{"id":968,"name":"cryptography","ecosystem":"pip","repository_url":"https://github.com/pyca/cryptography","issues_count":10008,"created_at":"2025-06-06T15:01:39.325Z","updated_at":"2025-06-06T15:01:39.325Z","purl":"pkg:pypi/cryptography","metadata":{"id":2683636,"name":"cryptography","ecosystem":"pypi","description":"cryptography is a package which provides cryptographic recipes and primitives to Python developers.","homepage":null,"licenses":"Apache-2.0 OR BSD-3-Clause","normalized_licenses":["Apache-2.0","BSD-3-Clause"],"repository_url":"https://github.com/pyca/cryptography","keywords_array":[],"namespace":null,"versions_count":142,"first_release_published_at":"2014-01-08T23:17:39.000Z","latest_release_published_at":"2025-05-25T14:16:12.000Z","latest_release_number":"45.0.3","last_synced_at":"2025-06-06T01:31:01.723Z","created_at":"2022-04-10T10:29:12.911Z","updated_at":"2025-06-06T01:31:01.723Z","registry_url":"https://pypi.org/project/cryptography/","install_command":"pip install cryptography --index-url https://pypi.org/simple","documentation_url":"https://cryptography.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","Natural Language :: English","Operating System :: MacOS :: MacOS X","Operating System :: Microsoft :: Windows","Operating System :: POSIX","Operating System :: POSIX :: BSD","Operating System :: POSIX :: Linux","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Security :: Cryptography"],"normalized_name":"cryptography"},"repo_metadata":{"id":9926844,"uuid":"11939484","full_name":"pyca/cryptography","owner":"pyca","description":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.","archived":false,"fork":false,"pushed_at":"2024-10-29T11:33:44.000Z","size":56737,"stargazers_count":6646,"open_issues_count":45,"forks_count":1524,"subscribers_count":130,"default_branch":"main","last_synced_at":"2024-10-29T13:10:47.492Z","etag":null,"topics":["cryptography","python"],"latest_commit_sha":null,"homepage":"https://cryptography.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyca.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.rst","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2013-08-07T02:23:38.000Z","updated_at":"2024-10-29T11:33:47.000Z","dependencies_parsed_at":"2023-09-24T14:02:14.320Z","dependency_job_id":"d5dc0f8b-3770-41b4-846d-990eeae096ae","html_url":"https://github.com/pyca/cryptography","commit_stats":{"total_commits":9815,"total_committers":318,"mean_commits":"30.864779874213838","dds":0.6791645440652063,"last_synced_commit":"a70c92c01faf75a32abc0836fd525154d0583b9d"},"previous_names":[],"tags_count":127,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222062278,"owners_count":16924718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"pyca","name":"Python Cryptographic Authority","uuid":"5615737","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/5615737?v=4","repositories_count":7,"last_synced_at":"2024-03-25T19:58:32.183Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/pyca","funding_links":[],"total_stars":9342,"followers":129,"following":0,"created_at":"2022-11-02T16:22:49.629Z","updated_at":"2024-03-25T19:58:34.188Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca/repositories"},"tags":[{"name":"42.0.5","sha":"33833f031d9d36234e11d9671be150d53b9e598d","kind":"tag","published_at":"2024-02-24T01:04:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.5/manifests"},{"name":"42.0.4","sha":"fe18470f7d05f963e7267e34fdf985d81ea6ceea","kind":"tag","published_at":"2024-02-21T02:55:17.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.4/manifests"},{"name":"42.0.3","sha":"c49a7a5271178c6e8ef36fa1c499f62c63ec19b9","kind":"tag","published_at":"2024-02-16T03:42:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.3/manifests"},{"name":"42.0.2","sha":"2202123b50de1b8788f909a3e5afe350c56ad81e","kind":"tag","published_at":"2024-01-30T17:24:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.2/manifests"},{"name":"42.0.1","sha":"337437dc2e62772bde4ad5544f4b1db9ee7572d9","kind":"tag","published_at":"2024-01-25T02:32:06.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.1/manifests"},{"name":"42.0.0","sha":"4e64baf360a3a89bd92582f59344c12b5c0bd3fd","kind":"tag","published_at":"2024-01-23T01:07:16.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.0/manifests"},{"name":"41.0.7","sha":"4054596afc6f2b6cfcc54f56c35c34e0e429cb66","kind":"tag","published_at":"2023-11-28T00:35:07.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.7","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.7/manifests"},{"name":"41.0.6","sha":"f09c261ca10a31fe41b1262306db7f8f1da0e48a","kind":"tag","published_at":"2023-11-27T19:38:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.6","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.6/manifests"},{"name":"41.0.5","sha":"5012bedaef2dc60af3955306774b77ef379116e3","kind":"tag","published_at":"2023-10-24T16:02:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.5/manifests"},{"name":"41.0.4","sha":"fc11bce6930e591ce26a2317b31b9ce2b3e25512","kind":"tag","published_at":"2023-09-19T16:20:30.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.4/manifests"},{"name":"41.0.3","sha":"b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d","kind":"tag","published_at":"2023-08-01T20:02:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.3/manifests"},{"name":"41.0.2","sha":"7431db737cf0407560fac689d24f1d2e5efc349d","kind":"tag","published_at":"2023-07-11T03:13:51.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.2/manifests"},{"name":"41.0.1","sha":"d02de9f26e9a2353e89427c1cea8b9ed2bae969e","kind":"tag","published_at":"2023-06-01T12:20:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.1/manifests"},{"name":"41.0.0","sha":"c4d494fd3ee907316bd846e90cbf4a8df75a25ac","kind":"tag","published_at":"2023-05-30T21:37:07.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.0/manifests"},{"name":"40.0.2","sha":"f816b457494e010b655cd7fdcd30e3446f86a703","kind":"tag","published_at":"2023-04-14T12:23:51.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.2/manifests"},{"name":"40.0.1","sha":"9dd0b26c48f567d5a7c4a0bc9f45ef2176a2d4a4","kind":"tag","published_at":"2023-03-25T01:12:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.1/manifests"},{"name":"40.0.0","sha":"45e37718098edca2c5ac2135394bcf17fd7982f0","kind":"tag","published_at":"2023-03-24T04:23:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.0/manifests"},{"name":"39.0.2","sha":"125b149dc0bd9db33b08455b66c0f1586b8ce257","kind":"tag","published_at":"2023-03-02T20:51:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.2/manifests"},{"name":"39.0.1","sha":"d6951dca25de45abd52da51b608055371fbcde4e","kind":"tag","published_at":"2023-02-07T19:21:00.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.1/manifests"},{"name":"39.0.0","sha":"338a65a7df74e189f6b5d1d3a6315ffa911b21c2","kind":"tag","published_at":"2023-01-02T03:08:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.0/manifests"},{"name":"38.0.4","sha":"c18d0567386414efa3caef7ed586c4ca75bf3a8b","kind":"tag","published_at":"2022-11-27T18:53:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.4/manifests"},{"name":"38.0.3","sha":"7d9c6c3d6a211091281c1cbe2a2fa1597ffb7c49","kind":"tag","published_at":"2022-11-01T21:21:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.3/manifests"},{"name":"38.0.2","sha":"277ee0d58c6c8cfc9517df35c8a020bea33bddf4","kind":"tag","published_at":"2022-10-11T18:06:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.2/manifests"},{"name":"38.0.1","sha":"3ff52182ba6e7f1a063079d48ed5c21616918d70","kind":"tag","published_at":"2022-09-07T12:24:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.1/manifests"},{"name":"38.0.0","sha":"52d6f1a491f6ade379ace124b843ffba9fb4ab4f","kind":"tag","published_at":"2022-09-06T23:50:39.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.0/manifests"},{"name":"37.0.4","sha":"7ad17d819affb996c6681c6aac57e43184c54865","kind":"tag","published_at":"2022-07-05T13:23:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.4/manifests"},{"name":"37.0.3","sha":"b71c39202ba2d7dfb7a89215e04946e7fbf92896","kind":"tag","published_at":"2022-06-21T18:55:28.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.3/manifests"},{"name":"37.0.2","sha":"5954a52f0900569a83138d71ec1c04971452ea5b","kind":"tag","published_at":"2022-05-04T00:34:56.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.2/manifests"},{"name":"37.0.1","sha":"3fb93cfde75d073a91bc4a73a51f62962092501e","kind":"tag","published_at":"2022-04-27T22:26:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.1/manifests"},{"name":"37.0.0","sha":"e0f6f38433e3a1cb57509dec1bec9107cbbe827d","kind":"tag","published_at":"2022-04-26T14:05:57.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.0/manifests"},{"name":"36.0.2","sha":"df06889f348d7c3b7e9c35e4e5a1b1480f0b2c5a","kind":"tag","published_at":"2022-03-15T22:10:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.2/manifests"},{"name":"36.0.1","sha":"3fd9d5a8424eef3e08260a622ae3644777ac5339","kind":"tag","published_at":"2021-12-14T22:01:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.1/manifests"},{"name":"36.0.0","sha":"5d21990c32d0f93df4e54ef4ee7ff3a2dae3c3da","kind":"tag","published_at":"2021-11-21T21:29:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.0/manifests"},{"name":"35.0.0","sha":"c7fbef767a94ee1569ae0630006fdb144d6a4e8d","kind":"tag","published_at":"2021-09-30T01:20:47.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/35.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/35.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/35.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/35.0.0/manifests"},{"name":"3.4.8","sha":"70ccc2542cf3bf374861b55f6527424307722763","kind":"tag","published_at":"2021-08-24T17:18:00.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.8","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.8/manifests"},{"name":"3.4.7","sha":"a19014a087759f3df72b2cd70ed7a0d8a6481340","kind":"tag","published_at":"2021-03-25T17:20:38.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.7","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.7/manifests"},{"name":"3.4.6","sha":"75b002ae7fb1f263fdd4983d0c23493878e127fe","kind":"tag","published_at":"2021-02-16T20:27:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.6","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.6/manifests"},{"name":"3.4.5","sha":"4d77fb9d3edab81652210da81a5af7fe6aa79d60","kind":"tag","published_at":"2021-02-13T22:35:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.5","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.5/manifests"},{"name":"3.4.4","sha":"4a3018e6ae3e04a250be9fd1c1a1ad115727f517","kind":"tag","published_at":"2021-02-09T19:28:03.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.4","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.4/manifests"},{"name":"3.4.3","sha":"86c9e4a763579d6b2369db83064c0c4b8e9c1c77","kind":"tag","published_at":"2021-02-09T04:28:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.3","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.3/manifests"},{"name":"3.4.2","sha":"74a3df42c43d341014a4a6f111804f304a446902","kind":"tag","published_at":"2021-02-08T16:27:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.2/manifests"},{"name":"3.4.1","sha":"ebde3be7ef92658bfbc322476a6f2604f41639fb","kind":"tag","published_at":"2021-02-07T21:54:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.1/manifests"},{"name":"3.4","sha":"2c11ad53c07179e03ea2f60813cb52d83f766292","kind":"tag","published_at":"2021-02-07T18:29:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4/manifests"},{"name":"3.3.2","sha":"82b6ce28389f0a317bc55ba2091a74b346db7cae","kind":"tag","published_at":"2021-02-07T16:39:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.2/manifests"},{"name":"3.3.1","sha":"1ff0d50948bbb6f2aa53d5648f1188a567d941cd","kind":"tag","published_at":"2020-12-10T02:17:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.1/manifests"},{"name":"3.3","sha":"7e8fff73cf0c597fe2df34daf2027506f84b9d3b","kind":"tag","published_at":"2020-12-09T00:29:24.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3/manifests"},{"name":"3.2.1","sha":"0c7592c34fd58f0634f493d6ce542ab35d940b26","kind":"tag","published_at":"2020-10-28T03:17:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2.1/manifests"},{"name":"3.2","sha":"c9e65222c91df8b6f61650a3460e30232962c1e0","kind":"tag","published_at":"2020-10-26T02:11:09.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2/manifests"},{"name":"3.1.1","sha":"d4e17ea937a50d69f615f7fe53d0482bd8660bb9","kind":"tag","published_at":"2020-09-22T16:54:53.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1.1/manifests"},{"name":"3.1","sha":"ba2c0e5e3e4fb242b80474d2ff7368c91e7ebeaf","kind":"tag","published_at":"2020-08-27T04:34:43.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1/manifests"},{"name":"3.0","sha":"b0d9bdcfc9659fffcb1d539cb00130f8fda3d011","kind":"tag","published_at":"2020-07-20T21:41:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.0","html_url":"https://github.com/pyca/cryptography/releases/tag/3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.0/manifests"},{"name":"2.9.2","sha":"9263178a208716bfb7b0e4fbe6aadf8c942e8547","kind":"tag","published_at":"2020-04-22T22:28:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.2/manifests"},{"name":"2.9.1","sha":"6199f620ed4e765cc57f49c366f46a576bf17f3d","kind":"tag","published_at":"2020-04-21T15:22:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.1/manifests"},{"name":"2.9","sha":"81b7fc65460247c4212efd9484779d8b3e516c26","kind":"tag","published_at":"2020-04-02T19:44:26.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9/manifests"},{"name":"2.8","sha":"25494f96d57b8995ee2fde099146b1192582ee1b","kind":"tag","published_at":"2019-10-17T13:00:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.8","html_url":"https://github.com/pyca/cryptography/releases/tag/2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.8/manifests"},{"name":"2.7","sha":"9c2637d7ee1e5e7ce66fb8838f6b3f1e8c106242","kind":"tag","published_at":"2019-05-30T23:36:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.7","html_url":"https://github.com/pyca/cryptography/releases/tag/2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.7/manifests"},{"name":"2.6.1","sha":"e4570532541be7284f7d6660a429eb12edf8b027","kind":"tag","published_at":"2019-02-27T23:28:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.6.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6.1/manifests"},{"name":"2.6","sha":"da259203be156990efff49c0ad8d1afaba1791cc","kind":"tag","published_at":"2019-02-27T14:00:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.6","html_url":"https://github.com/pyca/cryptography/releases/tag/2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6/manifests"},{"name":"2.5","sha":"83aa36dd407d0eb9a10e20cc35c51274174cd5bc","kind":"tag","published_at":"2019-01-22T16:44:26.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.5","html_url":"https://github.com/pyca/cryptography/releases/tag/2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.5/manifests"},{"name":"2.4.2","sha":"704fe0fcaf206462b6a994ab69ad302601d9fad3","kind":"tag","published_at":"2018-11-21T03:08:45.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.2/manifests"},{"name":"2.4.1","sha":"db08466131a2d495e4bf58e34bf8d0090be04a2d","kind":"tag","published_at":"2018-11-12T01:02:03.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.1/manifests"},{"name":"2.4","sha":"5e52fdc5f8f3b6c970051c1bf3325b2d0ed8a5db","kind":"tag","published_at":"2018-11-12T00:12:27.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4/manifests"},{"name":"2.3.1","sha":"16f43545751bb24cee79cccba453d49992a7cc6c","kind":"tag","published_at":"2018-08-14T17:37:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3.1/manifests"},{"name":"2.3","sha":"0a846e294806478770469219a26cd49dcb5502d7","kind":"tag","published_at":"2018-07-18T11:57:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3/manifests"},{"name":"2.2.2","sha":"4ec6a48d5cb99636fe8e99e29d1a9221dcce8fde","kind":"tag","published_at":"2018-03-27T16:43:12.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.2/manifests"},{"name":"2.2.1","sha":"4eaa511c62ecaf2f3d0b31a8b4f90fa0114e4468","kind":"tag","published_at":"2018-03-20T23:56:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.1/manifests"},{"name":"2.2","sha":"4601fbab9552b0fc938ae3864e9c14e4476231c0","kind":"tag","published_at":"2018-03-19T02:57:11.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2/manifests"},{"name":"2.1.4","sha":"ed5a7717a50edd3b0a9b7c729b2281dabd18390d","kind":"tag","published_at":"2017-11-30T01:55:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.4","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.4/manifests"},{"name":"2.1.3","sha":"2219ea7609eaacfa2d09f80d1baf60be7af5eaca","kind":"tag","published_at":"2017-11-02T19:01:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.3/manifests"},{"name":"2.1.2","sha":"106de1cb976c8ab7057484cb555979bb27e2430e","kind":"tag","published_at":"2017-10-24T15:47:33.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"85fa6ce5b29f94e27f1b712da015c2039cd108f9","kind":"tag","published_at":"2017-10-12T05:14:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.1/manifests"},{"name":"2.1","sha":"0ed0e7e87b5e83270f4aca4efc630790c1fea429","kind":"tag","published_at":"2017-10-11T12:48:20.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1/manifests"},{"name":"2.0.3","sha":"87a6dcae8a527d6e0b5c8feabfa768cd8fa6e264","kind":"tag","published_at":"2017-08-03T21:51:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.3/manifests"},{"name":"2.0.2","sha":"38a2d0b94852bcd4d017ee77cb6dec8dee3ce2ae","kind":"tag","published_at":"2017-07-27T03:25:52.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.2/manifests"},{"name":"2.0.1","sha":"e758aa6066f79a4181ba8183112e1f4477bcce1b","kind":"tag","published_at":"2017-07-26T20:16:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.1/manifests"},{"name":"2.0","sha":"9799e580c6b073a0a612bdc4f120365940d0da3d","kind":"tag","published_at":"2017-07-17T15:24:46.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0/manifests"},{"name":"1.9","sha":"23ead43fd70df17828937dac9521df1753ce9407","kind":"tag","published_at":"2017-05-30T02:20:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.9","html_url":"https://github.com/pyca/cryptography/releases/tag/1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.9/manifests"},{"name":"1.8.2","sha":"bd54a2c68f7771abde5ef9e8c30a1f73d5614e47","kind":"tag","published_at":"2017-05-26T06:36:22.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.2/manifests"},{"name":"1.8.1","sha":"6c5a519f9b382a1746c1bda5f01aaeb2809250ef","kind":"tag","published_at":"2017-03-10T03:59:27.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.1/manifests"},{"name":"1.8","sha":"928e4ee28564359973298624cf023ae5ea7f62c3","kind":"tag","published_at":"2017-03-10T02:57:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8/manifests"},{"name":"1.7.2","sha":"86b8b865b622fa8e81bb6f436c064a1e9476b4fd","kind":"tag","published_at":"2017-01-27T15:13:56.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.2/manifests"},{"name":"1.7.1","sha":"605b918a9df69cfb1773d4b16ee03b42a002ec88","kind":"tag","published_at":"2016-12-13T22:53:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.1/manifests"},{"name":"1.7","sha":"5df72e82c0156b0e60d355c5c03c85dcf2e694fb","kind":"tag","published_at":"2016-12-12T18:18:24.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7/manifests"},{"name":"1.6","sha":"4a2f36bc11342ca15cb49bfc313c20bbd4a045ae","kind":"tag","published_at":"2016-11-22T03:11:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.6","html_url":"https://github.com/pyca/cryptography/releases/tag/1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.6/manifests"},{"name":"1.5.3","sha":"090ece652bf47ee5bd081b6eab4c8e6953276752","kind":"tag","published_at":"2016-11-06T04:08:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.3/manifests"},{"name":"1.5.2","sha":"cad77746539f504d53eb1bf9b278ec081ab8040a","kind":"tag","published_at":"2016-09-26T20:22:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"1ed0235eae895d09b4702d8cf592050fbe9364ef","kind":"tag","published_at":"2016-09-22T20:08:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.1/manifests"},{"name":"1.5","sha":"c0ee738a8460dc3551758400772978ed62a84d46","kind":"tag","published_at":"2016-08-26T15:13:13.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5/manifests"},{"name":"1.4","sha":"69365ce2041081fe6b109496bbb9c56f86ccb7b5","kind":"tag","published_at":"2016-06-04T17:07:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.4","html_url":"https://github.com/pyca/cryptography/releases/tag/1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.4/manifests"},{"name":"1.3.4","sha":"35fedcb1966dcaf610df79dbaaaf3545d3dbb189","kind":"tag","published_at":"2016-06-03T03:09:11.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.4","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"9863d7334864a3eb5e43a2e698a32a4e6b6c7b14","kind":"tag","published_at":"2016-06-02T21:43:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.3/manifests"},{"name":"1.3.2","sha":"afcd8f5ad8eb21f13be308c5183ef34ad28f9987","kind":"tag","published_at":"2016-05-04T16:09:45.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"17259f2d701979fdd5647574dec77ec08199e551","kind":"tag","published_at":"2016-03-21T21:45:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.1/manifests"},{"name":"1.3","sha":"bf1566ec4be14110cbca5a36ee339a76ac9f6272","kind":"tag","published_at":"2016-03-18T13:10:53.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3/manifests"},{"name":"1.2.3","sha":"cd7ee203c8459ff74a2cd782013ba1c05793130c","kind":"tag","published_at":"2016-03-02T02:10:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.3/manifests"},{"name":"1.2.2","sha":"5b32344deadf371f3a5301ac4c71508eb1a6cf17","kind":"tag","published_at":"2016-01-29T19:27:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"80543674d13b44ca9030b83443a1d922d492df1e","kind":"tag","published_at":"2016-01-08T21:28:50.