003ccode\u003e@​robinvd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5940\"\u003e#5940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(metrics,logs) Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6162\"\u003e#6162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(monitor) Release \u003ccode\u003eMonitor._thread_lock\u003c/code\u003e after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6148\"\u003e#6148\u003c/a\u003e) by \u003ca href=\"https://github.com/vokracko\"\u003e\u003ccode\u003e@​vokracko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6159\"\u003e#6159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Resolve agent from \u003ccode\u003ebindings\u003c/code\u003e for openai-agents \u0026gt;= 0.14 by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6102\"\u003e#6102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(profiler) Stop nulling buffer on teardown by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6075\"\u003e#6075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(quart) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Quart does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6133\"\u003e#6133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(security) Prevent GitHub script injection in update-tox workflow by \u003ca href=\"https://github.com/fix-it-felix-sentry\"\u003e\u003ccode\u003e@​fix-it-felix-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6171\"\u003e#6171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(starlette/fastapi) Use \u003ccode\u003einspect.iscoroutinefunction\u003c/code\u003e when Starlette does by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6134\"\u003e#6134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(tornado) Make sure context manager doesn't double yield by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6152\"\u003e#6152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compatible by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/6177\"\u003e#6177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/689cb97e333534f093f16f75f2c212a986bab7e5\"\u003e\u003ccode\u003e689cb97\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/397dda917fa40782e48e24ac01ecf822de0771fc\"\u003e\u003ccode\u003e397dda9\u003c/code\u003e\u003c/a\u003e release: 2.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c254a8f8bbd2009c409b12c50d6075e262c6f8\"\u003e\u003ccode\u003ec0c254a\u003c/code\u003e\u003c/a\u003e test: Rename file (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6194\"\u003e#6194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d90a9238ccf84dd49b2c994e8cbc9cc7b8fdbf80\"\u003e\u003ccode\u003ed90a923\u003c/code\u003e\u003c/a\u003e ref(batcher): Only flush the bucket that triggered the flush event (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6168\"\u003e#6168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/6436518b21943881122e0cc6e0e49fe1355fd23f\"\u003e\u003ccode\u003e6436518\u003c/code\u003e\u003c/a\u003e ci: 🤖 Update test matrix with new releases (05/04) (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6186\"\u003e#6186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/98294ceeb77376237ce9c4cac66b1925adb37f54\"\u003e\u003ccode\u003e98294ce\u003c/code\u003e\u003c/a\u003e fix: Introduce \u003ccode\u003e_get_current_streamed_span()\u003c/code\u003e to keep types backwards compati...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66b3c6b8178dd6fa8e2e976481a642b53db27319\"\u003e\u003ccode\u003e66b3c6b\u003c/code\u003e\u003c/a\u003e test(fastmcp): Span streaming tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6167\"\u003e#6167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/b5735abb51b21dba8cee1f35a918dbe51babf038\"\u003e\u003ccode\u003eb5735ab\u003c/code\u003e\u003c/a\u003e fix(batcher): Reset lock and flusher in child after fork (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6163\"\u003e#6163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/fc3eab43a6ee9af6fced602d5c56467e2d690603\"\u003e\u003ccode\u003efc3eab4\u003c/code\u003e\u003c/a\u003e fix(metrics,logs): Don't attach \u003ccode\u003espan_id\u003c/code\u003e if no active span (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6162\"\u003e#6162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/8e5bd96c7a21839b54849f813d834d46969abd2a\"\u003e\u003ccode\u003e8e5bd96\u003c/code\u003e\u003c/a\u003e test: Assert presence of profile chunks after shutdown (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/6174\"\u003e#6174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.58.0...2.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"}},{"old_version":"1.6.7","new_version":"1.7.2","update_type":"minor","path":null,"pr_created_at":"2026-05-21T14:44:10.000Z","version_change":"1.6.7 → 1.7.2","issue":{"uuid":"4495480402","node_id":"PR_kwDOP3ly0c7d-0P5","number":381,"state":"closed","title":"deps(deps): bump the uv-minor-patch group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T11:25:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T14:44:10.000Z","updated_at":"2026-05-30T11:25:52.000Z","time_to_close":765701,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"uv-minor-patch","update_count":20,"packages":[{"name":"fastapi","old_version":"0.128.7","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.47.0"},{"name":"sqlalchemy","old_version":"2.0.46","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"azure-core","old_version":"1.38.1","new_version":"1.41.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-identity","old_version":"1.25.2","new_version":"1.25.3","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-storage-blob","old_version":"12.28.0","new_version":"12.29.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"psycopg","old_version":"3.3.2","new_version":"3.3.4"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"orjson","old_version":"3.11.7","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"greenlet","old_version":"3.3.1","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"authlib","old_version":"1.6.7","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"sse-starlette","old_version":"3.2.0","new_version":"3.4.4","repository_url":"https://github.com/sysid/sse-starlette"},{"name":"typer","old_version":"0.21.2","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uv","old_version":"0.10.2","new_version":"0.11.16","repository_url":"https://github.com/astral-sh/uv"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.14.14","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"openapi-spec-validator","old_version":"0.7.2","new_version":"0.9.0","repository_url":"https://github.com/python-openapi/openapi-spec-validator"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-minor-patch group with 20 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.7` | `0.136.1` |\n| [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.47.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.46` | `2.0.49` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.1` | `1.41.0` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` |\n| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.28.0` | `12.29.0` |\n| [psycopg[binary]](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.1` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.7` | `3.11.9` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.1` | `3.5.1` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.7` | `1.7.2` |\n| [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.4.4` |\n| [typer](https://github.com/fastapi/typer) | `0.21.2` | `0.25.1` |\n| [uv](https://github.com/astral-sh/uv) | `0.10.2` | `0.11.16` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.14` |\n| [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.7.2` | `0.9.0` |\n\n\nUpdates `fastapi` from 0.128.7 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.7...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn[standard]` from 0.40.