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.1/manifests"},{"name":"1.2","sha":"a617ee9d10f875b88db0c76eb18734537bc83904","kind":"tag","published_at":"2016-01-08T15:38:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2/manifests"},{"name":"1.1.2","sha":"d0237e6dcdbbedaa50f88b6cf821f9944b734678","kind":"tag","published_at":"2015-12-10T19:54:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.2/manifests"},{"name":"1.1.1","sha":"a9d5ffb0c4dda2e5ddc6f14ec68be99ddc3d69b1","kind":"tag","published_at":"2015-11-19T04:01:52.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.1/manifests"},{"name":"1.1","sha":"246a44e78c0d370452b3c5508d5fdabbb1b04c99","kind":"tag","published_at":"2015-10-28T22:26:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1/manifests"},{"name":"1.0.2","sha":"612e72e2d794c58bc413a3062e664dcc1a1259ee","kind":"tag","published_at":"2015-09-27T13:52:09.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.2/manifests"},{"name":"1.0.1","sha":"34cb7cd8bc9c4c6dad38c3ea5285996cbea60162","kind":"tag","published_at":"2015-09-06T01:54:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.1/manifests"},{"name":"1.0","sha":"4abba0474a751192b5abbd5a97c1817021aae337","kind":"tag","published_at":"2015-08-12T13:38:22.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0/manifests"},{"name":"0.9.3","sha":"c08a0dcf09ffa517a2c7df6d2fe7fcfabd6e14e4","kind":"tag","published_at":"2015-07-09T14:41:31.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.3/manifests"},{"name":"0.9.2","sha":"b2ac9e59e069aa973c837da202cb459cb733530f","kind":"tag","published_at":"2015-07-03T22:57:29.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.2/manifests"},{"name":"0.9.1","sha":"bd17d14bd05d49e3a851cabbc863f74ee5c86702","kind":"tag","published_at":"2015-06-06T21:23:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.1/manifests"},{"name":"0.9","sha":"6199d8f04310aa22e862f8936fe47d895788daf3","kind":"tag","published_at":"2015-05-14T01:39:47.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9/manifests"},{"name":"0.8.2","sha":"8622f0e8c530a7326d885aeb47daa081e66b5ab1","kind":"tag","published_at":"2015-04-11T01:52:50.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.2/manifests"},{"name":"0.8.1","sha":"53f947e99e972ef669f833a19b3d36e3fbd7b5da","kind":"tag","published_at":"2015-03-20T15:22:46.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.1/manifests"},{"name":"0.8","sha":"3dd326767b34980f3095c67251d77a86bc9202fe","kind":"tag","published_at":"2015-03-09T04:49:31.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8/manifests"},{"name":"0.7.2","sha":"9ac7d55150c8410a08ee3b00b89bfeac3dbd8e8f","kind":"tag","published_at":"2015-01-16T14:15:57.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.2/manifests"},{"name":"0.7.1","sha":"9a4f1a0f6c89e3e56b955e5acc6c0001e418443d","kind":"tag","published_at":"2014-12-29T01:47:43.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.1/manifests"},{"name":"0.7","sha":"4597edf00274c71c1f71f0e75d0c6bcfd62dcb8a","kind":"tag","published_at":"2014-12-18T03:26:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7/manifests"},{"name":"0.6.1","sha":"3406be8667d35ed55ef8dc64822e9009d0386696","kind":"tag","published_at":"2014-10-16T04:10:17.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.6.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6.1/manifests"},{"name":"0.6","sha":"b2ab5ef112f8de507d2db72fdf4a5fa698a954e0","kind":"tag","published_at":"2014-09-30T02:27:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.6","html_url":"https://github.com/pyca/cryptography/releases/tag/0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6/manifests"},{"name":"0.5.4","sha":"93281bfa89342ed9ccf48cb391b1f19cdb4fe78c","kind":"tag","published_at":"2014-08-21T06:02:10.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.4","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.4/manifests"},{"name":"0.5.3","sha":"c787791c8fed109e128b577cfb7594d2aab8e3b6","kind":"tag","published_at":"2014-08-07T15:25:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.3/manifests"},{"name":"0.5.2","sha":"544523f97f182157f8b27342ae11ef3520a49c62","kind":"tag","published_at":"2014-07-10T01:24:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.2/manifests"},{"name":"0.5.1","sha":"d329d535d0a1598eae8dd63fd6d65ab7f5d30ad4","kind":"tag","published_at":"2014-07-08T03:01:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.1/manifests"},{"name":"0.5","sha":"e4b1e854e0482ae4bc363f7938ad5b214c124d9f","kind":"tag","published_at":"2014-07-07T18:03:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5/manifests"},{"name":"0.4","sha":"0520c2973509f6a45d2ad06dc2d84a85958887b3","kind":"tag","published_at":"2014-05-03T14:33:59.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.4/manifests"},{"name":"0.3","sha":"e0d2e1ea7367e05197634c8c869678b7b169c102","kind":"tag","published_at":"2014-03-27T21:01:33.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.3/manifests"},{"name":"0.2.2","sha":"f36fcdbd055c236641e8704bfa559d8bbf274b61","kind":"tag","published_at":"2014-03-04T01:53:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.2/manifests"},{"name":"0.2.1","sha":"aa4692c112d756fc12980f7039b030caec27bc0d","kind":"tag","published_at":"2014-02-22T21:35:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.1/manifests"},{"name":"0.2","sha":"6a364d5262905d00ae422d24d91af822b87e899d","kind":"tag","published_at":"2014-02-20T19:46:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2/manifests"},{"name":"0.1","sha":"ec688200e2dde5cef94fe2eb60fa2f8f820eab47","kind":"tag","published_at":"2014-01-08T23:15:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2024-10-30T00:55:48.279Z","dependent_packages_count":3396,"downloads":374813273,"downloads_period":"last-month","dependent_repos_count":131580,"rankings":{"downloads":0.0027512486083267453,"dependent_repos_count":0.006786413233872639,"dependent_packages_count":0.008620578972757136,"stargazers_count":0.7545757849770821,"forks_count":1.5489529664879578,"docker_downloads_count":0.0014673325911075978,"average":0.3871923874785173},"purl":"pkg:pypi/cryptography","advisories":[{"uuid":"GSA_kwCzR0hTQS03OXY0LTY1eGctcHE0Z84ABEUU","url":"https://github.com/advisories/GHSA-79v4-65xg-pq4g","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2025-02-11T18:06:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g","https://openssl-library.org/news/secadv/20250211.txt","https://nvd.nist.gov/vuln/detail/CVE-2024-12797","https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9","https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7","https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699","http://www.openwall.com/lists/oss-security/2025/02/11/3","http://www.openwall.com/lists/oss-security/2025/02/11/4","https://github.com/advisories/GHSA-79v4-65xg-pq4g"],"source_kind":"github","identifiers":["GHSA-79v4-65xg-pq4g","CVE-2024-12797"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"44.0.1","vulnerable_version_range":"\u003e= 42.0.0, \u003c 44.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2025-02-11T19:07:29.680Z","updated_at":"2025-02-12T18:20:08.000Z","epss_percentage":0.0013,"epss_percentile":0.33844},{"uuid":"GSA_kwCzR0hTQS1oNGdoLXFxNDUtdmgyN84AA_QU","url":"https://github.com/advisories/GHSA-h4gh-qq45-vh27","title":"pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-09-03T21:59:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27","https://openssl-library.org/news/secadv/20240903.txt","https://github.com/advisories/GHSA-h4gh-qq45-vh27"],"source_kind":"github","identifiers":["GHSA-h4gh-qq45-vh27"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"43.0.1","vulnerable_version_range":"\u003e= 37.0.0, \u003c 43.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-09-03T22:05:59.113Z","updated_at":"2024-09-03T21:59:48.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS1xM2NqLTJyMzQtMmN3Y84AAbxz","url":"https://github.com/advisories/GHSA-q3cj-2r34-2cwc","title":"Improper input validation in cryptography","description":"HKDF in cryptography before 1.5.3 returns an empty byte-string if used with a length less than algorithm.digest_size.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:51:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9243","https://github.com/pyca/cryptography/issues/3211","https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874","https://cryptography.io/en/latest/changelog","http://www.openwall.com/lists/oss-security/2016/11/09/2","http://www.ubuntu.com/usn/USN-3138-1","https://cryptography.io/en/latest/changelog/#v1-5-3","https://github.com/advisories/GHSA-q3cj-2r34-2cwc","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml","http://www.securityfocus.com/bid/94216","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT"],"source_kind":"github","identifiers":["GHSA-q3cj-2r34-2cwc","CVE-2016-9243"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"1.5.3","vulnerable_version_range":"\u003c 1.5.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:12:18.669Z","updated_at":"2024-09-13T20:08:28.000Z","epss_percentage":0.01644,"epss_percentile":0.80875},{"uuid":"GSA_kwCzR0hTQS1jZjdwLWdtMm0tODMzbc4AA0t4","url":"https://github.com/advisories/GHSA-cf7p-gm2m-833m","title":"cryptography mishandles SSH certificates","description":"The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-07-14T21:31:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-38325","https://github.com/pyca/cryptography/issues/9207","https://github.com/pyca/cryptography/pull/9208","https://github.com/pyca/cryptography/compare/41.0.1...41.0.2","https://pypi.org/project/cryptography/#history","https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3","https://github.com/pyca/cryptography/pull/7960","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK","https://security.netapp.com/advisory/ntap-20230824-0010","https://github.com/advisories/GHSA-cf7p-gm2m-833m"],"source_kind":"github","identifiers":["GHSA-cf7p-gm2m-833m","CVE-2023-38325"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"41.0.2","vulnerable_version_range":"\u003e= 40.0.0, \u003c 41.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-07-14T23:03:45.263Z","updated_at":"2024-09-13T20:06:13.000Z","epss_percentage":0.00791,"epss_percentile":0.72554},{"uuid":"GSA_kwCzR0hTQS13N3BwLW04d2Ytdmo2cs4AAxeE","url":"https://github.com/advisories/GHSA-w7pp-m8wf-vj6r","title":"Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf","description":"Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n\u003e\u003e\u003e outbuf = b\"\\x00\" * 32\n\u003e\u003e\u003e c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n\u003e\u003e\u003e c.update_into(b\"\\x00\" * 16, outbuf)\n16\n\u003e\u003e\u003e outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-02-07T20:54:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r","https://nvd.nist.gov/vuln/detail/CVE-2023-23931","https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e","https://github.com/pyca/cryptography/pull/8230","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml","https://github.com/advisories/GHSA-w7pp-m8wf-vj6r"],"source_kind":"github","identifiers":["GHSA-w7pp-m8wf-vj6r","CVE-2023-23931"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":35.32241018622205,"packages":[{"versions":[{"first_patched_version":"39.0.1","vulnerable_version_range":"\u003e= 1.8, \u003c 39.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-02-07T21:03:06.064Z","updated_at":"2025-05-20T01:11:33.997Z","epss_percentage":0.00737,"epss_percentile":0.71625},{"uuid":"GSA_kwCzR0hTQS14NHFyLTJmdmYtM21yNc4AAxfn","url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0  are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-02-08T22:17:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5","https://nvd.nist.gov/vuln/detail/CVE-2023-0286","https://rustsec.org/advisories/RUSTSEC-2023-0006.html","https://www.openssl.org/news/secadv/20230207.txt","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d","https://access.redhat.com/security/cve/cve-2023-0286","https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt","https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig","https://security.gentoo.org/glsa/202402-08","https://github.com/advisories/GHSA-x4qr-2fvf-3mr5"],"source_kind":"github","identifiers":["GHSA-x4qr-2fvf-3mr5","CVE-2023-0286"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"300.0.12","vulnerable_version_range":"\u003e= 300.0.0, \u003c 300.0.12"},{"first_patched_version":"111.25.0","vulnerable_version_range":"\u003c 111.25.0"}],"ecosystem":"cargo","package_name":"openssl-src"},{"versions":[{"first_patched_version":"39.0.1","vulnerable_version_range":"\u003e= 0.8.1, \u003c 39.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-02-08T23:03:18.370Z","updated_at":"2025-05-20T01:11:58.159Z","epss_percentage":0.91013,"epss_percentile":0.99606},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnZ20tanBnMy12NDc2","url":"https://github.com/advisories/GHSA-hggm-jpg3-v476","title":"RSA decryption vulnerable to Bleichenbacher timing vulnerability","description":"RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2. ","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-10-27T20:33:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476","https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494","https://nvd.nist.gov/vuln/detail/CVE-2020-25659","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/pyca/cryptography/pull/5507","https://github.com/advisories/GHSA-hggm-jpg3-v476","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml","https://pypi.org/project/cryptography"],"source_kind":"github","identifiers":["GHSA-hggm-jpg3-v476","CVE-2020-25659"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":41.977357032901566,"packages":[{"versions":[{"first_patched_version":"3.2","vulnerable_version_range":"\u003c 3.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:13:13.271Z","updated_at":"2024-11-18T16:26:10.000Z","epss_percentage":0.00343,"epss_percentile":0.55927},{"uuid":"GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN","url":"https://github.com/advisories/GHSA-6vqw-3v5j-54x4","title":"cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override","description":"If `pkcs12.serialize_key_and_certificates` is called with both:\n\n1. A certificate whose public key did not match the provided private key\n2. An `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`\n\nThen a NULL pointer dereference would occur, crashing the Python process.\n\nThis has been resolved, and now a `ValueError` is properly raised.\n\nPatched in https://github.com/pyca/cryptography/pull/10423","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-21T18:04:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4","https://github.com/pyca/cryptography/pull/10423","https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55","https://nvd.nist.gov/vuln/detail/CVE-2024-26130","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml","https://github.com/advisories/GHSA-6vqw-3v5j-54x4"],"source_kind":"github","identifiers":["GHSA-6vqw-3v5j-54x4","CVE-2024-26130"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"42.0.4","vulnerable_version_range":"\u003e= 38.0.0, \u003c 42.0.4"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-21T19:04:44.408Z","updated_at":"2025-02-06T18:07:26.000Z","epss_percentage":0.00257,"epss_percentile":0.48893},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJobTktcDl3NS1md203","url":"https://github.com/advisories/GHSA-rhm9-p9w5-fwm7","title":"PyCA Cryptography symmetrically encrypting large values can lead to integer overflow","description":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of `update()` calls with large values (multiple GBs) for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of buffers. This is patched in version 3.3.2 and newer.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-02-10T01:32:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7","https://nvd.nist.gov/vuln/detail/CVE-2020-36242","https://github.com/pyca/cryptography/issues/5615","https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst","https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae","https://github.com/pyca/cryptography/compare/3.3.1...3.3.2","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-rhm9-p9w5-fwm7","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E"],"source_kind":"github","identifiers":["GHSA-rhm9-p9w5-fwm7","CVE-2020-36242"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":45.048870962138274,"packages":[{"versions":[{"first_patched_version":"3.3.2","vulnerable_version_range":"\u003e= 3.1, \u003c 3.3.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:12:32.811Z","updated_at":"2025-05-20T01:09:28.307Z","epss_percentage":0.01307,"epss_percentile":0.78723},{"uuid":"GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w","url":"https://github.com/advisories/GHSA-v8gr-m533-ghj9","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-09-21T17:07:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9","https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512","https://github.com/advisories/GHSA-v8gr-m533-ghj9"],"source_kind":"github","identifiers":["GHSA-v8gr-m533-ghj9"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.4","vulnerable_version_range":"\u003e= 2.5, \u003c 41.0.4"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-09-21T18:05:56.673Z","updated_at":"2023-09-21T17:07:01.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq","url":"https://github.com/advisories/GHSA-3ww4-gg4f-jr7f","title":"Python Cryptography package vulnerable to Bleichenbacher timing oracle attack","description":"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-05T21:30:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-50782","https://access.redhat.com/security/cve/CVE-2023-50782","https://bugzilla.redhat.com/show_bug.cgi?id=2254432","https://github.com/pyca/cryptography/issues/9785","https://github.com/advisories/GHSA-3ww4-gg4f-jr7f"],"source_kind":"github","identifiers":["GHSA-3ww4-gg4f-jr7f","CVE-2023-50782"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"42.0.0","vulnerable_version_range":"\u003c 42.0.0"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-06T00:04:47.789Z","updated_at":"2024-08-08T05:10:55.000Z","epss_percentage":0.00521,"epss_percentile":0.65731},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjZjktM3F3My1neG1q","url":"https://github.com/advisories/GHSA-fcf9-3qw3-gxmj","title":"PyCA Cryptography vulnerable to GCM tag forgery","description":"A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-07-31T18:28:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-10903","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903","https://github.com/pyca/cryptography/pull/4342","https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb","https://access.redhat.com/errata/RHSA-2018:3600","https://github.com/advisories/GHSA-fcf9-3qw3-gxmj","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml","https://usn.ubuntu.com/3720-1"],"source_kind":"github","identifiers":["GHSA-fcf9-3qw3-gxmj","CVE-2018-10903"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"2.3","vulnerable_version_range":"\u003e= 1.9.0, \u003c 2.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:13:36.794Z","updated_at":"2024-09-13T18:13:04.000Z","epss_percentage":0.00327,"epss_percentile":0.54837},{"uuid":"GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw","url":"https://github.com/advisories/GHSA-jfhm-5ghh-2f97","title":"cryptography vulnerable to NULL-dereference when loading PKCS7 certificates","description":"### Summary\n\nCalling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault.\n\n### PoC\nHere is a Python code that triggers the issue:\n```python\nfrom cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates\n\npem_p7 = b\"\"\"\n-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n\"\"\"\n\nder_p7 = b\"\\x30\\x0B\\x06\\x09\\x2A\\x86\\x48\\x86\\xF7\\x0D\\x01\\x07\\x02\"\n\nload_pem_pkcs7_certificates(pem_p7)\nload_der_pkcs7_certificates(der_p7)\n```\n\n### Impact\nExploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-11-28T20:46:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97","https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a","https://nvd.nist.gov/vuln/detail/CVE-2023-49083","https://github.com/pyca/cryptography/pull/9926","http://www.openwall.com/lists/oss-security/2023/11/29/2","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV","https://github.com/advisories/GHSA-jfhm-5ghh-2f97"],"source_kind":"github","identifiers":["GHSA-jfhm-5ghh-2f97","CVE-2023-49083"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.6","vulnerable_version_range":"\u003e= 3.1, \u003c 41.0.6"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-11-28T21:06:00.277Z","updated_at":"2024-02-20T18:14:36.000Z","epss_percentage":0.00457,"epss_percentile":0.62805},{"uuid":"GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V","url":"https://github.com/advisories/GHSA-jm77-qphf-c4w8","title":"pyca/cryptography's wheels include vulnerable OpenSSL","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-08-01T22:34:41.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8","https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d","https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2","https://www.openssl.org/news/secadv/20230714.txt","https://www.openssl.org/news/secadv/20230719.txt","https://www.openssl.org/news/secadv/20230731.txt","https://github.com/advisories/GHSA-jm77-qphf-c4w8"],"source_kind":"github","identifiers":["GHSA-jm77-qphf-c4w8"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.3","vulnerable_version_range":"\u003e= 0.8, \u003c 41.0.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-08-01T23:03:46.702Z","updated_at":"2023-08-01T22:34:41.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB","url":"https://github.com/advisories/GHSA-5cpq-8wj7-hf2v","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-06-02T17:13:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v","https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22","https://cryptography.io/en/latest/changelog/#v41-0-0","https://github.com/advisories/GHSA-5cpq-8wj7-hf2v"],"source_kind":"github","identifiers":["GHSA-5cpq-8wj7-hf2v"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.0","vulnerable_version_range":"\u003e= 0.5, \u003c= 40.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-06-02T18:03:17.370Z","updated_at":"2023-06-02T17:13:11.