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn[standard]'s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEmit \u003ccode\u003ehttp.disconnect\u003c/code\u003e ASGI \u003ccode\u003ereceive()\u003c/code\u003e event on server shutting down for streaming responses (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse native \u003ccode\u003econtext\u003c/code\u003e parameter for \u003ccode\u003ecreate_task\u003c/code\u003e on Python 3.11+ (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2859\"\u003e#2859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop cast in ASGI types (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2875\"\u003e#2875\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn[standard]'s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0 (April 6, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2888\"\u003e#2888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.43.0 (April 3, 2026)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.40.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.46 to 2.0.49\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.49\u003c/h1\u003e\n\u003cp\u003eReleased: April 3, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.Session.get()\u003c/code\u003e would bypass the identity map\nand emit unnecessary SQL when \u003ccode\u003ewith_for_update=False\u003c/code\u003e was passed,\nrather than treating it equivalently to the default of \u003ccode\u003eNone\u003c/code\u003e.\nPull request courtesy of Joshua Swanson.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13176\"\u003e#13176\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where chained \u003ccode\u003e_orm.joinedload()\u003c/code\u003e options would not be\napplied correctly when the final relationship in the chain is declared on a\nbase mapper and accessed through a subclass mapper in a\n\u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e query. The path registry now correctly\ncomputes the natural path when a property declared on a base class is\naccessed through a path containing a subclass mapper, ensuring the loader\noption can be located during query compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13193\"\u003e#13193\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug] [inheritance]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.Load.options()\u003c/code\u003e to apply a chained loader\noption such as \u003ccode\u003e_orm.joinedload()\u003c/code\u003e or \u003ccode\u003e_orm.selectinload()\u003c/code\u003e with\n\u003ccode\u003e_orm.PropComparator.of_type()\u003c/code\u003e for a polymorphic relationship would\nnot generate the necessary clauses for the polymorphic subclasses. The\npolymorphic loading strategy is now correctly propagated when using a call\nsuch as \u003ccode\u003ejoinedload(A.b).options(joinedload(B.c.of_type(poly)))\u003c/code\u003e to match\nthe behavior of direct chaining e.g.\n\u003ccode\u003ejoinedload(A.b).joinedload(B.c.of_type(poly))\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13202\"\u003e#13202\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug] [inheritance]\u003c/strong\u003e Fixed issue where using chained loader options such as\n\u003ccode\u003e_orm.selectinload()\u003c/code\u003e after \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003e_orm.PropComparator.of_type()\u003c/code\u003e for a polymorphic relationship would\nnot properly apply the chained loader option. The loader option is now\ncorrectly applied when using a call such as\n\u003ccode\u003ejoinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c)\u003c/code\u003e to eagerly\nload related objects.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13209\"\u003e#13209\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003etyping\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e[typing] [bug]\u003c/strong\u003e Fixed a typing issue where the typed members of :data:\u003ccode\u003e.func\u003c/code\u003e would return\nthe appropriate class of the same name, however this creates an issue for\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-core` from 1.38.1 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-core_1.41.0\u003c/h2\u003e\n\u003ch2\u003e1.41.0 (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e now accepts \u003ccode\u003eVERBOSE\u003c/code\u003e (case-insensitive) as an alias for \u003ccode\u003eDEBUG\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eInvalid values for the \u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e, \u003ccode\u003eAZURE_TRACING_ENABLED\u003c/code\u003e, and \u003ccode\u003eAZURE_SDK_TRACING_IMPLEMENTATION\u003c/code\u003e environment variables no longer raise errors. Instead, a warning is logged and the default value is used (\u003ccode\u003eINFO\u003c/code\u003e for \u003ccode\u003eAZURE_LOG_LEVEL\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eazure-core_1.40.0\u003c/h2\u003e\n\u003ch2\u003e1.40.0 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for per-operation \u003ccode\u003ehttp_logging_level\u003c/code\u003e overrides in \u003ccode\u003eHttpLoggingPolicy\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44115\"\u003e#44115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduced the keyword argument \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e to \u003ccode\u003eDistributedTracingPolicy\u003c/code\u003e and \u003ccode\u003eHttpLoggingPolicy\u003c/code\u003e to allow users to specify additional URL query parameters that should not be redacted in span attributes or logs. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eUsers can specify this at the SDK client level by passing \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e to the client constructor. For example: \u003ccode\u003eclient = ServiceClient(..., additional_allowed_query_params={\u0026quot;custom_param\u0026quot;})\u003c/code\u003e. This will apply to all operations performed by the client.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eURL attributes in HTTP tracing spans will now have query parameters sanitized by default. To add additional query parameters that should not be redacted, use the \u003ccode\u003eadditional_allowed_query_params\u003c/code\u003e argument in your client constructor. \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.9 is no longer supported. Please use Python version 3.10 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/26802e41e25313136e4fa60788113262eaab8130\"\u003e\u003ccode\u003e26802e4\u003c/code\u003e\u003c/a\u003e update version and release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46738\"\u003e#46738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/34539ef0d7bc6c8248fb28c8509b83530033fd23\"\u003e\u003ccode\u003e34539ef\u003c/code\u003e\u003c/a\u003e auto fallback when loading settings from env (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46668\"\u003e#46668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/71121118731e3190e671ebeceab222ec7c0a0539\"\u003e\u003ccode\u003e7112111\u003c/code\u003e\u003c/a\u003e Increment version for core releases (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46660\"\u003e#46660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/c14e6ba98f0302547bb22fa341cdf727214377e5\"\u003e\u003ccode\u003ec14e6ba\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46612\"\u003e#46612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a08ffff3a2a0960b904b869f059bd9b19d3ace26\"\u003e\u003ccode\u003ea08ffff\u003c/code\u003e\u003c/a\u003e [Core] Set kwarg explicitly in method signatures (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46633\"\u003e#46633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/2bdb89e8f7e7036619df22d0d8230365f74d9863\"\u003e\u003ccode\u003e2bdb89e\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46631\"\u003e#46631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/73df99a4d919be6c63773a15167134398ef47347\"\u003e\u003ccode\u003e73df99a\u003c/code\u003e\u003c/a\u003e [Core] Add + refactor query param sanitization (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46482\"\u003e#46482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3db7fb5cb797be5149d974b4af3d8049addcb69d\"\u003e\u003ccode\u003e3db7fb5\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ecore\u003c/code\u003e flask server startup (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46263\"\u003e#46263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e18edb6361ce9b1ec62cf72c22d4425a277cfef7\"\u003e\u003ccode\u003ee18edb6\u003c/code\u003e\u003c/a\u003e Swap CI to \u003ccode\u003eCFS\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45995\"\u003e#45995\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/bd33bafb4f19d65965e0f2c9b1e77af694a517ba\"\u003e\u003ccode\u003ebd33baf\u003c/code\u003e\u003c/a\u003e \u003cem\u003e\u003cstrong\u003eNO_CI\u003c/strong\u003e\u003c/em\u003e [Doc] Update references to wiki pages (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46169\"\u003e#46169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.38.1...azure-core_1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-identity` from 1.25.2 to 1.25.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a989ea467731265fdf097b622ba254703187746b\"\u003e\u003ccode\u003ea989ea4\u003c/code\u003e\u003c/a\u003e [Identity] Prep patch release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/79728834e7f38018d372860cf9117bf51d9ed417\"\u003e\u003ccode\u003e7972883\u003c/code\u003e\u003c/a\u003e [Identity] Adjust refresh logic (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45496\"\u003e#45496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/04764a9a8a0cb59aab6421b41152246853dfcfe8\"\u003e\u003ccode\u003e04764a9\u003c/code\u003e\u003c/a\u003e add psscript to convert apiview json files to md (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45589\"\u003e#45589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/50e01659d7204865dfa07c5ece1019ed9a229b4f\"\u003e\u003ccode\u003e50e0165\u003c/code\u003e\u003c/a\u003e Sync eng/common directory with azure-sdk-tools for PR 14461 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45646\"\u003e#45646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5333117e0e181404ff4deaa757e9b6ef86dabf8b\"\u003e\u003ccode\u003e5333117\u003c/code\u003e\u003c/a\u003e Add Bo to /sdk/ai/azure-ai-projects owner list (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45664\"\u003e#45664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/775d6942e4335422fc69da8e997a6069e356b104\"\u003e\u003ccode\u003e775d694\u003c/code\u003e\u003c/a\u003e Doc and automation updates for .github sync directory changes (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45630\"\u003e#45630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/c6e48b5cd71adf5728a5e2f33bc9f62fb221221f\"\u003e\u003ccode\u003ec6e48b5\u003c/code\u003e\u003c/a\u003e [Core] Prepare release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45656\"\u003e#45656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ae769c4e9379c8d309bffa5ccb76dcfba64e1f71\"\u003e\u003ccode\u003eae769c4\u003c/code\u003e\u003c/a\u003e Fix custom Memory Stores LRO poller operation (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45662\"\u003e#45662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6074492844d670316eb171756483f1394a6c94c7\"\u003e\u003ccode\u003e6074492\u003c/code\u003e\u003c/a\u003e Add asset id none check in dt (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45618\"\u003e#45618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e1a986aeb7a8001bd3a4f336cf096c2b050aa480\"\u003e\u003ccode\u003ee1a986a\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.10 to 7.5.11 in /eng/common/tsp-client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45640\"\u003e#45640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-identity_1.25.2...azure-identity_1.25.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-storage-blob` from 12.28.0 to 12.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-storage-blob's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-storage-blob_12.29.0\u003c/h2\u003e\n\u003ch2\u003e12.29.0 (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStable release of features from 12.29.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eBlobClient\u003c/code\u003e's \u003ccode\u003edownload_blob\u003c/code\u003e did not retry upon\n\u003ccode\u003eServiceReponseError\u003c/code\u003e and \u003ccode\u003eServiceResponseTimeoutError\u003c/code\u003e exceptions\u003c/li\u003e\n\u003cli\u003eFixed various issues with configuring logging via \u003ccode\u003elogging_enable\u003c/code\u003e and \u003ccode\u003elogging_body\u003c/code\u003e keywords on a per-request\nbasis and with retries. Prior to this fix logging may have not behaved as expected, especially on retries.\u003c/li\u003e\n\u003cli\u003eFix a potential memory leak caused by improper exception handling that could occur under rare circumstances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e73548b8a2e8fa20c3ae9114e94b548cb69a309e\"\u003e\u003ccode\u003ee73548b\u003c/code\u003e\u003c/a\u003e Release date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/60f7b1669ff9fbb04fb0655054ac8963a1a7c8fc\"\u003e\u003ccode\u003e60f7b16\u003c/code\u003e\u003c/a\u003e Changed release date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5280297029137c50a658d9076eee9f0904314ff1\"\u003e\u003ccode\u003e5280297\u003c/code\u003e\u003c/a\u003e Modified release date to 5/12/2026\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/15e1ae938b23ef5615b354c9d0e0ce4d53b45080\"\u003e\u003ccode\u003e15e1ae9\u003c/code\u003e\u003c/a\u003e \u003cem\u003e\u003cstrong\u003eNO_CI\u003c/strong\u003e\u003c/em\u003e [Doc] Update references to wiki pages (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46169\"\u003e#46169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3f5c4d24273a6de44dbbb3499a6df1684a0dbba2\"\u003e\u003ccode\u003e3f5c4d2\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ecibuildwheel\u003c/code\u003e not necessary in \u003ccode\u003ebuild-system\u003c/code\u003e metadata for `azure-storage-ex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5b5b757fd10bd3df17085d1d2004185652154c93\"\u003e\u003ccode\u003e5b5b757\u003c/code\u003e\u003c/a\u003e Modified release date to 2026-05-11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/8b9a3e5b05be15f247d0b01fa82bce38dfda627a\"\u003e\u003ccode\u003e8b9a3e5\u003c/code\u003e\u003c/a\u003e [Storage][101] Cherry pick recent fixes and release prep (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/46659\"\u003e#46659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fdae976c1db9fbab1b313bd41703e1c3c863404b\"\u003e\u003ccode\u003efdae976\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into release/storage/stg101\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/1e540de672e6e5f51f4e9302491b0809978e8966\"\u003e\u003ccode\u003e1e540de\u003c/code\u003e\u003c/a\u003e Fix typing contract for max_concurrency in File Share client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45637\"\u003e#45637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fa44dea36fbb8948acb7035a25b2a918cb9e29db\"\u003e\u003ccode\u003efa44dea\u003c/code\u003e\u003c/a\u003e Fix typing contract for max_concurrency in Datalake client (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/45631\"\u003e#45631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-storage-blob_12.28.0...azure-storage-blob_12.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg[binary]` from 3.3.2 to 3.3.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg/blob/master/docs/news.rst\"\u003epsycopg[binary]'s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. currentmodule:: psycopg\u003c/p\u003e\n\u003cp\u003e.. index::\nsingle: Release notes\nsingle: News\u003c/p\u003e\n\u003ch1\u003e\u003ccode\u003epsycopg\u003c/code\u003e release notes\u003c/h1\u003e\n\u003ch2\u003eFuture releases\u003c/h2\u003e\n\u003cp\u003ePsycopg 3.3.5 (unreleased)\n^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDiscard prepared statements upon :sql:\u003ccode\u003eALTER *\u003c/code\u003e or \u003ccode\u003eDISCARD *\u003c/code\u003e\n(:ticket:\u003ccode\u003e[#1307](https://github.com/psycopg/psycopg/issues/1307)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003ePsycopg 3.3.4\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix possible spurious connection timeout in systems with very long uptimes\nin C extension (:ticket:\u003ccode\u003e[#1280](https://github.com/psycopg/psycopg/issues/1280)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix client-side adaptation of enums whose name require quotes\n(:ticket:\u003ccode\u003e[#1298](https://github.com/psycopg/psycopg/issues/1298)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eConsistently populate \u003ccode\u003e~Cursor.statusmessage\u003c/code\u003e after \u003ccode\u003e~Cursor.executemany()\u003c/code\u003e\n(:ticket:\u003ccode\u003e[#1302](https://github.com/psycopg/psycopg/issues/1302)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePsycopg 3.3.3\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRetain \u003ccode\u003eError.pgconn\u003c/code\u003e when raising a single exception for multiple connection\nattempt errors (:ticket:\u003ccode\u003e[#1246](https://github.com/psycopg/psycopg/issues/1246)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eReturn a proper error when server sends \u003ccode\u003eErrorResponse\u003c/code\u003e for a \u003ccode\u003eSync\u003c/code\u003e after\na \u003ccode\u003eParse\u003c/code\u003e (:ticket:\u003ccode\u003e[#1260](https://github.com/psycopg/psycopg/issues/1260)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePsycopg 3.3.2\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eFix race condition in adapters at startup (:ticket:\u003ccode\u003e[#1230](https://github.com/psycopg/psycopg/issues/1230)\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003ePsycopg 3.3.1\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/83f110367cdd249cc0a352e2246ecea9e878e5a0\"\u003e\u003ccode\u003e83f1103\u003c/code\u003e\u003c/a\u003e chore: bump psycopg_pool package version to 3.