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0zOWhjLXY4N2otNzQ3eM4AAvq8","url":"https://github.com/advisories/GHSA-39hc-v87j-747x","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-02T18:11:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x","https://github.com/pyca/cryptography/commit/382e759bcded5773330eeed748c86b213ec618c5","https://github.com/pyca/cryptography/commit/cf2ada625d1188d6cd46396f301b98095da577f7","https://github.com/advisories/GHSA-39hc-v87j-747x"],"source_kind":"github","identifiers":["GHSA-39hc-v87j-747x"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"38.0.3","vulnerable_version_range":"\u003e= 37.0.0, \u003c 38.0.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:11:53.468Z","updated_at":"2023-01-08T05:03:03.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS05djloLWNnajgtaDY0cM4AA44M","url":"https://github.com/advisories/GHSA-9v9h-cgj8-h64p","title":"Null pointer dereference in PKCS12 parsing","description":"Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-01-26T09:30:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-0727","https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2","https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a","https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c","https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8","https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539","https://www.openssl.org/news/secadv/20240125.txt","https://github.com/github/advisory-database/pull/3472","https://github.com/openssl/openssl/pull/23362","https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2","https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d","https://security.netapp.com/advisory/ntap-20240208-0006","http://www.openwall.com/lists/oss-security/2024/03/11/1","https://github.com/advisories/GHSA-9v9h-cgj8-h64p"],"source_kind":"github","identifiers":["GHSA-9v9h-cgj8-h64p","CVE-2024-0727"],"repository_url":"https://github.com/openssl/openssl","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"42.0.2","vulnerable_version_range":"\u003c 42.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-16T21:04:38.629Z","updated_at":"2025-05-20T01:10:22.578Z","epss_percentage":0.0016,"epss_percentile":0.37966}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/cryptography","docker_dependents_count":20440,"docker_downloads_count":15967514223,"usage_url":"https://repos.ecosyste.ms/usage/pypi/cryptography","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/cryptography/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/related_packages","maintainers":[{"uuid":"reaperhulk","login":"reaperhulk","name":null,"email":null,"url":null,"packages_count":7,"html_url":"https://pypi.org/user/reaperhulk/","role":null,"created_at":"2022-11-27T19:19:59.964Z","updated_at":"2022-11-27T19:19:59.964Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/reaperhulk/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690322,"maintainers_count":292759,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":4430,"unique_repositories_count_past_30_days":192,"recent_issues":[{"uuid":"4528364640","node_id":"PR_kwDOSoww6s7fnoxr","number":9,"state":"closed","title":"chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /portal","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T00:07:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T00:05:29.000Z","updated_at":"2026-05-27T00:07:06.000Z","time_to_close":94,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":"/portal","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=46.0.6\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/identity-spiffe/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/identity-spiffe/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fidentity-spiffe/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4527853534","node_id":"PR_kwDOR4ROfc7fl_T1","number":15,"state":"open","title":"deps(py)(deps): update cryptography requirement from \u003e=42.0.0 to \u003e=48.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["ArihantK15"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T22:12:34.000Z","updated_at":"2026-05-26T22:27:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(py)(deps): update","packages":[{"name":"cryptography","old_version":"\u003e=42.0.0","new_version":"\u003e=48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ArihantK15/proctor-browser/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArihantK15%2Fproctor-browser/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4520870249","node_id":"PR_kwDOPiJZBs7fPRt2","number":15,"state":"open","title":"Bump the pip group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:35:02.000Z","updated_at":"2026-05-26T04:57:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":19,"packages":[{"name":"urllib3","old_version":"1.25.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2023.11.17","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.6","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.3.2","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"setuptools","old_version":"69.0.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jupyter-server","old_version":"2.12.5","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.0.11","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.14.2","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"notebook","old_version":"7.0.7","new_version":"7.5.6","repository_url":"https://github.com/jupyter/notebook"},{"name":"tornado","old_version":"6.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"cryptography","old_version":"41.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"tqdm","old_version":"4.66.1","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"},{"name":"pyopenssl","old_version":"23.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /test/requirements/compiled directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.25.3` | `2.7.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.11.17` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.5.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `69.0.3` | `78.1.1` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.12.5` | `2.18.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.0.11` | `4.5.7` |\n| [mistune](https://github.com/lepture/mistune) | `3.0.2` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.14.2` | `7.17.1` |\n| [notebook](https://github.com/jupyter/notebook) | `7.0.7` | `7.5.6` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.5.5` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.7` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.3.0` | `26.0.0` |\n\n\nUpdates `urllib3` from 1.25.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2023.11.17 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.11.17...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.3.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.3.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 69.0.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v69.0.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-ser...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 19 Python dependencies across test requirement files, bringing packages to their latest versions with security fixes, bug fixes, and new features.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Critical security fixes in urllib3 (CVE-2026-21441), requests (CVE-2026-25645), cryptography, and jinja2 (multiple CVEs)\n- **Major Version Bumps**: Black updated from 23.12.1 to 26.3.1, pytest from 7.4.4 to 9.0.3, scikit-learn from 1.3.2 to 1.5.0\n- **Jupyter Ecosystem**: Comprehensive updates to jupyter-server (2.12.5→2.18.0), jupyterlab (4.0.11→4.5.7), notebook (7.0.7→7.5.6)\n- **Infrastructure Libraries**: urllib3 major update (1.25.3→2.7.0), setuptools (69.0.3→78.1.1), cryptography (41.0.7→46.0.7)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 19 Outdated Packages]\n    B --\u003e C[Security Vulnerabilities Found]\n    B --\u003e D[Feature Updates Available]\n    C --\u003e E[urllib3: Decompression bomb fixes]\n    C --\u003e F[requests: Malicious file replacement fix]\n    C --\u003e G[jinja2: Sandbox bypass fixes]\n    C --\u003e H[cryptography: Security patches]\n    D --\u003e I[Black: Jupyter notebook improvements]\n    D --\u003e J[pytest: Python 3.14 support]\n    D --\u003e K[scikit-learn: New ML features]\n    E --\u003e L[Updated Requirements Files]\n    F --\u003e L\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including decompression bomb vulnerabilities, malicious file replacement, and sandbox bypass issues\n- **Compatibility Improvements**: Adds Python 3.14 support in pytest, removes deprecated features, and improves Windows compatibility\n- **Development Experience**: Enhanced Jupyter notebook support, better error messages, improved type annotations, and performance optimizations\n- **Testing Infrastructure**: Updated pytest with better async support, improved error handling, and enhanced debugging capabilities\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4520823235","node_id":"PR_kwDOPsndK87fPIBg","number":4,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:24:03.000Z","updated_at":"2026-05-26T02:24:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"protobuf","old_version":"6.33.0","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.1.3","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"46.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml-html-clean","old_version":"0.4.3","new_version":"0.4.4","repository_url":"https://github.com/fedora-python/lxml_html_clean"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 9 updates in the /docreader directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.0` | `6.33.5` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.1.3` | `6.10.2` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) | `0.4.3` | `0.4.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.0.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.33.0 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.1.3 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.1.3...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml-html-clean` from 0.4.3 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst\"\u003elxml-html-clean's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.4.4 (2026-02-26)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where Unicode escapes in CSS were not properly decoded\nbefore security checks. This prevents attackers from bypassing filters\nusing escape sequences. (CVE-2026-28348)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tags could be used for URL\nhijacking attacks. The \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tag is now automatically removed\nwhenever the \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e tag is removed (via \u003ccode\u003epage_structure=True\u003c/code\u003e\nor manual configuration), as \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e must be inside \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e\naccording to HTML specifications. (CVE-2026-28350)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fd10d79cf8a4d4a962e139aee6d02dec02b2de7c\"\u003e\u003ccode\u003efd10d79\u003c/code\u003e\u003c/a\u003e Add more tests for different combinations of backslashes and unicode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/5b7e2288d9e5bda81d1fcf6a4feaed362534899e\"\u003e\u003ccode\u003e5b7e228\u003c/code\u003e\u003c/a\u003e Restore the removal of all backslashes from styles after decoding of unicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/88da8f9e679190ae06f1238106dd9fbd1d87bfbb\"\u003e\u003ccode\u003e88da8f9\u003c/code\u003e\u003c/a\u003e Prepare release 0.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\"\u003e\u003ccode\u003e9c5612c\u003c/code\u003e\u003c/a\u003e Remove \u0026lt;base\u0026gt; tags to prevent URL hijacking attacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b\"\u003e\u003ccode\u003e2ef7326\u003c/code\u003e\u003c/a\u003e Implement unicode escape decoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/7c854afd949ff82cc6e81a666962e07b739706cf\"\u003e\u003ccode\u003e7c854af\u003c/code\u003e\u003c/a\u003e Add missing Python 3.14 to classifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/80cebf7156449bd48d2d6106a70c7442874fa1f9\"\u003e\u003ccode\u003e80cebf7\u003c/code\u003e\u003c/a\u003e Continue using the package link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/1cef82e0647549b901452f45396ded8e6b2bceab\"\u003e\u003ccode\u003e1cef82e\u003c/code\u003e\u003c/a\u003e Update safe sanitizer recommendation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/79f35f4b7542bf87286b45764a7b0bdf6830bb36\"\u003e\u003ccode\u003e79f35f4\u003c/code\u003e\u003c/a\u003e CI: Drop Python 3.8, add 3.14\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/compare/0.4.3...0.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHS...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 9 Python dependencies in the docreader module, including both direct dependencies (pillow, protobuf, pypdf, requests) and indirect dependencies (cryptography, idna, lxml-html-clean, python-dotenv, urllib3) to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Direct Dependencies**: Updated pillow (12.0.0→12.2.0), protobuf (6.33.0→6.33.5), pypdf (6.1.3→6.10.2), and requests (2.32.5→2.33.0)\n- **Indirect Dependencies**: Updated cryptography (46.0.3→46.0.7), idna (3.11→3.15), lxml-html-clean (0.4.3→0.4.4), python-dotenv (1.2.1→1.2.2), and urllib3 (2.5.0→2.7.0)\n- **Security Improvements**: Multiple packages include critical security fixes, particularly pypdf, cryptography, urllib3, and lxml-html-clean\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependency Update Process] --\u003e B[Direct Dependencies]\n    A --\u003e C[Indirect Dependencies]\n    \n    B --\u003e D[pillow 12.2.0\u003cbr/\u003eImage processing improvements]\n    B --\u003e E[protobuf 6.33.5\u003cbr/\u003eProtocol buffer updates]\n    B --\u003e F[pypdf 6.10.2\u003cbr/\u003ePDF security fixes]\n    B --\u003e G[requests 2.33.0\u003cbr/\u003eHTTP library updates]\n    \n    C --\u003e H[cryptography 46.0.7\u003cbr/\u003eCVE fixes]\n    C --\u003e I[idna 3.15\u003cbr/\u003eUnicode handling]\n    C --\u003e J[lxml-html-clean 0.4.4\u003cbr/\u003eHTML sanitization]\n    C --\u003e K[python-dotenv 1.2.2\u003cbr/\u003eEnvironment variables]\n    C --\u003e L[urllib3 2.7.0\u003cbr/\u003eHTTP connection pooling]\n    \n    D --\u003e M[Enhanced Security \u0026 Stability]\n    E --\u003e M\n    F --\u003e M\n    G --\u003e M\n    H --\u003e M\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including buffer overflow fixes in cryptography, decompression bomb protections in urllib3, and XSS prevention in lxml-html-clean\n- **Stability Improvements**: pypdf received significant updates (6.1.3→6.10.2) with numerous bug fixes and robustness improvements for PDF processing\n- **Compatibility Maintenance**: Updates maintain backward compatibility while providing latest features and performance optimizations across the document processing pipeline\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/WeKnora/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2FWeKnora/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4520553322","node_id":"PR_kwDOPiJZBs7fOPVK","number":14,"state":"open","title":"Bump the uv group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:32.000Z","updated_at":"2026-05-26T01:24:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":5,"packages":[{"name":"poetry","old_version":"1.8.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"cryptography","old_version":"43.0.0","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /scripts/benchmark directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [poetry](https://github.com/python-poetry/poetry) | `1.8.3` | `2.3.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `46.0.7` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n\n\nUpdates `poetry` from 1.8.3 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/1.8.3...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.0 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 24.2 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/24.2...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/uv/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔄 This PR updates 5 Python dependencies in the `/scripts/benchmark` directory through Dependabot's automated dependency management, bringing significant version bumps including Poetry 1.8.3→2.3.4, cryptography 43.0.0→46.0.7, and pip 24.2→26.1.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Poetry**: Major version bump from 1.8.3 to 2.3.4 with critical security fixes for path traversal vulnerabilities\n- **Cryptography**: Updated from 43.0.0 to 46.0.7 addressing multiple CVEs including buffer overflow and elliptic curve vulnerabilities\n- **Pip**: Significant update from 24.2 to 26.1 adding experimental pylock.toml support and dropping Python 3.9 support\n- **Python-dotenv**: Updated from 1.0.1 to 1.2.2 with Python 3.14 support and symlink handling improvements\n- **Requests**: Minor update from 2.32.3 to 2.33.0 with inline typing support and netrc authentication fixes\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Poetry 1.8.3→2.3.4]\n    B --\u003e D[Cryptography 43.0.0→46.0.7]\n    B --\u003e E[Pip 24.2→26.1]\n    B --\u003e F[Python-dotenv 1.0.1→1.2.2]\n    B --\u003e G[Requests 2.32.3→2.33.0]\n    \n    C --\u003e H[Security Fixes]\n    D --\u003e I[CVE Patches]\n    E --\u003e J[New Features]\n    F --\u003e K[Python 3.14 Support]\n    G --\u003e L[Type Annotations]\n    \n    H --\u003e M[Updated Dependencies]\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Multiple critical vulnerabilities patched across cryptography and poetry packages\n- **Compatibility**: Python 3.14 support added while Python 3.9 support dropped in some packages\n- **Development Experience**: Improved typing support in requests and better CLI functionality in python-dotenv\n- **Maintenance**: Automated dependency updates ensure the benchmark scripts stay current with latest security patches\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"4520214411","node_id":"PR_kwDOSnxeQM7fNI7Z","number":2,"state":"closed","title":"Bump cryptography from 46.0.5 to 46.0.7","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T23:38:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T23:58:24.000Z","updated_at":"2026-05-26T23:38:34.000Z","time_to_close":85209,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.5\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/abyodun74/cli_project/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/abyodun74/cli_project/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abyodun74%2Fcli_project/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4519843133","node_id":"PR_kwDOR1KrJs7fL6sl","number":39,"state":"open","title":"chore(deps)(deps): bump the minor-and-patch group across 1 directory with 27 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:25:54.000Z","updated_at":"2026-05-25T22:25:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"minor-and-patch","update_count":27,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.4","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pathspec","old_version":"1.0.4","new_version":"1.1.1","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.4","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"prometheus-client","old_version":"0.24.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"tomli","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/hukkin/tomli"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.48.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.50` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.5` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.14.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.4` | `4.9.6` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.24.1` | `0.25.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [tomli](https://github.com/hukkin/tomli) | `2.4.0` | `2.4.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `fastapi` from 0.135.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.41.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.41.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.11 to 2.9.12\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.12\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop with malformed interval (:ticket:\u003ccode\u003e1835\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/3a6d9d6ddc6b53eaa80b712f5fa6b23abbdc38db\"\u003e\u003ccode\u003e3a6d9d6\u003c/code\u003e\u003c/a\u003e ci: include almalinux in whieel building\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ebca6bf0f86bc6cbdc86de1eb3a53eaf49966d86\"\u003e\u003ccode\u003eebca6bf\u003c/code\u003e\u003c/a\u003e chore: bump to version 3.9.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/0196f02cc9512df8de3c941f87d27bda98f9f7af\"\u003e\u003ccode\u003e0196f02\u003c/code\u003e\u003c/a\u003e build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d157bdc2235a42dc1742936dbb0f5cfc8e4d2eb7\"\u003e\u003ccode\u003ed157bdc\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/7fccc0f5066a40dea530512abbf02621f4182b81\"\u003e\u003ccode\u003e7fccc0f\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 6 to 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d52a61eb2e6095fc1b9891bfcca44ebfac509e55\"\u003e\u003ccode\u003ed52a61e\u003c/code\u003e\u003c/a\u003e chore: bump dependency libraries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/b231d726a01d55e07ec3620b2b82f4a2da37ba62\"\u003e\u003ccode\u003eb231d72\u003c/code\u003e\u003c/a\u003e chore: fix building binary images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/6d76e8479f0f522c2e07ce0e2701030d8fd63785\"\u003e\u003ccode\u003e6d76e84\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1836\"\u003e#1836\u003c/a\u003e from psycopg/fix-1835\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/f7e314c7ab418ab9b9956e694956089a49c5c3b9\"\u003e\u003ccode\u003ef7e314c\u003c/code\u003e\u003c/a\u003e fix: overflow in malformed interval\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/eb905c124b75f2a5183d22177b85af20914b0f17\"\u003e\u003ccode\u003eeb905c1\u003c/code\u003e\u003c/a\u003e docs: replace bare except clause with except Exception\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.11...2.9.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-cov` from 7.0.0 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst\"\u003epytest-cov's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-03-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed total coverage computation to always be consistent, regardless of reporting settings.\nPreviously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on\nreporting options.\nSee \u003ccode\u003e[#641](https://github.com/pytest-dev/pytest-cov/issues/641) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/641\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove handling of ResourceWarning from sqlite3.\u003c/p\u003e\n\u003cp\u003eThe plugin adds warning filter for sqlite3 \u003ccode\u003eResourceWarning\u003c/code\u003e unclosed database (since 6.2.0).\nIt checks if there is already existing plugin for this message by comparing filter regular expression.\nWhen filter is specified on command line the message is escaped and does not match an expected message.\nA check for an escaped regular expression is added to handle this case.\u003c/p\u003e\n\u003cp\u003eWith this fix one can suppress \u003ccode\u003eResourceWarning\u003c/code\u003e from sqlite3 from command line::\u003c/p\u003e\n\u003cp\u003epytest -W \u0026quot;ignore:unclosed database in \u0026lt;sqlite3.Connection object at:ResourceWarning\u0026quot; ...\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to documentation.\nContributed by Art Pelling in \u003ccode\u003e[#718](https://github.com/pytest-dev/pytest-cov/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/718\u0026gt;\u003c/code\u003e_ and\n\u0026quot;vivodi\u0026quot; in \u003ccode\u003e[#738](https://github.com/pytest-dev/pytest-cov/issues/738) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/738\u0026gt;\u003c/code\u003e\u003cem\u003e.\nAlso closed \u003ccode\u003e[#736](https://github.com/pytest-dev/pytest-cov/issues/736) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/736\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed some assertions in tests.\nContributed by in Markéta Machová in \u003ccode\u003e[#722](https://github.com/pytest-dev/pytest-cov/issues/722) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/722\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622\"\u003e\u003ccode\u003e66c8a52\u003c/code\u003e\u003c/a\u003e Bump version: 7.0.0 → 7.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e\"\u003e\u003ccode\u003ef707662\u003c/code\u003e\u003c/a\u003e Make the examples use pypy 3.11.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672\"\u003e\u003ccode\u003e6049a78\u003c/code\u003e\u003c/a\u003e Make context test use the old ctracer (seems the new sysmon tracer behaves di...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b\"\u003e\u003ccode\u003e8ebf20b\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9\"\u003e\u003ccode\u003e861d30e\u003c/code\u003e\u003c/a\u003e Remove the backup context manager  - shouldn't be needed since coverage 5.0, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f\"\u003e\u003ccode\u003efd4c956\u003c/code\u003e\u003c/a\u003e Pass the precision on the nulled total (seems that there's some caching goion...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6\"\u003e\u003ccode\u003e78c9c4e\u003c/code\u003e\u003c/a\u003e Only run the 3.9 on older deps.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc\"\u003e\u003ccode\u003e4849a92\u003c/code\u003e\u003c/a\u003e Punctuation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7\"\u003e\u003ccode\u003e197c35e\u003c/code\u003e\u003c/a\u003e Update changelog and hopefully I don't forget to publish release again :))\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f\"\u003e\u003ccode\u003e14dc1c9\u003c/code\u003e\u003c/a\u003e Update examples to use 3.11 and make the adhoc layout example look a bit more...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline commen...\n\n_Description has been truncated_","html_url":"https://github.com/outshift-open/ioc-cfn-mgmt-backend-svc/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/outshift-open%2Fioc-cfn-mgmt-backend-svc/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"},{"uuid":"4519810752","node_id":"PR_kwDOSXYJrc7fL0De","number":25,"state":"closed","title":"Bump cryptography from 43.0.3 to 46.0.7 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T04:52:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T22:16:04.000Z","updated_at":"2026-05-26T04:52:58.000Z","time_to_close":23804,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=43.0.3\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BUMETCS673/cs673olsum26project-cs673olsum26team2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/BUMETCS673/cs673olsum26project-cs673olsum26team2/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BUMETCS673%2Fcs673olsum26project-cs673olsum26team2/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4519540404","node_id":"PR_kwDOSb-0DM7fK8xH","number":98,"state":"open","title":"deps: update cryptography requirement from \u003c47,\u003e=46.0.7 to \u003e=48.0.0,\u003c49","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:09:02.000Z","updated_at":"2026-05-25T21:09:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: update","packages":[{"name":"cryptography","old_version":"\u003c47,\u003e=46.0.7","new_version":"\u003e=48.0.0,\u003c49","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Sundeepg98/google-docs-mcp/pull/98","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sundeepg98%2Fgoogle-docs-mcp/issues/98","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/98/packages"},{"uuid":"4515199471","node_id":"PR_kwDOSMfd6M7e85Hr","number":51,"state":"open","title":"deps(backend): update cryptography requirement from \u003c46,\u003e=43 to \u003e=48.0.0,\u003c49 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T07:42:43.000Z","updated_at":"2026-05-25T07:45:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend): update","packages":[{"name":"cryptography","old_version":"\u003c46,\u003e=43","new_version":"\u003e=48.0.0,\u003c49","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Jeffreynuez/civicview/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jeffreynuez%2Fcivicview/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"},{"uuid":"4509698585","node_id":"PR_kwDOSl8fx87esTMS","number":6,"state":"open","title":"Update cryptography requirement from \u003e=46.0.5 to \u003e=48.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T21:49:18.000Z","updated_at":"2026-05-23T21:49:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"cryptography","old_version":"\u003e=46.0.5","new_version":"\u003e=48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DhruvaBansal00/robin_stocks_v2/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DhruvaBansal00%2Frobin_stocks_v2/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4507542660","node_id":"PR_kwDOSlaZiM7eltws","number":7,"state":"closed","title":"deps(deps): bump the pip group across 1 directory with 4 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-24T02:09:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T08:48:02.000Z","updated_at":"2026-05-24T02:09:08.000Z","time_to_close":62466,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"pip","update_count":4,"packages":[{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"43.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"apache-airflow","old_version":"2.10.2","new_version":"3.2.1rc1","repository_url":"https://github.com/apache/airflow"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the / directory: [python-multipart](https://github.com/Kludex/python-multipart), [cryptography](https://github.com/pyca/cryptography), [apache-airflow](https://github.com/apache/airflow) and [pytest](https://github.com/pytest-dev/pytest).\n\nUpdates `python-multipart` from 0.0.12 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.12...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.1 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.1...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `apache-airflow` from 2.10.2 to 3.2.1rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/airflow/releases\"\u003eapache-airflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Airflow 3.2.0\u003c/h2\u003e\n\u003cp\u003e📦 PyPI: \u003ca href=\"https://pypi.org/project/apache-airflow/3.2.0/\"\u003ehttps://pypi.org/project/apache-airflow/3.2.0/\u003c/a\u003e\n📚 Docs: \u003ca href=\"https://airflow.apache.org/docs/apache-airflow/3.2.0/\"\u003ehttps://airflow.apache.org/docs/apache-airflow/3.2.0/\u003c/a\u003e\n🛠 Release Notes: \u003ca href=\"https://airflow.apache.org/docs/apache-airflow/3.2.0/release_notes.html\"\u003ehttps://airflow.apache.org/docs/apache-airflow/3.2.0/release_notes.html\u003c/a\u003e\n🐳 Docker Image: \u0026quot;docker pull apache/airflow:3.2.0\u0026quot;\n🚏 Constraints: \u003ca href=\"https://github.com/apache/airflow/tree/constraints-3.2.0\"\u003ehttps://github.com/apache/airflow/tree/constraints-3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eSignificant Changes\u003c/h2\u003e\n\u003ch3\u003eAsset Partitioning\u003c/h3\u003e\n\u003cp\u003eThe headline feature of Airflow 3.2.0 is asset partitioning — a major evolution of data-aware\nscheduling. Instead of triggering Dags based on an entire asset, you can now schedule downstream\nprocessing based on specific partitions of data. Only the relevant slice of data triggers downstream\nwork, making pipeline orchestration far more efficient and precise.\u003c/p\u003e\n\u003cp\u003eThis matters when working with partitioned data lakes — date-partitioned S3 paths, Hive table\npartitions, BigQuery table partitions, or any other partitioned data store. Previously, any update\nto an asset triggered all downstream Dags regardless of which partition changed. Now only the right\nwork gets triggered at the right time.\u003c/p\u003e\n\u003cp\u003eFor detailed usage instructions, see :doc:\u003ccode\u003e/authoring-and-scheduling/assets\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eMulti-Team Deployments\u003c/h3\u003e\n\u003cp\u003eAirflow 3.2 introduces multi-team support, allowing organizations to run multiple isolated teams within a single Airflow deployment.\nEach team can have its own Dags, connections, variables, pools, and executors— enabling true resource and permission isolation without requiring separate Airflow instances per team.\u003c/p\u003e\n\u003cp\u003eThis is particularly valuable for platform teams that serve multiple data engineering or data science teams from shared infrastructure, while maintaining strong boundaries between teams' resources and access.\u003c/p\u003e\n\u003cp\u003eFor detailed usage instructions, see :doc:\u003ccode\u003e/core-concepts/multi-team\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e.. warning::\u003c/p\u003e\n\u003cp\u003eMulti-Team Deployments are experimental in 3.2.0 and may change in future versions based on\nuser feedback.\u003c/p\u003e\n\u003ch3\u003eSynchronous callback support for Deadline Alerts\u003c/h3\u003e\n\u003cp\u003eDeadline Alerts now support synchronous callbacks via \u003ccode\u003eSyncCallback\u003c/code\u003e in addition to the existing\nasynchronous \u003ccode\u003eAsyncCallback\u003c/code\u003e. Synchronous callbacks are executed by the executor (rather than\nthe triggerer), and can optionally target a specific executor via the \u003ccode\u003eexecutor\u003c/code\u003e parameter.\u003c/p\u003e\n\u003cp\u003eA Dag can also define multiple Deadline Alerts by passing a list to the \u003ccode\u003edeadline\u003c/code\u003e parameter,\nand each alert can use either callback type.\u003c/p\u003e\n\u003cp\u003e.. warning::\u003c/p\u003e\n\u003cp\u003eDeadline Alerts are experimental in 3.2.0 and may change in future versions based on\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/b457a3001f055dabbf73b8562026113ac9d91488\"\u003e\u003ccode\u003eb457a30\u003c/code\u003e\u003c/a\u003e update release notes for 3.2.1rc1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/200a7e13a628316ad8020cfc31f5dff888d0e748\"\u003e\u003ccode\u003e200a7e1\u003c/code\u003e\u003c/a\u003e Update version to 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/3abf7e0d9fcdbedd9562184dd96171f7a5e5d5b3\"\u003e\u003ccode\u003e3abf7e0\u003c/code\u003e\u003c/a\u003e update release notes of 3.2.0 specifying \u003ccode\u003esqlalchemy[asyncio]\u0026gt;=2.0.48\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/6513\"\u003e#6513\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/daae7bbfef9e2fc19f01facd4d2b1c65e9495ae6\"\u003e\u003ccode\u003edaae7bb\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003edeactivate_deleted_dags\u003c/code\u003e signature broken by \u003ca href=\"https://redirect.github.com/apache/airflow/issues/63617\"\u003e#63617\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64245\"\u003e#64245\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65312\"\u003e#65312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/519c4f1cf2dc8e90ad910407895d86e7e74689de\"\u003e\u003ccode\u003e519c4f1\u003c/code\u003e\u003c/a\u003e fix: use Dag form when materializing asset (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64211\"\u003e#64211\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65303\"\u003e#65303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/7c4dbf9ead4e2fd0eddb853fd5858517ba1431eb\"\u003e\u003ccode\u003e7c4dbf9\u003c/code\u003e\u003c/a\u003e Change default sort to 'id' for list task instances (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64168\"\u003e#64168\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65297\"\u003e#65297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/7ba62fcc3924564c03b55da60ce3d6ba8c9882e6\"\u003e\u003ccode\u003e7ba62fc\u003c/code\u003e\u003c/a\u003e Fix zip DAG import errors being cleared during bundle refresh (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/63617\"\u003e#63617\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65296\"\u003e#65296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/8a3af78363955dc4de4a74a57ed5143c999c3b7c\"\u003e\u003ccode\u003e8a3af78\u003c/code\u003e\u003c/a\u003e Remove outdated TODO comment about permissions (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64169\"\u003e#64169\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65295\"\u003e#65295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/f6dc7714270808a0762b1fc6b77c500d23954ca3\"\u003e\u003ccode\u003ef6dc771\u003c/code\u003e\u003c/a\u003e fix(connection-model): RFC3896 \u003ccode\u003econn_type\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/63167\"\u003e#63167\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65294\"\u003e#65294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/f55ed5c070d77e7370a88763b10a53b38e09f5ee\"\u003e\u003ccode\u003ef55ed5c\u003c/code\u003e\u003c/a\u003e Add overridable metadata engine creation hooks in \u003ccode\u003esettings.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/62184\"\u003e#62184\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65\"\u003e#65\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/airflow/compare/2.10.2...3.2.1rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/zrlopez/ml-incident-response-playbook/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zrlopez%2Fml-incident-response-playbook/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4506888113","node_id":"PR_kwDORy5D7c7ejqhE","number":1,"state":"open","title":"Bump cryptography from 45.0.7 to 46.0.7","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T04:58:46.000Z","updated_at":"2026-05-23T04:59:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"45.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=45.0.7\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dct555/httpx/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Dct555/httpx/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fhttpx/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4501821896","node_id":"PR_kwDOSPEPBc7eTXHA","number":4,"state":"open","title":"Bump cryptography from 47.0.0 to 48.0.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T10:16:32.000Z","updated_at":"2026-05-22T10:18:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 47.0.0 to 48.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=47.0.0\u0026new-version=48.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/20206205Tech/data-pipeline-vbplnew-service/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/20206205Tech%2Fdata-pipeline-vbplnew-service/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"},{"uuid":"4491187680","node_id":"PR_kwDOSSwFHc7dw07M","number":3,"state":"closed","title":"Bump the pip group across 23 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-21T02:22:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T02:19:12.000Z","updated_at":"2026-05-21T02:22:32.000Z","time_to_close":198,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":8,"packages":[{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"cryptography","old_version":"42.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pillow","old_version":"9.5.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"zipp","old_version":"3.15.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /benchmarks/XBEN-005-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-007-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-021-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-058-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 1 update in the /benchmarks/XBEN-062-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-063-24/app/website directory: [flask](https://github.com/pallets/flask) and [pymysql](https://github.com/PyMySQL/PyMySQL).\nBumps the pip group with 1 update in the /benchmarks/XBEN-064-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-065-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-068-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-070-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-073-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-074-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-076-24/ssti-demo-app directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /benchmarks/XBEN-082-24/api directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-082-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-087-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-089-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /benchmarks/XBEN-091-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-094-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-100-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 6 updates in the /benchmarks/XBEN-101-24/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `42.0.5` | `46.0.7` |\n| [pillow](https://github.com/python-pillow/Pillow) | `9.5.0` | `12.2.0` |\n| [zipp](https://github.com/jaraco/zipp) | `3.15.0` | `3.19.1` |\n\nBumps the pip group with 1 update in the /benchmarks/XBEN-102-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-103-24/app directory: [flask](https://github.com/pallets/flask).\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.4...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.4...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.3...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filte...\n\n_Description has been truncated_","html_url":"https://github.com/pellera9/validation-benchmarks/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pellera9%2Fvalidation-benchmarks/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4490567044","node_id":"PR_kwDOD385987du4i9","number":3105,"state":"closed","title":"Bump the pip-deps group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["major","bumpless"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T23:42:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T23:28:24.000Z","updated_at":"2026-05-20T23:42:39.000Z","time_to_close":854,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-deps","update_count":9,"packages":[{"name":"asf-search","old_version":"12.0.7","new_version":"12.2.0","repository_url":"https://github.com/asfadmin/Discovery-asf_search"},{"name":"boto3","old_version":"1.42.97","new_version":"1.43.12","repository_url":"https://github.com/boto/boto3"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"moto","old_version":"5.1.22","new_version":"5.2.1","repository_url":"https://github.com/getmoto/moto"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"openapi-spec-validator","old_version":"0.8.5","new_version":"0.9.0","repository_url":"https://github.com/python-openapi/openapi-spec-validator"},{"name":"cfn-lint","old_version":"1.50.0","new_version":"1.51.0","repository_url":"https://github.com/aws-cloudformation/cfn-lint"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-deps group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [asf-search](https://github.com/asfadmin/Discovery-asf_search) | `12.0.7` | `12.2.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.97` | `1.43.12` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [moto](https://github.com/getmoto/moto) | `5.1.22` | `5.2.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.8.5` | `0.9.0` |\n| [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) | `1.50.0` | `1.51.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n\n\nUpdates `asf-search` from 12.0.7 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/releases\"\u003easf-search's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev12.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.1...v12.2.0\"\u003ev12.2.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eBuild SBAS stacks from a geographic reference scene or from the results of an \u003ccode\u003eASFProduct.stack()\u003c/code\u003e search\u003c/li\u003e\n\u003cli\u003eSeasonal gaps are connected with bridge pairs spanning one or more years\u003c/li\u003e\n\u003cli\u003eUser can set a target bridge date\u003c/li\u003e\n\u003cli\u003eAdd custom Pairs\u003c/li\u003e\n\u003cli\u003eRemove Pairs\u003c/li\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/SBASNetwork.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.0...v12.1.1\"\u003ev12.1.1\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFor Opera proudcts, add file size information to \u003ccode\u003ejsonlite2\u003c/code\u003e output\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.1.