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/18287707f56a2b4f0817d9c23d137f5d69db6e31\"\u003e\u003ccode\u003e1828770\u003c/code\u003e\u003c/a\u003e chore: bump psycopg package version to 3.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/8be14bbc18f74de7652606d2777e0950ec804cc0\"\u003e\u003ccode\u003e8be14bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg/issues/1301\"\u003e#1301\u003c/a\u003e from oliverhaas/fix/sync-pool-open-race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/aee0bf2659db77c31154acf583baf0a98675c192\"\u003e\u003ccode\u003eaee0bf2\u003c/code\u003e\u003c/a\u003e fix(pool): fix race in the construction of the sync ConnectionPool lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/bc4d30375557fc32f2a91c2f8b75a5d21711ea89\"\u003e\u003ccode\u003ebc4d303\u003c/code\u003e\u003c/a\u003e chore(deps): bump the actions group across 1 directory with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/785379f196fc17473d312451a1fd4a06ef8dc895\"\u003e\u003ccode\u003e785379f\u003c/code\u003e\u003c/a\u003e fix: retain statusmessage after executemany with returning=False\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/8882a73871e65727549657085922d043a106127c\"\u003e\u003ccode\u003e8882a73\u003c/code\u003e\u003c/a\u003e perf: do less if X in Y: return Y[X] for cache-like patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/2f785395c189e709da5fa74a02d3797bfb9db6a4\"\u003e\u003ccode\u003e2f78539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg/issues/1299\"\u003e#1299\u003c/a\u003e from dvarrazzo/fix-camel-enum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/37ef1dc4e6d19dc4af062d45a63243cb96a261c2\"\u003e\u003ccode\u003e37ef1dc\u003c/code\u003e\u003c/a\u003e test: skip test on crdb depending on precise regtype behaviour\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg/commit/7f2f1d159df881260e3086fd61ea71343ca98e58\"\u003e\u003ccode\u003e7f2f1d1\u003c/code\u003e\u003c/a\u003e fix: fix client-side representation of enums requiring quotes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg/compare/3.3.2...3.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.12.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.11.7 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.8\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.8 - 2026-03-31\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/5cbb3d0398a2f42de51210270286fecd798c5d78\"\u003e\u003ccode\u003e5cbb3d0\u003c/code\u003e\u003c/a\u003e 3.11.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4195d7f263e33076295b75efdcbaf6a55af8674e\"\u003e\u003ccode\u003e4195d7f\u003c/code\u003e\u003c/a\u003e writer::half\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d00641b69410728a735f0855eb1c2843b0a5819b\"\u003e\u003ccode\u003ed00641b\u003c/code\u003e\u003c/a\u003e writer::uuid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c84d9b4ba4853781af943fa5c493e261e2f82b84\"\u003e\u003ccode\u003ec84d9b4\u003c/code\u003e\u003c/a\u003e build and compatibility misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4547234b681fac5e0e0734cf44c21e75f9654e43\"\u003e\u003ccode\u003e4547234\u003c/code\u003e\u003c/a\u003e ffi::numpy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/0d4a5ad1f17a72528ba027554466fdec6580cdeb\"\u003e\u003ccode\u003e0d4a5ad\u003c/code\u003e\u003c/a\u003e datetime PyRef idiom\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/e93a13d372ec956d027e71d023eb534b8445ac85\"\u003e\u003ccode\u003ee93a13d\u003c/code\u003e\u003c/a\u003e Cross-compile avoids maturin v1.12 build-details.json error\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.7...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FI...\n\n_Description has been truncated_","html_url":"https://github.com/clac-ca/automatic-data-extractor/pull/381","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/clac-ca%2Fautomatic-data-extractor/issues/381","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/381/packages"}},{"old_version":"1.6.6","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-19T21:22:46.000Z","version_change":"1.6.6 → 1.6.12","issue":{"uuid":"4481151523","node_id":"PR_kwDOPRTWIc7dQkTM","number":2085,"state":"open","title":"build(deps): bump the uv group across 8 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:22:46.000Z","updated_at":"2026-05-19T21:25:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n\nBumps the uv group with 1 update in the /microservices/auditor_service directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 5 updates in the /microservices/memory_agent directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\nBumps the uv group with 5 updates in the /microservices/observability_service directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\nBumps the uv group with 1 update in the /microservices/planning_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 1 update in the /microservices/reasoning_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 1 update in the /microservices/research_agent directory: [litellm](https://github.com/BerriAI/litellm).\nBumps the uv group with 5 updates in the /microservices/user_service directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.50.0` | `1.83.10` |\n\n\nUpdates `authlib` from 1.6.6 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `litellm` from 1.50.0 to 1.83.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-trace-dev-v1.81.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(vertex): add gemini-3.1-flash-image-preview to model DB by \u003ca href=\"https://github.com/emerzon\"\u003e\u003ccode\u003e@​emerzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22223\"\u003eBerriAI/litellm#22223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(spendlogs): optimize old spendlog deletion cron job by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21930\"\u003eBerriAI/litellm#21930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix converse handling for parallel_tool_calls by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22267\"\u003eBerriAI/litellm#22267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix]Preserve forwarding server side called tools by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22260\"\u003eBerriAI/litellm#22260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix free models working from UI by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22258\"\u003eBerriAI/litellm#22258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v1 for anthropic responses transformation by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22087\"\u003eBerriAI/litellm#22087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Bug]Add ChatCompletionImageObject in OpenAIChatCompletionAssistantMessage by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22155\"\u003eBerriAI/litellm#22155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: poetry lock by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22293\"\u003eBerriAI/litellm#22293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable local file support for OCR by \u003ca href=\"https://github.com/noahnistler\"\u003e\u003ccode\u003e@​noahnistler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22133\"\u003eBerriAI/litellm#22133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mcp): Strip stale mcp-session-id to prevent 400 errors across proxy workers by \u003ca href=\"https://github.com/gavksingh\"\u003e\u003ccode\u003e@​gavksingh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21417\"\u003eBerriAI/litellm#21417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] Access group CRUD: Bidirectional team/key sync by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22253\"\u003eBerriAI/litellm#22253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd LLMClientCache regression tests for httpx client eviction safety by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22306\"\u003eBerriAI/litellm#22306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(models): add gpt-audio-1.5 to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22303\"\u003eBerriAI/litellm#22303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(models): add gpt-realtime-1.5 to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22304\"\u003eBerriAI/litellm#22304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(models): function calling for PublicAI Apertus models by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21582\"\u003eBerriAI/litellm#21582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests: add llmclientcache regression tests by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22313\"\u003eBerriAI/litellm#22313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd deprecation dates for xAI grok-2-vision-1212 and grok-3-mini models by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20102\"\u003eBerriAI/litellm#20102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(model_prices): add OpenRouter native models to model cost map by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20520\"\u003eBerriAI/litellm#20520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenRouter Opus 4.6 to model map and update Claude Opus 4.6 docs by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/20525\"\u003eBerriAI/litellm#20525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Include timestamps in /project/list response by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22323\"\u003eBerriAI/litellm#22323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Projects: Add Projects page with list and create flows by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/22315\"\u003eBerriAI/litellm#22315\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/claude code plugin schema by \u003ca...\n\n_Description has been truncated_","html_url":"https://github.com/HOUSSAM16ai/NAAS-Agentic-Core/pull/2085","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HOUSSAM16ai%2FNAAS-Agentic-Core/issues/2085","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2085/packages"}},{"old_version":"1.6.6","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-19T21:04:35.000Z","version_change":"1.6.6 → 1.6.12","issue":{"uuid":"4481035747","node_id":"PR_kwDONhLw9c7dQL5A","number":185,"state":"open","title":"Bump the uv group across 12 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:04:35.000Z","updated_at":"2026-06-01T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":9,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"banks","old_version":"2.3.0","new_version":"2.4.2","repository_url":"https://github.com/masci/banks"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /backend directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /platform-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /prompt-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /runner directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 3 updates in the /tool-sidecar directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 7 updates in the /unstract/connectors directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.3.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.1` | `5.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/filesystem directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/sdk1 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.4` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/tool-registry directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 6 updates in the /unstract/workflow-execution directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.4.1` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n\nBumps the uv group with 1 update in the /workers directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /x2text-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/unstract/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Funstract/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"}},{"old_version":"1.6.11","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-17T10:22:52.000Z","version_change":"1.6.11 → 1.6.12","issue":{"uuid":"4463158238","node_id":"PR_kwDOPPVzR87cW-il","number":111,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T10:29:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T10:22:52.000Z","updated_at":"2026-05-17T10:29:13.000Z","time_to_close":372,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":2,"packages":[{"name":"authlib","old_version":"1.6.11","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `authlib` from 1.6.11 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/luarss/openroad-mcp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/luarss/openroad-mcp/pull/111","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarss%2Fopenroad-mcp/issues/111","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/111/packages"}},{"old_version":"1.7.0","new_version":"1.7.1","update_type":"patch","path":null,"pr_created_at":"2026-05-17T01:19:45.000Z","version_change":"1.7.0 → 1.7.1","issue":{"uuid":"4461881090","node_id":"PR_kwDOSR0SFM7cTPUb","number":12,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T22:53:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T01:19:45.000Z","updated_at":"2026-05-19T22:53:44.000Z","time_to_close":250437,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"langchain-core","old_version":"1.3.1","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pip","old_version":"26.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"langsmith","old_version":"0.7.34","new_version":"0.8.5","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"smolagents","old_version":"1.22.0","new_version":"1.25.0","repository_url":"https://github.com/huggingface/smolagents"},{"name":"authlib","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/authlib/authlib"},{"name":"python-liquid","old_version":"2.1.0","new_version":"2.2.0","repository_url":"https://github.com/jg-rp/liquid"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.3.1` | `1.3.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.34` | `0.8.5` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.22.0` | `1.25.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.7.0` | `1.7.1` |\n| [python-liquid](https://github.com/jg-rp/liquid) | `2.1.0` | `2.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `langchain-core` from 1.3.1 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.1...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.7.34 to 0.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.7.0 by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890\"\u003elangchain-ai/langsmith-sdk#2890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): add alias for \u003ccode\u003eexperimental/sandbox\u003c/code\u003e to appease broad peer dep range within \u003ccode\u003edeepagents\u003c/code\u003e by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893\"\u003elangchain-ai/langsmith-sdk#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): allow disabling multipart streaming via env variable by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900\"\u003elangchain-ai/langsmith-sdk#2900\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(python): add Client.close() to release session [closes LSDK-183] by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866\"\u003elangchain-ai/langsmith-sdk#2866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sandbox): forward client default headers on exec WebSocket by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899\"\u003elangchain-ai/langsmith-sdk#2899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.7.1 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902\"\u003elangchain-ai/langsmith-sdk#2902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.5 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903\"\u003elangchain-ai/langsmith-sdk#2903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.6.3 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864\"\u003elangchain-ai/langsmith-sdk#2864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859\"\u003elangchain-ai/langsmith-sdk#2859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.91.1 to 0.92.