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.1.0\"\u003ev12.1.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eStack\u003c/code\u003e class, used to create stacks of \u003ccode\u003ePair\u003c/code\u003e objects. This is a foundational class, which will be used by a near-future \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/Stack.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOPERA_L3_DIST-ALERT-S1_V1\u003c/code\u003e shortname/collections added\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eNISAR_EA\u003c/code\u003e shortname/collections to NISAR dataset (available to authorized users)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/blob/master/CHANGELOG.md\"\u003easf-search's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.1...v12.2.0\"\u003ev12.2.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eBuild SBAS stacks from a geographic reference scene or from the results of an \u003ccode\u003eASFProduct.stack()\u003c/code\u003e search\u003c/li\u003e\n\u003cli\u003eSeasonal gaps are connected with bridge pairs spanning one or more years\u003c/li\u003e\n\u003cli\u003eUser can set a target bridge date\u003c/li\u003e\n\u003cli\u003eAdd custom Pairs\u003c/li\u003e\n\u003cli\u003eRemove Pairs\u003c/li\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/SBASNetwork.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.0...v12.1.1\"\u003ev12.1.1\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFor Opera proudcts, add file size information to \u003ccode\u003ejsonlite2\u003c/code\u003e output\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.1.0\"\u003ev12.1.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eStack\u003c/code\u003e class, used to create stacks of \u003ccode\u003ePair\u003c/code\u003e objects. This is a foundational class, which will be used by a near-future \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/Stack.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOPERA_L3_DIST-ALERT-S1_V1\u003c/code\u003e shortname/collections added\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eNISAR_EA\u003c/code\u003e shortname/collections to NISAR dataset (available to authorized users)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/c124ebd26368c9fb17d674c28555c5e8471f957e\"\u003e\u003ccode\u003ec124ebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/asfadmin/Discovery-asf_search/issues/449\"\u003e#449\u003c/a\u003e from asfadmin/feature/sbasnetwork_class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/9b9bf9f262a316be8afe7534dac25b3d5e9789c3\"\u003e\u003ccode\u003e9b9bf9f\u003c/code\u003e\u003c/a\u003e update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/7bae9fb6b411bcb096d9adbffa3146223b814626\"\u003e\u003ccode\u003e7bae9fb\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/62b14d830136f7b92552b7f37007983720acb622\"\u003e\u003ccode\u003e62b14d8\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into feature/sbasnetwork_class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/b03bfc6ba2022b9f2698ee798e69b54dd80f5e4c\"\u003e\u003ccode\u003eb03bfc6\u003c/code\u003e\u003c/a\u003e take start_date, end_date, season as keyword args and merge with CMR opts, ov...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/5f30ca046195e2c01daeb816ffaa0bd4cf8a5b4a\"\u003e\u003ccode\u003e5f30ca0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/asfadmin/Discovery-asf_search/issues/451\"\u003e#451\u003c/a\u003e from asfadmin/missing-opera-rtc-file-sizes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/01321fa1ebf79950c4c56b6b0873d26fe9de6b78\"\u003e\u003ccode\u003e01321fa\u003c/code\u003e\u003c/a\u003e chore: update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/2eef23350366674866937f9151344b1c1367692b\"\u003e\u003ccode\u003e2eef233\u003c/code\u003e\u003c/a\u003e feat: Add file sizes to jsonlite2 output for Opera products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/56c3efb21113ac6500d6f06146c1f7cea602ae64\"\u003e\u003ccode\u003e56c3efb\u003c/code\u003e\u003c/a\u003e break up SBASNetwork tests and use fixtures and mocks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/29a6691c52e5650ae0563553ac6dc30c7ad791d0\"\u003e\u003ccode\u003e29a6691\u003c/code\u003e\u003c/a\u003e break up Pair tests and use fixtures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.97 to 1.43.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3f2433ff49062a75426c406e606625b69a32eb6\"\u003e\u003ccode\u003ed3f2433\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/93f3a42377b288934f08416a9c3b63920d8163c6\"\u003e\u003ccode\u003e93f3a42\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5355abdca2dfffff34b4e7b05135911845a87631\"\u003e\u003ccode\u003e5355abd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/9ef5febabaaa8cb403fb3a5e97b0b6d333a0851a\"\u003e\u003ccode\u003e9ef5feb\u003c/code\u003e\u003c/a\u003e Bump idna from 3.7 to 3.15 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4788\"\u003e#4788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/c628e75265dc9d48b40a216c72575e46348bbd21\"\u003e\u003ccode\u003ec628e75\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.11'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/210f10744645854d03856c59e73b4db84144dacb\"\u003e\u003ccode\u003e210f107\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.11' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ac6f929ef6687ea327a2c108d27a9be29c929483\"\u003e\u003ccode\u003eac6f929\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/bb47b732471871fd1fadd0270ea3ae7e4960ecd5\"\u003e\u003ccode\u003ebb47b73\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d8c26e0d16ce4c45ae61bd48806eb13c376bffd8\"\u003e\u003ccode\u003ed8c26e0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.10'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4ed1db810f9a4d6b99cdde0efc1ceb12afc12ade\"\u003e\u003ccode\u003e4ed1db8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.10' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.97...1.43.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `moto` from 5.1.22 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getmoto/moto/blob/master/CHANGELOG.md\"\u003emoto's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cp\u003eDocker Digest for 5.2.1: \u003cem\u003esha256:fe6575dcd878842124f05d20e4ffde2d1126e1e38ad03e196353b9e53649bcdf\u003c/em\u003e\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMiscellaneous:\n    * DynamoDB: batch_write_item() now correctly handles PUT requests with Binary (B) attributes (broken in 5.2.0)\n    * S3: Uploading files no longer fails with 'Unsupported protocol' (broken in 5.2.0)\n    * S3: create_multipart_upload() is now compatible with Java SDK again (broken in 5.2.0)\n    * Route53: update_health_check() now correctly updates falsy values (broken in 5.2.0)\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cp\u003eDocker Digest for 5.2.0: \u003cem\u003esha256:d8d063e3e704d256cbe8165072fa273c17698be91311e49fc602b7716f459bea\u003c/em\u003e\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eGeneral:\n    * Drops support for Python 3.9\n    * Lambda Containers now configure the AWS_ENDPOINT_URL, automatically intercepting requests to other AWS services\n\u003cp\u003eNew Services:\u003cbr /\u003e\n* Bedrock-AgentCore-Control:\u003cbr /\u003e\n* create_agent_runtime()\u003cbr /\u003e\n* create_agent_runtime_endpoint()\u003cbr /\u003e\n* create_gateway()\u003cbr /\u003e\n* create_gateway_target()\u003cbr /\u003e\n* create_memory()\u003cbr /\u003e\n* delete_agent_runtime()\u003cbr /\u003e\n* delete_agent_runtime_endpoint()\u003cbr /\u003e\n* delete_gateway()\u003cbr /\u003e\n* delete_gateway_target()\u003cbr /\u003e\n* delete_memory()\u003cbr /\u003e\n* get_agent_runtime()\u003cbr /\u003e\n* get_agent_runtime_endpoint()\u003cbr /\u003e\n* get_gateway()\u003cbr /\u003e\n* get_gateway_target()\u003cbr /\u003e\n* get_memory()\u003cbr /\u003e\n* list_agent_runtimes()\u003cbr /\u003e\n* list_agent_runtime_endpoints()\u003cbr /\u003e\n* list_agent_runtime_versions()\u003cbr /\u003e\n* list_gateways()\u003cbr /\u003e\n* list_gateway_targets()\u003cbr /\u003e\n* list_memories()\u003cbr /\u003e\n* list_tags_for_resource()\u003cbr /\u003e\n* tag_resource()\u003cbr /\u003e\n* update_agent_runtime()\u003cbr /\u003e\n* update_agent_runtime_endpoint()\u003cbr /\u003e\n* update_gateway()\u003cbr /\u003e\n* update_gateway_target()\u003cbr /\u003e\n* untag_resource()\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/543c687a2301fe1982da96f815d603c17b37a45c\"\u003e\u003ccode\u003e543c687\u003c/code\u003e\u003c/a\u003e Pre-Release: Up Version Number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/b653a99663b96b165d6f93f723268c4acff1be58\"\u003e\u003ccode\u003eb653a99\u003c/code\u003e\u003c/a\u003e Prep release 5.2.1 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10020\"\u003e#10020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/df3dc92bbabea6b542bc7aeea1e0abc96bb2e792\"\u003e\u003ccode\u003edf3dc92\u003c/code\u003e\u003c/a\u003e Core: Disable flaky AWS tests (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10019\"\u003e#10019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/ef42e0e00f72a6124c153dc78240d628df5eb2e0\"\u003e\u003ccode\u003eef42e0e\u003c/code\u003e\u003c/a\u003e S3: Make CreateMultipartUpload compatible with Java SDK (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10017\"\u003e#10017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/50ab6245c83ad7edd2e8ecd8d4aa1e76abd78d6c\"\u003e\u003ccode\u003e50ab624\u003c/code\u003e\u003c/a\u003e Core: Make compatible with mypy 2 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10016\"\u003e#10016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/6b3cf8df811c548de5637261a882bd1fc7f2236d\"\u003e\u003ccode\u003e6b3cf8d\u003c/code\u003e\u003c/a\u003e Route53: update_health_check() should handle falsy values correctly (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10014\"\u003e#10014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/b4f8b78620903be793029d3e058804aed93d5baa\"\u003e\u003ccode\u003eb4f8b78\u003c/code\u003e\u003c/a\u003e Core: short circuit protocol detection for S3 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10012\"\u003e#10012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/665e817028ccb3af5bcdd373ac08efb356730517\"\u003e\u003ccode\u003e665e817\u003c/code\u003e\u003c/a\u003e DynamoDB: fix BatchWriteItem handling of binary attributes (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10007\"\u003e#10007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/e754d88a7e5aa46362c9efda42208572d84e0aed\"\u003e\u003ccode\u003ee754d88\u003c/code\u003e\u003c/a\u003e Admin: Post-release steps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/4d17a101b9c08fe164485339e994d435b15ba615\"\u003e\u003ccode\u003e4d17a10\u003c/code\u003e\u003c/a\u003e Pre-Release: Up Version Number\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getmoto/moto/compare/5.1.22...5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openapi-spec-validator` from 0.8.5 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/releases\"\u003eopenapi-spec-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.9.0\u003c/h2\u003e\n\u003ch2\u003eUpgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade schema-validator 0.9 \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade jsonschema-path 0.5 \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/506\"\u003e#506\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBackward incompatibilities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidation results may change for specifications that previously relied on discriminator-based narrowing or on discriminator mapping resolution errors during validation. \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/2121137e4832871202b96a276b225b90f3aece50\"\u003e\u003ccode\u003e2121137\u003c/code\u003e\u003c/a\u003e Version 0.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/ee4683bf4f27c29c10508a9443526db374b080b4\"\u003e\u003ccode\u003eee4683b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/506\"\u003e#506\u003c/a\u003e from python-openapi/feature/upgrade-jsonschema-path-0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/692131cada405b223ef5bec95f59c42d78396b29\"\u003e\u003ccode\u003e692131c\u003c/code\u003e\u003c/a\u003e Upgrade jsonschema-path 0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/27cb34182b10a3d380ac135909d89913e2472089\"\u003e\u003ccode\u003e27cb341\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e from python-openapi/feature/upgrade-schema-validator-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/4413a524cce51ab4f0b5f376624c6df59f9b3e5d\"\u003e\u003ccode\u003e4413a52\u003c/code\u003e\u003c/a\u003e Upgrade schema-validator 0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/f407ed796428a4b01c287ee9d3491b3ff8a9e76a\"\u003e\u003ccode\u003ef407ed7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/484\"\u003e#484\u003c/a\u003e from python-openapi/dependabot/pip/isort-8.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/081f3bea2f55738ee316205d1fdd741128abcee0\"\u003e\u003ccode\u003e081f3be\u003c/code\u003e\u003c/a\u003e Bump isort from 8.0.0 to 8.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/d931faf7f212695e3c62a2b349f2a993b1d1671d\"\u003e\u003ccode\u003ed931faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/497\"\u003e#497\u003c/a\u003e from python-openapi/dependabot/pip/mypy-1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/f8c6261c7bd41298fdae8d6f9c7b352495b23dc7\"\u003e\u003ccode\u003ef8c6261\u003c/code\u003e\u003c/a\u003e Bump mypy from 1.19.1 to 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/1b5dafd9d03dcf267be5ee5e861a7f8185ecc550\"\u003e\u003ccode\u003e1b5dafd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/500\"\u003e#500\u003c/a\u003e from python-openapi/dependabot/pip/urllib3-2.7.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/compare/0.8.5...0.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cfn-lint` from 1.50.0 to 1.51.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/releases\"\u003ecfn-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.51.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate snapshots script and conditions yaml by \u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W1054\"\u003eW1054\u003c/a\u003e to warn on raw pseudo-parameter strings without Ref by \u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3064\"\u003eE3064\u003c/a\u003e to validate duplicate Interface VPC Endpoint with PrivateDnsEnabled by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4492\"\u003eaws-cloudformation/cfn-lint#4492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add support for \u003ccode\u003eFn::GetStackOutput\u003c/code\u003e intrinsic function by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4495\"\u003eaws-cloudformation/cfn-lint#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3039\"\u003eE3039\u003c/a\u003e crash when \u003ccode\u003eFn::Transform\u003c/code\u003e used at list properties by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4498\"\u003eaws-cloudformation/cfn-lint#4498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions by \u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-11\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4490\"\u003eaws-cloudformation/cfn-lint#4490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SSM Parameter Name prefix check from error to warning by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4501\"\u003eaws-cloudformation/cfn-lint#4501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3664\"\u003eW3664\u003c/a\u003e false positive for regional CWL principal by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4506\"\u003eaws-cloudformation/cfn-lint#4506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix schema validation issues and add warning rules by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4502\"\u003eaws-cloudformation/cfn-lint#4502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-12\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4503\"\u003eaws-cloudformation/cfn-lint#4503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude usage path in \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3034\"\u003eW3034\u003c/a\u003e parameter range error by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4507\"\u003eaws-cloudformation/cfn-lint#4507\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.50.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3031\"\u003eE3031\u003c/a\u003e false positive for boolean values with pattern by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4485\"\u003eaws-cloudformation/cfn-lint#4485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd python \u003ccode\u003e3.14\u003c/code\u003e support by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4487\"\u003eaws-cloudformation/cfn-lint#4487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-04-29\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4483\"\u003eaws-cloudformation/cfn-lint#4483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use TOML-native posargs syntax for multi-arg expansion by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4488\"\u003eaws-cloudformation/cfn-lint#4488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/blob/main/CHANGELOG.md\"\u003ecfn-lint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.51.0\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate snapshots script and conditions yaml by \u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W1054\"\u003eW1054\u003c/a\u003e to warn on raw pseudo-parameter strings without Ref by \u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3064\"\u003eE3064\u003c/a\u003e to validate duplicate Interface VPC Endpoint with PrivateDnsEnabled by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4492\"\u003eaws-cloudformation/cfn-lint#4492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add support for \u003ccode\u003eFn::GetStackOutput\u003c/code\u003e intrinsic function by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4495\"\u003eaws-cloudformation/cfn-lint#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3039\"\u003eE3039\u003c/a\u003e crash when \u003ccode\u003eFn::Transform\u003c/code\u003e used at list properties by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4498\"\u003eaws-cloudformation/cfn-lint#4498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions by \u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-11\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4490\"\u003eaws-cloudformation/cfn-lint#4490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SSM Parameter Name prefix check from error to warning by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4501\"\u003eaws-cloudformation/cfn-lint#4501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3664\"\u003eW3664\u003c/a\u003e false positive for regional CWL principal by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4506\"\u003eaws-cloudformation/cfn-lint#4506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix schema validation issues and add warning rules by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4502\"\u003eaws-cloudformation/cfn-lint#4502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-12\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4503\"\u003eaws-cloudformation/cfn-lint#4503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude usage path in \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3034\"\u003eW3034\u003c/a\u003e parameter range error by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4507\"\u003eaws-cloudformation/cfn-lint#4507\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003ev1.50.1\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3031\"\u003eE3031\u003c/a\u003e false positive for boolean values with pattern by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4485\"\u003eaws-cloudformation/cfn-lint#4485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd python \u003ccode\u003e3.14\u003c/code\u003e support by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4487\"\u003eaws-cloudformation/cfn-lint#4487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-04-29\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4483\"\u003eaws-cloudformation/cfn-lint#4483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use TOML-native posargs syntax for multi-arg expansion by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4488\"\u003eaws-cloudformation/cfn-lint#4488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/9c6ff05015d6b3c5404462b5209782ff20e4da95\"\u003e\u003ccode\u003e9c6ff05\u003c/code\u003e\u003c/a\u003e Release v1.51.0 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4508\"\u003e#4508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/e132445efb2d7fc7b114d54c12cb7178c558ca1f\"\u003e\u003ccode\u003ee132445\u003c/code\u003e\u003c/a\u003e Include usage path in resolved function error messages (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4507\"\u003e#4507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/36b449dd3dd169354f481d4ce5e4004f85bfa939\"\u003e\u003ccode\u003e36b449d\u003c/code\u003e\u003c/a\u003e Update CloudFormation schemas to 2026-05-12 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4503\"\u003e#4503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/4ea032cba8bb0c266ba13c8e4bc1b6ed297cd3f3\"\u003e\u003ccode\u003e4ea032c\u003c/code\u003e\u003c/a\u003e Fix schema validation issues and add warning rules (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4502\"\u003e#4502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/d3a87179a773db9af1f64fc4d0caf19aeb287965\"\u003e\u003ccode\u003ed3a8717\u003c/code\u003e\u003c/a\u003e Fix W3664 false positive for regional CloudWatch Logs principal (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4506\"\u003e#4506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/11231fd395f14bbd6b0073fb80b17a1732e1f89e\"\u003e\u003ccode\u003e11231fd\u003c/code\u003e\u003c/a\u003e Move SSM Parameter Name /aws/ prefix check from error to warning (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4501\"\u003e#4501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/6fc80975b14147989f9ad2b826ed5708d565ca47\"\u003e\u003ccode\u003e6fc8097\u003c/code\u003e\u003c/a\u003e Update CloudFormation schemas to 2026-05-11 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4490\"\u003e#4490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/1492d3f4314f3531bddcb923ad5a253d93752e9d\"\u003e\u003ccode\u003e1492d3f\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4497\"\u003e#4497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/9b9acbfd7943608eb8930ba407d269e8a17c37ef\"\u003e\u003ccode\u003e9b9acbf\u003c/code\u003e\u003c/a\u003e Fix E3039 crash when Fn::Transform is used at list property positions (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4498\"\u003e#4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/a74054f4f605dccb169902da49af95ff138b1b4e\"\u003e\u003ccode\u003ea74054f\u003c/code\u003e\u003c/a\u003e feat: Add support for Fn::GetStackOutput intrinsic function (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4495\"\u003e#4495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.51.