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858\"\u003elangchain-ai/langsmith-sdk#2858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857\"\u003elangchain-ai/langsmith-sdk#2857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump hono from 4.12.15 to 4.12.18 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860\"\u003elangchain-ai/langsmith-sdk#2860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867\"\u003elangchain-ai/langsmith-sdk#2867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.92.0 to 0.93.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869\"\u003elangchain-ai/langsmith-sdk#2869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873\"\u003elangchain-ai/langsmith-sdk#2873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 12 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876\"\u003elangchain-ai/langsmith-sdk#2876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 16 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877\"\u003elangchain-ai/langsmith-sdk#2877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879\"\u003elangchain-ai/langsmith-sdk#2879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868\"\u003elangchain-ai/langsmith-sdk#2868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.93.0 to 0.94.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878\"\u003elangchain-ai/langsmith-sdk#2878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(js): rename experimental/sandbox -\u0026gt; sandbox (breaking) by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885\"\u003elangchain-ai/langsmith-sdk#2885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(py): drop sandbox alpha/experimental warnings by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884\"\u003elangchain-ai/langsmith-sdk#2884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sandbox): make snapshot optional and add TS options overload by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887\"\u003elangchain-ai/langsmith-sdk#2887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.4 by \u003ca href=\"https://github.com/ramon-langchain\"\u003e\u003ccode\u003e@​ramon-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889\"\u003elangchain-ai/langsmith-sdk#2889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(js): prevent sending [object Object] as span attribute when dealing with nested objects, send full langsmith.usage_metadata if present by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2845\"\u003elangchain-ai/langsmith-sdk#2845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): bump to 0.6.2 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2856\"\u003elangchain-ai/langsmith-sdk#2856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(py): replace ttl_seconds with idle_ttl_seconds + delete_after_stop_seconds by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2853\"\u003elangchain-ai/langsmith-sdk#2853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2854\"\u003elangchain-ai/langsmith-sdk#2854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix push_agent URL owner for name-only identifiers by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2862\"\u003elangchain-ai/langsmith-sdk#2862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(langsmith): clarify trust boundaries when working with hub by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2861\"\u003elangchain-ai/langsmith-sdk#2861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.3 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2863\"\u003elangchain-ai/langsmith-sdk#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/ef9fcd5b47f99ae5a05e4cd18fb784216dd179b9\"\u003e\u003ccode\u003eef9fcd5\u003c/code\u003e\u003c/a\u003e release(py): 0.8.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/63b402eb3e8bb23cc365990d8a56a1adad59a0d1\"\u003e\u003ccode\u003e63b402e\u003c/code\u003e\u003c/a\u003e release(js): 0.7.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2902\"\u003e#2902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/602a27ab115f7907c7ee7aa03bae5d5b4bc372bf\"\u003e\u003ccode\u003e602a27a\u003c/code\u003e\u003c/a\u003e feat(sandbox): forward client default headers on exec WebSocket (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/126ef522f5f3be67c2952ae9ef39eb43db494af9\"\u003e\u003ccode\u003e126ef52\u003c/code\u003e\u003c/a\u003e feat(python): add Client.close() to release session [closes LSDK-183] (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2866\"\u003e#2866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/fddf88dd25132040e45ab97f6b1327bba7162291\"\u003e\u003ccode\u003efddf88d\u003c/code\u003e\u003c/a\u003e feat(js): allow disabling multipart streaming via env variable (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2900\"\u003e#2900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/19bfc57231a4e47d814ce2ed0fa8444c03283e1c\"\u003e\u003ccode\u003e19bfc57\u003c/code\u003e\u003c/a\u003e fix(js): add alias for \u003ccode\u003eexperimental/sandbox\u003c/code\u003e to appease broad peer dep range...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/6717def07f1a6d3fec76b9c384dd6527fc4731c4\"\u003e\u003ccode\u003e6717def\u003c/code\u003e\u003c/a\u003e release(js): 0.7.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2890\"\u003e#2890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/273f8f9b0deccb7b21f899fbe6ee0474702a9860\"\u003e\u003ccode\u003e273f8f9\u003c/code\u003e\u003c/a\u003e release(py): 0.8.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2889\"\u003e#2889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/afbf4fb970f1b1d5bc4b8fb3e233a8bef1a5eac9\"\u003e\u003ccode\u003eafbf4fb\u003c/code\u003e\u003c/a\u003e feat(sandbox): make snapshot optional and add TS options overload (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2887\"\u003e#2887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/54da5410a2ab7ee67b2eed9137f8dcbbc1426355\"\u003e\u003ccode\u003e54da541\u003c/code\u003e\u003c/a\u003e sdk(py): drop sandbox alpha/experimental warnings (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2884\"\u003e#2884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.34...v0.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `smolagents` from 1.22.0 to 1.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/smolagents/releases\"\u003esmolagents's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump dev version: v1.25.0.dev0 by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1939\"\u003ehuggingface/smolagents#1939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix import of TokenUsage by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1943\"\u003ehuggingface/smolagents#1943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLflow integration doc by \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1884\"\u003ehuggingface/smolagents#1884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor agent/model deserialization: Replace importlib with registry pattern by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1944\"\u003ehuggingface/smolagents#1944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate _function_type_hints_utils.py: CohereForAI -\u0026gt; CohereLabs by \u003ca href=\"https://github.com/Michellehbn\"\u003e\u003ccode\u003e@​Michellehbn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1946\"\u003ehuggingface/smolagents#1946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix High impact vulnerability on remote executors by \u003ca href=\"https://github.com/nnfrog\"\u003e\u003ccode\u003e@​nnfrog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1637\"\u003ehuggingface/smolagents#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix SafeSerializer.get_deserializer_code by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1983\"\u003ehuggingface/smolagents#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RemotePythonExecutor._deserialize_final_answer for legacy no-prefix pickle by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1984\"\u003ehuggingface/smolagents#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest 'pickle:...' payloads are properly decoded by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1985\"\u003ehuggingface/smolagents#1985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove support for legacy no-prefix pickle by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1986\"\u003ehuggingface/smolagents#1986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate docs reference page for Python executors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1987\"\u003ehuggingface/smolagents#1987\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIsolate WasmExecutor Deno cache to per-instance temp directory by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1995\"\u003ehuggingface/smolagents#1995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch wildcard bind to loopback-only endpoint in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2025\"\u003ehuggingface/smolagents#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse token in DockerExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2027\"\u003ehuggingface/smolagents#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove allow_origin from Docker and Modal executors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2028\"\u003ehuggingface/smolagents#2028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse token in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2031\"\u003ehuggingface/smolagents#2031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluate_with() calling \u003cstrong\u003eexit\u003c/strong\u003e on wrong object by \u003ca href=\"https://github.com/dubin555\"\u003e\u003ccode\u003e@​dubin555\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2029\"\u003ehuggingface/smolagents#2029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluate_with by suppressing exception if truthy \u003cstrong\u003eexit\u003c/strong\u003e by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2033\"\u003ehuggingface/smolagents#2033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse requests.Session in WasmExecutor by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2032\"\u003ehuggingface/smolagents#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Rich MarkupError in AgentLogger.log_task by rendering untrusted text safely by \u003ca href=\"https://github.com/Barcavin\"\u003e\u003ccode\u003e@​Barcavin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1894\"\u003ehuggingface/smolagents#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmphasise sandboxing is required; LocalPythonExecutor is not a security tool by \u003ca href=\"https://github.com/zsims\"\u003e\u003ccode\u003e@​zsims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2039\"\u003ehuggingface/smolagents#2039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix log_error rendering brackets as Rich markup by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2077\"\u003ehuggingface/smolagents#2077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport huggingface-hub \u0026gt;= 1 by \u003ca href=\"https://github.com/merveenoyan\"\u003e\u003ccode\u003e@​merveenoyan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2075\"\u003ehuggingface/smolagents#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused safe_serialization param from _websocket_run_code_raise_errors by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2131\"\u003ehuggingface/smolagents#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet allow_pickle default to False in internal calls by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2132\"\u003ehuggingface/smolagents#2132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Pin GitHub Actions to commit SHAs by \u003ca href=\"https://github.com/paulinebm\"\u003e\u003ccode\u003e@​paulinebm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2149\"\u003ehuggingface/smolagents#2149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump doc-builder SHA for PR upload workflow by \u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2194\"\u003ehuggingface/smolagents#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump doc-builder SHA for main doc build workflow by \u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2219\"\u003ehuggingface/smolagents#2219\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1884\"\u003ehuggingface/smolagents#1884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Michellehbn\"\u003e\u003ccode\u003e@​Michellehbn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1946\"\u003ehuggingface/smolagents#1946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dubin555\"\u003e\u003ccode\u003e@​dubin555\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2029\"\u003ehuggingface/smolagents#2029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsims\"\u003e\u003ccode\u003e@​zsims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2039\"\u003ehuggingface/smolagents#2039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paulinebm\"\u003e\u003ccode\u003e@​paulinebm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2149\"\u003ehuggingface/smolagents#2149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rtrompier\"\u003e\u003ccode\u003e@​rtrompier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/2194\"\u003ehuggingface/smolagents#2194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/smolagents/compare/v1.24.0...v1.25.0\"\u003ehttps://github.com/huggingface/smolagents/compare/v1.24.0...v1.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump version to 1.24 by \u003ca href=\"https://github.com/aymeric-roucher\"\u003e\u003ccode\u003e@​aymeric-roucher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1871\"\u003ehuggingface/smolagents#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Add backward compatibility for deprecated HfApiModel by \u003ca href=\"https://github.com/MohammadKassas143\"\u003e\u003ccode\u003e@​MohammadKassas143\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1863\"\u003ehuggingface/smolagents#1863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in secure_code_execution.md by \u003ca href=\"https://github.com/jonathanagustin\"\u003e\u003ccode\u003e@​jonathanagustin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1892\"\u003ehuggingface/smolagents#1892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate no-stop-sequence model list to support gpt-5.2* by \u003ca href=\"https://github.com/aymeric-roucher\"\u003e\u003ccode\u003e@​aymeric-roucher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1895\"\u003ehuggingface/smolagents#1895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix run_gaia.py token_counts when managed agent is called more than once by \u003ca href=\"https://github.com/suryabdev\"\u003e\u003ccode\u003e@​suryabdev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1878\"\u003ehuggingface/smolagents#1878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🌐 [i18n-KO] Translated \u003ccode\u003etools.md\u003c/code\u003e to Korean by \u003ca href=\"https://github.com/Kim-Ju-won\"\u003e\u003ccode\u003e@​Kim-Ju-won\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1835\"\u003ehuggingface/smolagents#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport passing additional params to apply_chat_template by \u003ca href=\"https://github.com/albertvillanova\"\u003e\u003ccode\u003e@​albertvillanova\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/smolagents/pull/1902\"\u003ehuggingface/smolagents#1902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/huggingface/smolagents/compare/v1.22.0...v1.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/485016a31b64e5aae93e5ce21b34517ce59ecf1d\"\u003e\u003ccode\u003e485016a\u003c/code\u003e\u003c/a\u003e chore: bump to 1.