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ASFHyP3/hyp3/pull/3105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASFHyP3%2Fhyp3/issues/3105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3105/packages"},{"uuid":"4490555033","node_id":"PR_kwDOSYDk_87du2RV","number":34,"state":"open","title":"chore(deps): bump cryptography from 46.0.7 to 48.0.0 in /scripts","user":"dependabot[bot]","labels":["dependencies","🔧 scripts"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T23:25:12.000Z","updated_at":"2026-05-20T23:31:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/scripts","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 48.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=46.0.7\u0026new-version=48.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated cryptography library to the latest version for improved stability and security.\n\n\u003c!-- review_stack_entry_start --\u003e\n\n[![Review Change Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/kaelys-js/heron/pull/34?utm_source=github_walkthrough\u0026utm_medium=github\u0026utm_campaign=change_stack)\n\n\u003c!-- review_stack_entry_end --\u003e\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/kaelys-js/heron/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelys-js%2Fheron/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"4490276256","node_id":"PR_kwDORlmpCM7dt-yd","number":1,"state":"open","title":"chore(deps): bump the uv group across 3 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T22:16:28.000Z","updated_at":"2026-05-20T22:54:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /src/time directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /src/git directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n\nBumps the uv group with 8 updates in the /src/fetch directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter an...\n\n_Description has been truncated_","html_url":"https://github.com/mh241/servers/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh241%2Fservers/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4481937417","node_id":"PR_kwDOOx5pCM7dTHL-","number":175,"state":"open","title":"chore(deps): bump the pip group across 20 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T23:50:15.000Z","updated_at":"2026-05-19T23:51:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"certifi","old_version":"2022.12.7","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"cryptography","old_version":"36.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h11","old_version":"0.13.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.3","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"4.9.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pyopenssl","old_version":"22.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"requests","old_version":"2.27.1","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.63.0","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"1.26.19","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /examples/benchmarks/ADARNN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ADD directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ALSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GATs directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GRU directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/HIST directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/IGMTF directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/LSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Localformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/MLP directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/SFM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCTS directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/TFT directory: [tensorflow-gpu](https://github.com/tensorflow/tensorflow).\nBumps the pip group with 2 updates in the /examples/benchmarks/TRA directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TabNet directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Transformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks_dynamic/DDG-DA directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/hyperparameter/LightGBM directory: [lightgbm](https://github.com/microsoft/LightGBM).\nBumps the pip group with 9 updates in the /scripts/data_collector/br_index directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `46.0.7` |\n| [h11](https://github.com/python-hyper/h11) | `0.13.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.3` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `4.9.1` | `6.1.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.0.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.27.1` | `2.33.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.19` | `2.7.0` |\n\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/qlib/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fqlib/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"}],"issue_packages":[{"old_version":"46.0.6","new_version":"46.0.7","update_type":"patch","path":"/portal","pr_created_at":"2026-05-27T00:05:29.000Z","version_change":"46.0.6 → 46.0.7","issue":{"uuid":"4528364640","node_id":"PR_kwDOSoww6s7fnoxr","number":9,"state":"closed","title":"chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /portal","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T00:07:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T00:05:29.000Z","updated_at":"2026-05-27T00:07:06.000Z","time_to_close":94,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":"/portal","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=46.0.6\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/identity-spiffe/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/identity-spiffe/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fidentity-spiffe/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"\u003e=42.0.0","new_version":"\u003e=48.0.0","update_type":null,"path":null,"pr_created_at":"2026-05-26T22:12:34.000Z","version_change":"\u003e=42.0.0 → \u003e=48.0.0","issue":{"uuid":"4527853534","node_id":"PR_kwDOR4ROfc7fl_T1","number":15,"state":"open","title":"deps(py)(deps): update cryptography requirement from \u003e=42.0.0 to \u003e=48.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["ArihantK15"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T22:12:34.000Z","updated_at":"2026-05-26T22:27:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(py)(deps): update","packages":[{"name":"cryptography","old_version":"\u003e=42.0.0","new_version":"\u003e=48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ArihantK15/proctor-browser/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArihantK15%2Fproctor-browser/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"41.0.7","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-26T02:35:02.000Z","version_change":"41.0.7 → 46.0.7","issue":{"uuid":"4520870249","node_id":"PR_kwDOPiJZBs7fPRt2","number":15,"state":"open","title":"Bump the pip group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:35:02.000Z","updated_at":"2026-05-26T04:57:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":19,"packages":[{"name":"urllib3","old_version":"1.25.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2023.11.17","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.6","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.3.2","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"setuptools","old_version":"69.0.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jupyter-server","old_version":"2.12.5","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.0.11","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.14.2","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"notebook","old_version":"7.0.7","new_version":"7.5.6","repository_url":"https://github.com/jupyter/notebook"},{"name":"tornado","old_version":"6.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"cryptography","old_version":"41.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"tqdm","old_version":"4.66.1","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"},{"name":"pyopenssl","old_version":"23.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /test/requirements/compiled directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.25.3` | `2.7.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.11.17` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.5.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `69.0.3` | `78.1.1` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.12.5` | `2.18.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.0.11` | `4.5.7` |\n| [mistune](https://github.com/lepture/mistune) | `3.0.2` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.14.2` | `7.17.1` |\n| [notebook](https://github.com/jupyter/notebook) | `7.0.7` | `7.5.6` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.5.5` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.7` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.3.0` | `26.0.0` |\n\n\nUpdates `urllib3` from 1.25.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2023.11.17 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.11.17...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.3.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.3.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 69.0.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v69.0.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-ser...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 19 Python dependencies across test requirement files, bringing packages to their latest versions with security fixes, bug fixes, and new features.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Critical security fixes in urllib3 (CVE-2026-21441), requests (CVE-2026-25645), cryptography, and jinja2 (multiple CVEs)\n- **Major Version Bumps**: Black updated from 23.12.1 to 26.3.1, pytest from 7.4.4 to 9.0.3, scikit-learn from 1.3.2 to 1.5.0\n- **Jupyter Ecosystem**: Comprehensive updates to jupyter-server (2.12.5→2.18.0), jupyterlab (4.0.11→4.5.7), notebook (7.0.7→7.5.6)\n- **Infrastructure Libraries**: urllib3 major update (1.25.3→2.7.0), setuptools (69.0.3→78.1.1), cryptography (41.0.7→46.0.7)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 19 Outdated Packages]\n    B --\u003e C[Security Vulnerabilities Found]\n    B --\u003e D[Feature Updates Available]\n    C --\u003e E[urllib3: Decompression bomb fixes]\n    C --\u003e F[requests: Malicious file replacement fix]\n    C --\u003e G[jinja2: Sandbox bypass fixes]\n    C --\u003e H[cryptography: Security patches]\n    D --\u003e I[Black: Jupyter notebook improvements]\n    D --\u003e J[pytest: Python 3.14 support]\n    D --\u003e K[scikit-learn: New ML features]\n    E --\u003e L[Updated Requirements Files]\n    F --\u003e L\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including decompression bomb vulnerabilities, malicious file replacement, and sandbox bypass issues\n- **Compatibility Improvements**: Adds Python 3.14 support in pytest, removes deprecated features, and improves Windows compatibility\n- **Development Experience**: Enhanced Jupyter notebook support, better error messages, improved type annotations, and performance optimizations\n- **Testing Infrastructure**: Updated pytest with better async support, improved error handling, and enhanced debugging capabilities\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"46.0.3","new_version":"46.0.7","update_type":"patch","path":null,"pr_created_at":"2026-05-26T02:24:03.000Z","version_change":"46.0.3 → 46.0.7","issue":{"uuid":"4520823235","node_id":"PR_kwDOPsndK87fPIBg","number":4,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:24:03.000Z","updated_at":"2026-05-26T02:24:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"protobuf","old_version":"6.33.0","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.1.3","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"46.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml-html-clean","old_version":"0.4.3","new_version":"0.4.4","repository_url":"https://github.com/fedora-python/lxml_html_clean"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 9 updates in the /docreader directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.0` | `6.33.5` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.1.3` | `6.10.2` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) | `0.4.3` | `0.4.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.0.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.33.0 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.1.3 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.1.3...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml-html-clean` from 0.4.3 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst\"\u003elxml-html-clean's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.4.4 (2026-02-26)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where Unicode escapes in CSS were not properly decoded\nbefore security checks. This prevents attackers from bypassing filters\nusing escape sequences. (CVE-2026-28348)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tags could be used for URL\nhijacking attacks. The \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tag is now automatically removed\nwhenever the \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e tag is removed (via \u003ccode\u003epage_structure=True\u003c/code\u003e\nor manual configuration), as \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e must be inside \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e\naccording to HTML specifications. (CVE-2026-28350)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fd10d79cf8a4d4a962e139aee6d02dec02b2de7c\"\u003e\u003ccode\u003efd10d79\u003c/code\u003e\u003c/a\u003e Add more tests for different combinations of backslashes and unicode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/5b7e2288d9e5bda81d1fcf6a4feaed362534899e\"\u003e\u003ccode\u003e5b7e228\u003c/code\u003e\u003c/a\u003e Restore the removal of all backslashes from styles after decoding of unicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/88da8f9e679190ae06f1238106dd9fbd1d87bfbb\"\u003e\u003ccode\u003e88da8f9\u003c/code\u003e\u003c/a\u003e Prepare release 0.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\"\u003e\u003ccode\u003e9c5612c\u003c/code\u003e\u003c/a\u003e Remove \u0026lt;base\u0026gt; tags to prevent URL hijacking attacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b\"\u003e\u003ccode\u003e2ef7326\u003c/code\u003e\u003c/a\u003e Implement unicode escape decoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/7c854afd949ff82cc6e81a666962e07b739706cf\"\u003e\u003ccode\u003e7c854af\u003c/code\u003e\u003c/a\u003e Add missing Python 3.14 to classifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/80cebf7156449bd48d2d6106a70c7442874fa1f9\"\u003e\u003ccode\u003e80cebf7\u003c/code\u003e\u003c/a\u003e Continue using the package link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/1cef82e0647549b901452f45396ded8e6b2bceab\"\u003e\u003ccode\u003e1cef82e\u003c/code\u003e\u003c/a\u003e Update safe sanitizer recommendation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/79f35f4b7542bf87286b45764a7b0bdf6830bb36\"\u003e\u003ccode\u003e79f35f4\u003c/code\u003e\u003c/a\u003e CI: Drop Python 3.8, add 3.14\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/compare/0.4.3...0.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHS...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 9 Python dependencies in the docreader module, including both direct dependencies (pillow, protobuf, pypdf, requests) and indirect dependencies (cryptography, idna, lxml-html-clean, python-dotenv, urllib3) to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Direct Dependencies**: Updated pillow (12.0.0→12.2.0), protobuf (6.33.0→6.33.5), pypdf (6.1.3→6.10.2), and requests (2.32.5→2.33.0)\n- **Indirect Dependencies**: Updated cryptography (46.0.3→46.0.7), idna (3.11→3.15), lxml-html-clean (0.4.3→0.4.4), python-dotenv (1.2.1→1.2.2), and urllib3 (2.5.0→2.7.0)\n- **Security Improvements**: Multiple packages include critical security fixes, particularly pypdf, cryptography, urllib3, and lxml-html-clean\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependency Update Process] --\u003e B[Direct Dependencies]\n    A --\u003e C[Indirect Dependencies]\n    \n    B --\u003e D[pillow 12.2.0\u003cbr/\u003eImage processing improvements]\n    B --\u003e E[protobuf 6.33.5\u003cbr/\u003eProtocol buffer updates]\n    B --\u003e F[pypdf 6.10.2\u003cbr/\u003ePDF security fixes]\n    B --\u003e G[requests 2.33.0\u003cbr/\u003eHTTP library updates]\n    \n    C --\u003e H[cryptography 46.0.7\u003cbr/\u003eCVE fixes]\n    C --\u003e I[idna 3.15\u003cbr/\u003eUnicode handling]\n    C --\u003e J[lxml-html-clean 0.4.4\u003cbr/\u003eHTML sanitization]\n    C --\u003e K[python-dotenv 1.2.2\u003cbr/\u003eEnvironment variables]\n    C --\u003e L[urllib3 2.7.0\u003cbr/\u003eHTTP connection pooling]\n    \n    D --\u003e M[Enhanced Security \u0026 Stability]\n    E --\u003e M\n    F --\u003e M\n    G --\u003e M\n    H --\u003e M\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including buffer overflow fixes in cryptography, decompression bomb protections in urllib3, and XSS prevention in lxml-html-clean\n- **Stability Improvements**: pypdf received significant updates (6.1.3→6.10.2) with numerous bug fixes and robustness improvements for PDF processing\n- **Compatibility Maintenance**: Updates maintain backward compatibility while providing latest features and performance optimizations across the document processing pipeline\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/WeKnora/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2FWeKnora/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"43.0.0","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-26T01:22:32.000Z","version_change":"43.0.0 → 46.0.7","issue":{"uuid":"4520553322","node_id":"PR_kwDOPiJZBs7fOPVK","number":14,"state":"open","title":"Bump the uv group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:32.000Z","updated_at":"2026-05-26T01:24:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":5,"packages":[{"name":"poetry","old_version":"1.8.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"cryptography","old_version":"43.0.0","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /scripts/benchmark directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [poetry](https://github.com/python-poetry/poetry) | `1.8.3` | `2.3.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `46.0.7` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n\n\nUpdates `poetry` from 1.8.3 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/1.8.3...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.0 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 24.2 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/24.2...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/uv/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔄 This PR updates 5 Python dependencies in the `/scripts/benchmark` directory through Dependabot's automated dependency management, bringing significant version bumps including Poetry 1.8.3→2.3.4, cryptography 43.0.0→46.0.7, and pip 24.2→26.1.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Poetry**: Major version bump from 1.8.3 to 2.3.4 with critical security fixes for path traversal vulnerabilities\n- **Cryptography**: Updated from 43.0.0 to 46.0.7 addressing multiple CVEs including buffer overflow and elliptic curve vulnerabilities\n- **Pip**: Significant update from 24.2 to 26.1 adding experimental pylock.toml support and dropping Python 3.9 support\n- **Python-dotenv**: Updated from 1.0.1 to 1.2.2 with Python 3.14 support and symlink handling improvements\n- **Requests**: Minor update from 2.32.3 to 2.33.0 with inline typing support and netrc authentication fixes\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Poetry 1.8.3→2.3.4]\n    B --\u003e D[Cryptography 43.0.0→46.0.7]\n    B --\u003e E[Pip 24.2→26.1]\n    B --\u003e F[Python-dotenv 1.0.1→1.2.2]\n    B --\u003e G[Requests 2.32.3→2.33.0]\n    \n    C --\u003e H[Security Fixes]\n    D --\u003e I[CVE Patches]\n    E --\u003e J[New Features]\n    F --\u003e K[Python 3.14 Support]\n    G --\u003e L[Type Annotations]\n    \n    H --\u003e M[Updated Dependencies]\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Multiple critical vulnerabilities patched across cryptography and poetry packages\n- **Compatibility**: Python 3.14 support added while Python 3.9 support dropped in some packages\n- **Development Experience**: Improved typing support in requests and better CLI functionality in python-dotenv\n- **Maintenance**: Automated dependency updates ensure the benchmark scripts stay current with latest security patches\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"46.0.5","new_version":"46.0.7","update_type":"patch","path":null,"pr_created_at":"2026-05-25T23:58:24.000Z","version_change":"46.0.5 → 46.0.7","issue":{"uuid":"4520214411","node_id":"PR_kwDOSnxeQM7fNI7Z","number":2,"state":"closed","title":"Bump cryptography from 46.0.5 to 46.0.7","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T23:38:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T23:58:24.000Z","updated_at":"2026-05-26T23:38:34.000Z","time_to_close":85209,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.5\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/abyodun74/cli_project/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/abyodun74/cli_project/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abyodun74%2Fcli_project/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"46.0.5","new_version":"46.0.7","update_type":"patch","path":null,"pr_created_at":"2026-05-25T22:25:54.000Z","version_change":"46.0.5 → 46.0.7","issue":{"uuid":"4519843133","node_id":"PR_kwDOR1KrJs7fL6sl","number":39,"state":"open","title":"chore(deps)(deps): bump the minor-and-patch group across 1 directory with 27 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:25:54.000Z","updated_at":"2026-05-25T22:25:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"minor-and-patch","update_count":27,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.4","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pathspec","old_version":"1.0.4","new_version":"1.1.1","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.4","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"prometheus-client","old_version":"0.24.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"tomli","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/hukkin/tomli"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.48.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.50` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.5` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.14.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.4` | `4.9.6` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.24.1` | `0.25.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [tomli](https://github.com/hukkin/tomli) | `2.4.0` | `2.4.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `fastapi` from 0.135.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.41.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.43.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.41.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.11 to 2.9.12\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.12\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop with malformed interval (:ticket:\u003ccode\u003e1835\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/3a6d9d6ddc6b53eaa80b712f5fa6b23abbdc38db\"\u003e\u003ccode\u003e3a6d9d6\u003c/code\u003e\u003c/a\u003e ci: include almalinux in whieel building\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ebca6bf0f86bc6cbdc86de1eb3a53eaf49966d86\"\u003e\u003ccode\u003eebca6bf\u003c/code\u003e\u003c/a\u003e chore: bump to version 3.9.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/0196f02cc9512df8de3c941f87d27bda98f9f7af\"\u003e\u003ccode\u003e0196f02\u003c/code\u003e\u003c/a\u003e build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d157bdc2235a42dc1742936dbb0f5cfc8e4d2eb7\"\u003e\u003ccode\u003ed157bdc\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/7fccc0f5066a40dea530512abbf02621f4182b81\"\u003e\u003ccode\u003e7fccc0f\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 6 to 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d52a61eb2e6095fc1b9891bfcca44ebfac509e55\"\u003e\u003ccode\u003ed52a61e\u003c/code\u003e\u003c/a\u003e chore: bump dependency libraries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/b231d726a01d55e07ec3620b2b82f4a2da37ba62\"\u003e\u003ccode\u003eb231d72\u003c/code\u003e\u003c/a\u003e chore: fix building binary images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/6d76e8479f0f522c2e07ce0e2701030d8fd63785\"\u003e\u003ccode\u003e6d76e84\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1836\"\u003e#1836\u003c/a\u003e from psycopg/fix-1835\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/f7e314c7ab418ab9b9956e694956089a49c5c3b9\"\u003e\u003ccode\u003ef7e314c\u003c/code\u003e\u003c/a\u003e fix: overflow in malformed interval\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/eb905c124b75f2a5183d22177b85af20914b0f17\"\u003e\u003ccode\u003eeb905c1\u003c/code\u003e\u003c/a\u003e docs: replace bare except clause with except Exception\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.11...2.9.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-cov` from 7.0.0 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst\"\u003epytest-cov's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-03-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed total coverage computation to always be consistent, regardless of reporting settings.\nPreviously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on\nreporting options.\nSee \u003ccode\u003e[#641](https://github.com/pytest-dev/pytest-cov/issues/641) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/641\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove handling of ResourceWarning from sqlite3.\u003c/p\u003e\n\u003cp\u003eThe plugin adds warning filter for sqlite3 \u003ccode\u003eResourceWarning\u003c/code\u003e unclosed database (since 6.2.0).\nIt checks if there is already existing plugin for this message by comparing filter regular expression.\nWhen filter is specified on command line the message is escaped and does not match an expected message.\nA check for an escaped regular expression is added to handle this case.\u003c/p\u003e\n\u003cp\u003eWith this fix one can suppress \u003ccode\u003eResourceWarning\u003c/code\u003e from sqlite3 from command line::\u003c/p\u003e\n\u003cp\u003epytest -W \u0026quot;ignore:unclosed database in \u0026lt;sqlite3.Connection object at:ResourceWarning\u0026quot; ...\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to documentation.\nContributed by Art Pelling in \u003ccode\u003e[#718](https://github.com/pytest-dev/pytest-cov/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/718\u0026gt;\u003c/code\u003e_ and\n\u0026quot;vivodi\u0026quot; in \u003ccode\u003e[#738](https://github.com/pytest-dev/pytest-cov/issues/738) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/738\u0026gt;\u003c/code\u003e\u003cem\u003e.\nAlso closed \u003ccode\u003e[#736](https://github.com/pytest-dev/pytest-cov/issues/736) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/736\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed some assertions in tests.\nContributed by in Markéta Machová in \u003ccode\u003e[#722](https://github.com/pytest-dev/pytest-cov/issues/722) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/722\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622\"\u003e\u003ccode\u003e66c8a52\u003c/code\u003e\u003c/a\u003e Bump version: 7.0.0 → 7.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e\"\u003e\u003ccode\u003ef707662\u003c/code\u003e\u003c/a\u003e Make the examples use pypy 3.11.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672\"\u003e\u003ccode\u003e6049a78\u003c/code\u003e\u003c/a\u003e Make context test use the old ctracer (seems the new sysmon tracer behaves di...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b\"\u003e\u003ccode\u003e8ebf20b\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9\"\u003e\u003ccode\u003e861d30e\u003c/code\u003e\u003c/a\u003e Remove the backup context manager  - shouldn't be needed since coverage 5.0, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f\"\u003e\u003ccode\u003efd4c956\u003c/code\u003e\u003c/a\u003e Pass the precision on the nulled total (seems that there's some caching goion...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6\"\u003e\u003ccode\u003e78c9c4e\u003c/code\u003e\u003c/a\u003e Only run the 3.9 on older deps.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc\"\u003e\u003ccode\u003e4849a92\u003c/code\u003e\u003c/a\u003e Punctuation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7\"\u003e\u003ccode\u003e197c35e\u003c/code\u003e\u003c/a\u003e Update changelog and hopefully I don't forget to publish release again :))\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f\"\u003e\u003ccode\u003e14dc1c9\u003c/code\u003e\u003c/a\u003e Update examples to use 3.11 and make the adhoc layout example look a bit more...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline commen...\n\n_Description has been truncated_","html_url":"https://github.com/outshift-open/ioc-cfn-mgmt-backend-svc/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/outshift-open%2Fioc-cfn-mgmt-backend-svc/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"}},{"old_version":"43.0.3","new_version":"46.0.7","update_type":"major","path":"/backend","pr_created_at":"2026-05-25T22:16:04.000Z","version_change":"43.0.3 → 46.0.7","issue":{"uuid":"4519810752","node_id":"PR_kwDOSXYJrc7fL0De","number":25,"state":"closed","title":"Bump cryptography from 43.0.3 to 46.0.7 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T04:52:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T22:16:04.000Z","updated_at":"2026-05-26T04:52:58.000Z","time_to_close":23804,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=43.0.3\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BUMETCS673/cs673olsum26project-cs673olsum26team2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/BUMETCS673/cs673olsum26project-cs673olsum26team2/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BUMETCS673%2Fcs673olsum26project-cs673olsum26team2/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"\u003c47,\u003e=46.0.7","new_version":"\u003e=48.0.0,\u003c49","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:09:02.000Z","version_change":"\u003c47,\u003e=46.0.7 → \u003e=48.0.0,\u003c49","issue":{"uuid":"4519540404","node_id":"PR_kwDOSb-0DM7fK8xH","number":98,"state":"open","title":"deps: update cryptography requirement from \u003c47,\u003e=46.0.7 to \u003e=48.0.0,\u003c49","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:09:02.000Z","updated_at":"2026-05-25T21:09:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: update","packages":[{"name":"cryptography","old_version":"\u003c47,\u003e=46.0.7","new_version":"\u003e=48.0.0,\u003c49","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Sundeepg98/google-docs-mcp/pull/98","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sundeepg98%2Fgoogle-docs-mcp/issues/98","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/98/packages"}},{"old_version":"\u003c46,\u003e=43","new_version":"\u003e=48.0.0,\u003c49","update_type":null,"path":"/backend","pr_created_at":"2026-05-25T07:42:43.000Z","version_change":"\u003c46,\u003e=43 → \u003e=48.0.0,\u003c49","issue":{"uuid":"4515199471","node_id":"PR_kwDOSMfd6M7e85Hr","number":51,"state":"open","title":"deps(backend): update cryptography requirement from \u003c46,\u003e=43 to \u003e=48.0.0,\u003c49 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T07:42:43.000Z","updated_at":"2026-05-25T07:45:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend): update","packages":[{"name":"cryptography","old_version":"\u003c46,\u003e=43","new_version":"\u003e=48.0.0,\u003c49","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Jeffreynuez/civicview/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jeffreynuez%2Fcivicview/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"}},{"old_version":"\u003e=46.0.5","new_version":"\u003e=48.0.0","update_type":null,"path":null,"pr_created_at":"2026-05-23T21:49:18.000Z","version_change":"\u003e=46.0.5 → \u003e=48.0.0","issue":{"uuid":"4509698585","node_id":"PR_kwDOSl8fx87esTMS","number":6,"state":"open","title":"Update cryptography requirement from \u003e=46.0.5 to \u003e=48.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T21:49:18.000Z","updated_at":"2026-05-23T21:49:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"cryptography","old_version":"\u003e=46.0.5","new_version":"\u003e=48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DhruvaBansal00/robin_stocks_v2/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DhruvaBansal00%2Frobin_stocks_v2/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"43.0.1","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-23T08:48:02.000Z","version_change":"43.0.1 → 46.0.7","issue":{"uuid":"4507542660","node_id":"PR_kwDOSlaZiM7eltws","number":7,"state":"closed","title":"deps(deps): bump the pip group across 1 directory with 4 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-24T02:09:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T08:48:02.000Z","updated_at":"2026-05-24T02:09:08.000Z","time_to_close":62466,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"pip","update_count":4,"packages":[{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"43.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"apache-airflow","old_version":"2.10.2","new_version":"3.2.1rc1","repository_url":"https://github.com/apache/airflow"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the / directory: [python-multipart](https://github.com/Kludex/python-multipart), [cryptography](https://github.com/pyca/cryptography), [apache-airflow](https://github.com/apache/airflow) and [pytest](https://github.com/pytest-dev/pytest).\n\nUpdates `python-multipart` from 0.0.12 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.12...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.1 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.1...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `apache-airflow` from 2.10.2 to 3.2.1rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/airflow/releases\"\u003eapache-airflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Airflow 3.2.0\u003c/h2\u003e\n\u003cp\u003e📦 PyPI: \u003ca href=\"https://pypi.org/project/apache-airflow/3.2.0/\"\u003ehttps://pypi.org/project/apache-airflow/3.2.0/\u003c/a\u003e\n📚 Docs: \u003ca href=\"https://airflow.apache.org/docs/apache-airflow/3.2.0/\"\u003ehttps://airflow.apache.org/docs/apache-airflow/3.2.0/\u003c/a\u003e\n🛠 Release Notes: \u003ca href=\"https://airflow.apache.org/docs/apache-airflow/3.2.0/release_notes.html\"\u003ehttps://airflow.apache.org/docs/apache-airflow/3.2.0/release_notes.html\u003c/a\u003e\n🐳 Docker Image: \u0026quot;docker pull apache/airflow:3.2.0\u0026quot;\n🚏 Constraints: \u003ca href=\"https://github.com/apache/airflow/tree/constraints-3.2.0\"\u003ehttps://github.com/apache/airflow/tree/constraints-3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eSignificant Changes\u003c/h2\u003e\n\u003ch3\u003eAsset Partitioning\u003c/h3\u003e\n\u003cp\u003eThe headline feature of Airflow 3.2.0 is asset partitioning — a major evolution of data-aware\nscheduling. Instead of triggering Dags based on an entire asset, you can now schedule downstream\nprocessing based on specific partitions of data. Only the relevant slice of data triggers downstream\nwork, making pipeline orchestration far more efficient and precise.\u003c/p\u003e\n\u003cp\u003eThis matters when working with partitioned data lakes — date-partitioned S3 paths, Hive table\npartitions, BigQuery table partitions, or any other partitioned data store. Previously, any update\nto an asset triggered all downstream Dags regardless of which partition changed. Now only the right\nwork gets triggered at the right time.\u003c/p\u003e\n\u003cp\u003eFor detailed usage instructions, see :doc:\u003ccode\u003e/authoring-and-scheduling/assets\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eMulti-Team Deployments\u003c/h3\u003e\n\u003cp\u003eAirflow 3.2 introduces multi-team support, allowing organizations to run multiple isolated teams within a single Airflow deployment.\nEach team can have its own Dags, connections, variables, pools, and executors— enabling true resource and permission isolation without requiring separate Airflow instances per team.\u003c/p\u003e\n\u003cp\u003eThis is particularly valuable for platform teams that serve multiple data engineering or data science teams from shared infrastructure, while maintaining strong boundaries between teams' resources and access.\u003c/p\u003e\n\u003cp\u003eFor detailed usage instructions, see :doc:\u003ccode\u003e/core-concepts/multi-team\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e.. warning::\u003c/p\u003e\n\u003cp\u003eMulti-Team Deployments are experimental in 3.2.0 and may change in future versions based on\nuser feedback.\u003c/p\u003e\n\u003ch3\u003eSynchronous callback support for Deadline Alerts\u003c/h3\u003e\n\u003cp\u003eDeadline Alerts now support synchronous callbacks via \u003ccode\u003eSyncCallback\u003c/code\u003e in addition to the existing\nasynchronous \u003ccode\u003eAsyncCallback\u003c/code\u003e. Synchronous callbacks are executed by the executor (rather than\nthe triggerer), and can optionally target a specific executor via the \u003ccode\u003eexecutor\u003c/code\u003e parameter.\u003c/p\u003e\n\u003cp\u003eA Dag can also define multiple Deadline Alerts by passing a list to the \u003ccode\u003edeadline\u003c/code\u003e parameter,\nand each alert can use either callback type.\u003c/p\u003e\n\u003cp\u003e.. warning::\u003c/p\u003e\n\u003cp\u003eDeadline Alerts are experimental in 3.2.0 and may change in future versions based on\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/b457a3001f055dabbf73b8562026113ac9d91488\"\u003e\u003ccode\u003eb457a30\u003c/code\u003e\u003c/a\u003e update release notes for 3.2.1rc1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/200a7e13a628316ad8020cfc31f5dff888d0e748\"\u003e\u003ccode\u003e200a7e1\u003c/code\u003e\u003c/a\u003e Update version to 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/3abf7e0d9fcdbedd9562184dd96171f7a5e5d5b3\"\u003e\u003ccode\u003e3abf7e0\u003c/code\u003e\u003c/a\u003e update release notes of 3.2.0 specifying \u003ccode\u003esqlalchemy[asyncio]\u0026gt;=2.0.48\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/6513\"\u003e#6513\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/daae7bbfef9e2fc19f01facd4d2b1c65e9495ae6\"\u003e\u003ccode\u003edaae7bb\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003edeactivate_deleted_dags\u003c/code\u003e signature broken by \u003ca href=\"https://redirect.github.com/apache/airflow/issues/63617\"\u003e#63617\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64245\"\u003e#64245\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65312\"\u003e#65312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/519c4f1cf2dc8e90ad910407895d86e7e74689de\"\u003e\u003ccode\u003e519c4f1\u003c/code\u003e\u003c/a\u003e fix: use Dag form when materializing asset (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64211\"\u003e#64211\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65303\"\u003e#65303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/7c4dbf9ead4e2fd0eddb853fd5858517ba1431eb\"\u003e\u003ccode\u003e7c4dbf9\u003c/code\u003e\u003c/a\u003e Change default sort to 'id' for list task instances (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64168\"\u003e#64168\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65297\"\u003e#65297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/7ba62fcc3924564c03b55da60ce3d6ba8c9882e6\"\u003e\u003ccode\u003e7ba62fc\u003c/code\u003e\u003c/a\u003e Fix zip DAG import errors being cleared during bundle refresh (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/63617\"\u003e#63617\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65296\"\u003e#65296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/8a3af78363955dc4de4a74a57ed5143c999c3b7c\"\u003e\u003ccode\u003e8a3af78\u003c/code\u003e\u003c/a\u003e Remove outdated TODO comment about permissions (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/64169\"\u003e#64169\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65295\"\u003e#65295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/f6dc7714270808a0762b1fc6b77c500d23954ca3\"\u003e\u003ccode\u003ef6dc771\u003c/code\u003e\u003c/a\u003e fix(connection-model): RFC3896 \u003ccode\u003econn_type\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/63167\"\u003e#63167\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65294\"\u003e#65294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/airflow/commit/f55ed5c070d77e7370a88763b10a53b38e09f5ee\"\u003e\u003ccode\u003ef55ed5c\u003c/code\u003e\u003c/a\u003e Add overridable metadata engine creation hooks in \u003ccode\u003esettings.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/62184\"\u003e#62184\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/apache/airflow/issues/65\"\u003e#65\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/airflow/compare/2.10.2...3.2.1rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/zrlopez/ml-incident-response-playbook/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zrlopez%2Fml-incident-response-playbook/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"45.0.7","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-23T04:58:46.000Z","version_change":"45.0.7 → 46.0.7","issue":{"uuid":"4506888113","node_id":"PR_kwDORy5D7c7ejqhE","number":1,"state":"open","title":"Bump cryptography from 45.0.7 to 46.0.7","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T04:58:46.000Z","updated_at":"2026-05-23T04:59:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"45.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.7.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=45.0.7\u0026new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dct555/httpx/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Dct555/httpx/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fhttpx/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"47.0.0","new_version":"48.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-22T10:16:32.000Z","version_change":"47.0.0 → 48.0.0","issue":{"uuid":"4501821896","node_id":"PR_kwDOSPEPBc7eTXHA","number":4,"state":"open","title":"Bump cryptography from 47.0.0 to 48.0.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T10:16:32.000Z","updated_at":"2026-05-22T10:18:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 47.0.0 to 48.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=47.0.0\u0026new-version=48.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/20206205Tech/data-pipeline-vbplnew-service/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/20206205Tech%2Fdata-pipeline-vbplnew-service/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"47.0.0","new_version":"48.