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/7b4ecd7c88ac96ba7b759187a4b6d109d9031ee0\"\u003e\u003ccode\u003e7b4ecd7\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/c304a216512e449d1440b159960ba319f4300d2b\"\u003e\u003ccode\u003ec304a21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/881\"\u003e#881\u003c/a\u003e from azmeuk/880-deprecation-warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/4165ada169ef9dfa41081b7071bc82420b665c1e\"\u003e\u003ccode\u003e4165ada\u003c/code\u003e\u003c/a\u003e fix: authlib.jose deprecation warning poping from _joserfc_helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...1.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-liquid` from 2.1.0 to 2.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jg-rp/liquid/releases\"\u003epython-liquid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e to reject absolute paths.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ereject_symlinks\u003c/code\u003e keyword argument to \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e. When \u003ccode\u003eTrue\u003c/code\u003e, symlinks pointing to files outside the search path will be rejected. \u003ccode\u003ereject_symlinks\u003c/code\u003e defaults to \u003ccode\u003eFalse\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003esquish\u003c/code\u003e filter. \u003ccode\u003e{{ x | squish }}\u003c/code\u003e is equivalent to \u003ccode\u003e{{ x | strip | split | join }}\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/195\"\u003e#195\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eBoundTemplate.comments()\u003c/code\u003e and \u003ccode\u003eBoundTemplate.docs()\u003c/code\u003e for statically retrieving \u003ccode\u003e{% comment %}\u003c/code\u003e, \u003ccode\u003e{% # inline comment %}\u003c/code\u003e and \u003ccode\u003e{% doc %}\u003c/code\u003e nodes.\u003c/li\u003e\n\u003cli\u003eAdded an \u003cstrong\u003eexperimental\u003c/strong\u003e \u003ccode\u003e{% snippet %}\u003c/code\u003e tag. Shopify/liquid released then quickly removed \u003ccode\u003e{% snippet %}\u003c/code\u003e. We're calling it \u0026quot;experimental\u0026quot; and keeping it disabled by default, pending more activity from Shopify/liquid. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/191\"\u003e#191\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImproved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with \u003ccode\u003e{% render %}\u003c/code\u003e. Now we visit partial templates once for each distinct set of arguments passed to \u003ccode\u003e{% render %}\u003c/code\u003e, potentially reporting \u0026quot;global\u0026quot; variables that we'd previously missed.\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003estring_filter\u003c/code\u003e decorator to coerce \u003ccode\u003eNone\u003c/code\u003e to an empty string instead of \u003ccode\u003e\u0026quot;None\u0026quot;\u003c/code\u003e. This is what Shopify/liquid does with \u003ccode\u003enil.to_s\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jg-rp/liquid/blob/main/CHANGES.md\"\u003epython-liquid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e to reject absolute paths.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ereject_symlinks\u003c/code\u003e keyword argument to \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e. When \u003ccode\u003eTrue\u003c/code\u003e, symlinks pointing to files outside the search path will be rejected. \u003ccode\u003ereject_symlinks\u003c/code\u003e defaults to \u003ccode\u003eFalse\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003esquish\u003c/code\u003e filter. \u003ccode\u003e{{ x | squish }}\u003c/code\u003e is equivalent to \u003ccode\u003e{{ x | strip | split | join }}\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/195\"\u003e#195\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eBoundTemplate.comments()\u003c/code\u003e and \u003ccode\u003eBoundTemplate.docs()\u003c/code\u003e for statically retrieving \u003ccode\u003e{% comment %}\u003c/code\u003e, \u003ccode\u003e{% # inline comment %}\u003c/code\u003e and \u003ccode\u003e{% doc %}\u003c/code\u003e nodes.\u003c/li\u003e\n\u003cli\u003eAdded an \u003cstrong\u003eexperimental\u003c/strong\u003e \u003ccode\u003e{% snippet %}\u003c/code\u003e tag. Shopify/liquid released then quickly removed \u003ccode\u003e{% snippet %}\u003c/code\u003e. We're calling it \u0026quot;experimental\u0026quot; and keeping it disabled by default, pending more activity from Shopify/liquid. See \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/191\"\u003e#191\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jg-rp/liquid/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImproved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with \u003ccode\u003e{% render %}\u003c/code\u003e. Now we visit partial templates once for each distinct set of arguments passed to \u003ccode\u003e{% render %}\u003c/code\u003e, potentially reporting \u0026quot;global\u0026quot; variables that we'd previously missed.\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003estring_filter\u003c/code\u003e decorator to coerce \u003ccode\u003eNone\u003c/code\u003e to an empty string instead of \u003ccode\u003e\u0026quot;None\u0026quot;\u003c/code\u003e. This is what Shopify/liquid does with \u003ccode\u003enil.to_s\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/e390178599a0a346e6ebabafec21285860b5cc8b\"\u003e\u003ccode\u003ee390178\u003c/code\u003e\u003c/a\u003e Release version 2.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/b9413b350dfca5fd49e9bdb78e29e4a2dc766d28\"\u003e\u003ccode\u003eb9413b3\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/f351620eb95f80cb0956332a8e338aaf6644746f\"\u003e\u003ccode\u003ef351620\u003c/code\u003e\u003c/a\u003e Fix caching loader constructor and update doc comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/e17b1f98df3afa44a677ce097348a03b9c486be1\"\u003e\u003ccode\u003ee17b1f9\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eis_file\u003c/code\u003e check and optionally reject symlinks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/1d9eeed8f38defe753120d708035afc6afff80ac\"\u003e\u003ccode\u003e1d9eeed\u003c/code\u003e\u003c/a\u003e Fix absolute paths escpae loader template root\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/011d2bdaf763e53ae309779700f1ae0ad69cee6a\"\u003e\u003ccode\u003e011d2bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/200\"\u003e#200\u003c/a\u003e from jg-rp/static-comment-helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/fb9c5821d266f3fedf6a7b09b2e74d2c75c3b672\"\u003e\u003ccode\u003efb9c582\u003c/code\u003e\u003c/a\u003e Add static comment helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/d2177cb481325b43c14b86b03a32f2af94c520ad\"\u003e\u003ccode\u003ed2177cb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/198\"\u003e#198\u003c/a\u003e from jg-rp/restore-docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/42270bfb9e99cbb6880f9829e83e63289b082a2d\"\u003e\u003ccode\u003e42270bf\u003c/code\u003e\u003c/a\u003e docs: restore the error handling section of the known issues page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jg-rp/liquid/commit/8981056013ad4109c0aff3b29e28857a9b1fd526\"\u003e\u003ccode\u003e8981056\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jg-rp/liquid/issues/195\"\u003e#195\u003c/a\u003e from jg-rp/squish\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jg-rp/liquid/compare/v2.1.0...v2.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rafaelfiguereod-stack/langflow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/rafaelfiguereod-stack/langflow/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rafaelfiguereod-stack%2Flangflow/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"1.6.10","new_version":"1.6.12","update_type":"patch","path":null,"pr_created_at":"2026-05-14T22:02:22.000Z","version_change":"1.6.10 → 1.6.12","issue":{"uuid":"4449631361","node_id":"PR_kwDOKdDCc87bsy8f","number":24734,"state":"closed","title":"build(deps): bump the uv group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-14T22:02:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T22:02:22.000Z","updated_at":"2026-05-14T22:02:37.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":17,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24734","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24734","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24734/packages"}}]}