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-22T05:26:07.000Z","version_change":"47.0.0 → 48.0.0","issue":{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"}},{"old_version":"42.0.5","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-21T02:19:12.000Z","version_change":"42.0.5 → 46.0.7","issue":{"uuid":"4491187680","node_id":"PR_kwDOSSwFHc7dw07M","number":3,"state":"closed","title":"Bump the pip group across 23 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-21T02:22:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T02:19:12.000Z","updated_at":"2026-05-21T02:22:32.000Z","time_to_close":198,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":8,"packages":[{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"cryptography","old_version":"42.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pillow","old_version":"9.5.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"zipp","old_version":"3.15.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /benchmarks/XBEN-005-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-007-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-021-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-058-24/app directory: [idna](https://github.com/kjd/idna) and [jinja2](https://github.com/pallets/jinja).\nBumps the pip group with 1 update in the /benchmarks/XBEN-062-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-063-24/app/website directory: [flask](https://github.com/pallets/flask) and [pymysql](https://github.com/PyMySQL/PyMySQL).\nBumps the pip group with 1 update in the /benchmarks/XBEN-064-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-065-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-068-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-070-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-073-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-074-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /benchmarks/XBEN-076-24/ssti-demo-app directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /benchmarks/XBEN-082-24/api directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-082-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-087-24/src directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-089-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /benchmarks/XBEN-091-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-094-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 3 updates in the /benchmarks/XBEN-100-24/app directory: [jinja2](https://github.com/pallets/jinja), [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 6 updates in the /benchmarks/XBEN-101-24/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `42.0.5` | `46.0.7` |\n| [pillow](https://github.com/python-pillow/Pillow) | `9.5.0` | `12.2.0` |\n| [zipp](https://github.com/jaraco/zipp) | `3.15.0` | `3.19.1` |\n\nBumps the pip group with 1 update in the /benchmarks/XBEN-102-24/app directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 1 update in the /benchmarks/XBEN-103-24/app directory: [flask](https://github.com/pallets/flask).\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.4...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.4...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.3...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filte...\n\n_Description has been truncated_","html_url":"https://github.com/pellera9/validation-benchmarks/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pellera9%2Fvalidation-benchmarks/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"47.0.0","new_version":"48.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-20T23:28:24.000Z","version_change":"47.0.0 → 48.0.0","issue":{"uuid":"4490567044","node_id":"PR_kwDOD385987du4i9","number":3105,"state":"closed","title":"Bump the pip-deps group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["major","bumpless"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T23:42:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T23:28:24.000Z","updated_at":"2026-05-20T23:42:39.000Z","time_to_close":854,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-deps","update_count":9,"packages":[{"name":"asf-search","old_version":"12.0.7","new_version":"12.2.0","repository_url":"https://github.com/asfadmin/Discovery-asf_search"},{"name":"boto3","old_version":"1.42.97","new_version":"1.43.12","repository_url":"https://github.com/boto/boto3"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"moto","old_version":"5.1.22","new_version":"5.2.1","repository_url":"https://github.com/getmoto/moto"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"openapi-spec-validator","old_version":"0.8.5","new_version":"0.9.0","repository_url":"https://github.com/python-openapi/openapi-spec-validator"},{"name":"cfn-lint","old_version":"1.50.0","new_version":"1.51.0","repository_url":"https://github.com/aws-cloudformation/cfn-lint"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-deps group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [asf-search](https://github.com/asfadmin/Discovery-asf_search) | `12.0.7` | `12.2.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.97` | `1.43.12` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [moto](https://github.com/getmoto/moto) | `5.1.22` | `5.2.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.8.5` | `0.9.0` |\n| [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) | `1.50.0` | `1.51.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n\n\nUpdates `asf-search` from 12.0.7 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/releases\"\u003easf-search's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev12.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.1...v12.2.0\"\u003ev12.2.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eBuild SBAS stacks from a geographic reference scene or from the results of an \u003ccode\u003eASFProduct.stack()\u003c/code\u003e search\u003c/li\u003e\n\u003cli\u003eSeasonal gaps are connected with bridge pairs spanning one or more years\u003c/li\u003e\n\u003cli\u003eUser can set a target bridge date\u003c/li\u003e\n\u003cli\u003eAdd custom Pairs\u003c/li\u003e\n\u003cli\u003eRemove Pairs\u003c/li\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/SBASNetwork.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.0...v12.1.1\"\u003ev12.1.1\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFor Opera proudcts, add file size information to \u003ccode\u003ejsonlite2\u003c/code\u003e output\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.1.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.1.0\"\u003ev12.1.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eStack\u003c/code\u003e class, used to create stacks of \u003ccode\u003ePair\u003c/code\u003e objects. This is a foundational class, which will be used by a near-future \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/Stack.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOPERA_L3_DIST-ALERT-S1_V1\u003c/code\u003e shortname/collections added\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eNISAR_EA\u003c/code\u003e shortname/collections to NISAR dataset (available to authorized users)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/blob/master/CHANGELOG.md\"\u003easf-search's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.1...v12.2.0\"\u003ev12.2.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eBuild SBAS stacks from a geographic reference scene or from the results of an \u003ccode\u003eASFProduct.stack()\u003c/code\u003e search\u003c/li\u003e\n\u003cli\u003eSeasonal gaps are connected with bridge pairs spanning one or more years\u003c/li\u003e\n\u003cli\u003eUser can set a target bridge date\u003c/li\u003e\n\u003cli\u003eAdd custom Pairs\u003c/li\u003e\n\u003cli\u003eRemove Pairs\u003c/li\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/SBASNetwork.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.1.0...v12.1.1\"\u003ev12.1.1\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFor Opera proudcts, add file size information to \u003ccode\u003ejsonlite2\u003c/code\u003e output\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.1.0\"\u003ev12.1.0\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eStack\u003c/code\u003e class, used to create stacks of \u003ccode\u003ePair\u003c/code\u003e objects. This is a foundational class, which will be used by a near-future \u003ccode\u003eSBASNetwork\u003c/code\u003e class to automate the creation of connected, multi-annual seasonal SBAS stacks of interferograms.\n\u003cul\u003e\n\u003cli\u003eFor usage examples, see \u003ccode\u003eexamples/Stack.ipynb\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOPERA_L3_DIST-ALERT-S1_V1\u003c/code\u003e shortname/collections added\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eNISAR_EA\u003c/code\u003e shortname/collections to NISAR dataset (available to authorized users)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/c124ebd26368c9fb17d674c28555c5e8471f957e\"\u003e\u003ccode\u003ec124ebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/asfadmin/Discovery-asf_search/issues/449\"\u003e#449\u003c/a\u003e from asfadmin/feature/sbasnetwork_class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/9b9bf9f262a316be8afe7534dac25b3d5e9789c3\"\u003e\u003ccode\u003e9b9bf9f\u003c/code\u003e\u003c/a\u003e update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/7bae9fb6b411bcb096d9adbffa3146223b814626\"\u003e\u003ccode\u003e7bae9fb\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/62b14d830136f7b92552b7f37007983720acb622\"\u003e\u003ccode\u003e62b14d8\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into feature/sbasnetwork_class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/b03bfc6ba2022b9f2698ee798e69b54dd80f5e4c\"\u003e\u003ccode\u003eb03bfc6\u003c/code\u003e\u003c/a\u003e take start_date, end_date, season as keyword args and merge with CMR opts, ov...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/5f30ca046195e2c01daeb816ffaa0bd4cf8a5b4a\"\u003e\u003ccode\u003e5f30ca0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/asfadmin/Discovery-asf_search/issues/451\"\u003e#451\u003c/a\u003e from asfadmin/missing-opera-rtc-file-sizes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/01321fa1ebf79950c4c56b6b0873d26fe9de6b78\"\u003e\u003ccode\u003e01321fa\u003c/code\u003e\u003c/a\u003e chore: update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/2eef23350366674866937f9151344b1c1367692b\"\u003e\u003ccode\u003e2eef233\u003c/code\u003e\u003c/a\u003e feat: Add file sizes to jsonlite2 output for Opera products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/56c3efb21113ac6500d6f06146c1f7cea602ae64\"\u003e\u003ccode\u003e56c3efb\u003c/code\u003e\u003c/a\u003e break up SBASNetwork tests and use fixtures and mocks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/commit/29a6691c52e5650ae0563553ac6dc30c7ad791d0\"\u003e\u003ccode\u003e29a6691\u003c/code\u003e\u003c/a\u003e break up Pair tests and use fixtures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/asfadmin/Discovery-asf_search/compare/v12.0.7...v12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.97 to 1.43.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3f2433ff49062a75426c406e606625b69a32eb6\"\u003e\u003ccode\u003ed3f2433\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/93f3a42377b288934f08416a9c3b63920d8163c6\"\u003e\u003ccode\u003e93f3a42\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5355abdca2dfffff34b4e7b05135911845a87631\"\u003e\u003ccode\u003e5355abd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/9ef5febabaaa8cb403fb3a5e97b0b6d333a0851a\"\u003e\u003ccode\u003e9ef5feb\u003c/code\u003e\u003c/a\u003e Bump idna from 3.7 to 3.15 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4788\"\u003e#4788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/c628e75265dc9d48b40a216c72575e46348bbd21\"\u003e\u003ccode\u003ec628e75\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.11'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/210f10744645854d03856c59e73b4db84144dacb\"\u003e\u003ccode\u003e210f107\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.11' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ac6f929ef6687ea327a2c108d27a9be29c929483\"\u003e\u003ccode\u003eac6f929\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/bb47b732471871fd1fadd0270ea3ae7e4960ecd5\"\u003e\u003ccode\u003ebb47b73\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d8c26e0d16ce4c45ae61bd48806eb13c376bffd8\"\u003e\u003ccode\u003ed8c26e0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.10'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4ed1db810f9a4d6b99cdde0efc1ceb12afc12ade\"\u003e\u003ccode\u003e4ed1db8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.10' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.97...1.43.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `moto` from 5.1.22 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getmoto/moto/blob/master/CHANGELOG.md\"\u003emoto's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cp\u003eDocker Digest for 5.2.1: \u003cem\u003esha256:fe6575dcd878842124f05d20e4ffde2d1126e1e38ad03e196353b9e53649bcdf\u003c/em\u003e\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMiscellaneous:\n    * DynamoDB: batch_write_item() now correctly handles PUT requests with Binary (B) attributes (broken in 5.2.0)\n    * S3: Uploading files no longer fails with 'Unsupported protocol' (broken in 5.2.0)\n    * S3: create_multipart_upload() is now compatible with Java SDK again (broken in 5.2.0)\n    * Route53: update_health_check() now correctly updates falsy values (broken in 5.2.0)\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cp\u003eDocker Digest for 5.2.0: \u003cem\u003esha256:d8d063e3e704d256cbe8165072fa273c17698be91311e49fc602b7716f459bea\u003c/em\u003e\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eGeneral:\n    * Drops support for Python 3.9\n    * Lambda Containers now configure the AWS_ENDPOINT_URL, automatically intercepting requests to other AWS services\n\u003cp\u003eNew Services:\u003cbr /\u003e\n* Bedrock-AgentCore-Control:\u003cbr /\u003e\n* create_agent_runtime()\u003cbr /\u003e\n* create_agent_runtime_endpoint()\u003cbr /\u003e\n* create_gateway()\u003cbr /\u003e\n* create_gateway_target()\u003cbr /\u003e\n* create_memory()\u003cbr /\u003e\n* delete_agent_runtime()\u003cbr /\u003e\n* delete_agent_runtime_endpoint()\u003cbr /\u003e\n* delete_gateway()\u003cbr /\u003e\n* delete_gateway_target()\u003cbr /\u003e\n* delete_memory()\u003cbr /\u003e\n* get_agent_runtime()\u003cbr /\u003e\n* get_agent_runtime_endpoint()\u003cbr /\u003e\n* get_gateway()\u003cbr /\u003e\n* get_gateway_target()\u003cbr /\u003e\n* get_memory()\u003cbr /\u003e\n* list_agent_runtimes()\u003cbr /\u003e\n* list_agent_runtime_endpoints()\u003cbr /\u003e\n* list_agent_runtime_versions()\u003cbr /\u003e\n* list_gateways()\u003cbr /\u003e\n* list_gateway_targets()\u003cbr /\u003e\n* list_memories()\u003cbr /\u003e\n* list_tags_for_resource()\u003cbr /\u003e\n* tag_resource()\u003cbr /\u003e\n* update_agent_runtime()\u003cbr /\u003e\n* update_agent_runtime_endpoint()\u003cbr /\u003e\n* update_gateway()\u003cbr /\u003e\n* update_gateway_target()\u003cbr /\u003e\n* untag_resource()\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/543c687a2301fe1982da96f815d603c17b37a45c\"\u003e\u003ccode\u003e543c687\u003c/code\u003e\u003c/a\u003e Pre-Release: Up Version Number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/b653a99663b96b165d6f93f723268c4acff1be58\"\u003e\u003ccode\u003eb653a99\u003c/code\u003e\u003c/a\u003e Prep release 5.2.1 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10020\"\u003e#10020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/df3dc92bbabea6b542bc7aeea1e0abc96bb2e792\"\u003e\u003ccode\u003edf3dc92\u003c/code\u003e\u003c/a\u003e Core: Disable flaky AWS tests (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10019\"\u003e#10019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/ef42e0e00f72a6124c153dc78240d628df5eb2e0\"\u003e\u003ccode\u003eef42e0e\u003c/code\u003e\u003c/a\u003e S3: Make CreateMultipartUpload compatible with Java SDK (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10017\"\u003e#10017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/50ab6245c83ad7edd2e8ecd8d4aa1e76abd78d6c\"\u003e\u003ccode\u003e50ab624\u003c/code\u003e\u003c/a\u003e Core: Make compatible with mypy 2 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10016\"\u003e#10016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/6b3cf8df811c548de5637261a882bd1fc7f2236d\"\u003e\u003ccode\u003e6b3cf8d\u003c/code\u003e\u003c/a\u003e Route53: update_health_check() should handle falsy values correctly (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10014\"\u003e#10014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/b4f8b78620903be793029d3e058804aed93d5baa\"\u003e\u003ccode\u003eb4f8b78\u003c/code\u003e\u003c/a\u003e Core: short circuit protocol detection for S3 (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10012\"\u003e#10012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/665e817028ccb3af5bcdd373ac08efb356730517\"\u003e\u003ccode\u003e665e817\u003c/code\u003e\u003c/a\u003e DynamoDB: fix BatchWriteItem handling of binary attributes (\u003ca href=\"https://redirect.github.com/getmoto/moto/issues/10007\"\u003e#10007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/e754d88a7e5aa46362c9efda42208572d84e0aed\"\u003e\u003ccode\u003ee754d88\u003c/code\u003e\u003c/a\u003e Admin: Post-release steps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getmoto/moto/commit/4d17a101b9c08fe164485339e994d435b15ba615\"\u003e\u003ccode\u003e4d17a10\u003c/code\u003e\u003c/a\u003e Pre-Release: Up Version Number\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getmoto/moto/compare/5.1.22...5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openapi-spec-validator` from 0.8.5 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/releases\"\u003eopenapi-spec-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.9.0\u003c/h2\u003e\n\u003ch2\u003eUpgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade schema-validator 0.9 \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade jsonschema-path 0.5 \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/506\"\u003e#506\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBackward incompatibilities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidation results may change for specifications that previously relied on discriminator-based narrowing or on discriminator mapping resolution errors during validation. \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/2121137e4832871202b96a276b225b90f3aece50\"\u003e\u003ccode\u003e2121137\u003c/code\u003e\u003c/a\u003e Version 0.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/ee4683bf4f27c29c10508a9443526db374b080b4\"\u003e\u003ccode\u003eee4683b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/506\"\u003e#506\u003c/a\u003e from python-openapi/feature/upgrade-jsonschema-path-0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/692131cada405b223ef5bec95f59c42d78396b29\"\u003e\u003ccode\u003e692131c\u003c/code\u003e\u003c/a\u003e Upgrade jsonschema-path 0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/27cb34182b10a3d380ac135909d89913e2472089\"\u003e\u003ccode\u003e27cb341\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/505\"\u003e#505\u003c/a\u003e from python-openapi/feature/upgrade-schema-validator-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/4413a524cce51ab4f0b5f376624c6df59f9b3e5d\"\u003e\u003ccode\u003e4413a52\u003c/code\u003e\u003c/a\u003e Upgrade schema-validator 0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/f407ed796428a4b01c287ee9d3491b3ff8a9e76a\"\u003e\u003ccode\u003ef407ed7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/484\"\u003e#484\u003c/a\u003e from python-openapi/dependabot/pip/isort-8.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/081f3bea2f55738ee316205d1fdd741128abcee0\"\u003e\u003ccode\u003e081f3be\u003c/code\u003e\u003c/a\u003e Bump isort from 8.0.0 to 8.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/d931faf7f212695e3c62a2b349f2a993b1d1671d\"\u003e\u003ccode\u003ed931faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/497\"\u003e#497\u003c/a\u003e from python-openapi/dependabot/pip/mypy-1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/f8c6261c7bd41298fdae8d6f9c7b352495b23dc7\"\u003e\u003ccode\u003ef8c6261\u003c/code\u003e\u003c/a\u003e Bump mypy from 1.19.1 to 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/commit/1b5dafd9d03dcf267be5ee5e861a7f8185ecc550\"\u003e\u003ccode\u003e1b5dafd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-openapi/openapi-spec-validator/issues/500\"\u003e#500\u003c/a\u003e from python-openapi/dependabot/pip/urllib3-2.7.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-openapi/openapi-spec-validator/compare/0.8.5...0.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cfn-lint` from 1.50.0 to 1.51.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/releases\"\u003ecfn-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.51.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate snapshots script and conditions yaml by \u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W1054\"\u003eW1054\u003c/a\u003e to warn on raw pseudo-parameter strings without Ref by \u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3064\"\u003eE3064\u003c/a\u003e to validate duplicate Interface VPC Endpoint with PrivateDnsEnabled by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4492\"\u003eaws-cloudformation/cfn-lint#4492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add support for \u003ccode\u003eFn::GetStackOutput\u003c/code\u003e intrinsic function by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4495\"\u003eaws-cloudformation/cfn-lint#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3039\"\u003eE3039\u003c/a\u003e crash when \u003ccode\u003eFn::Transform\u003c/code\u003e used at list properties by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4498\"\u003eaws-cloudformation/cfn-lint#4498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions by \u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-11\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4490\"\u003eaws-cloudformation/cfn-lint#4490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SSM Parameter Name prefix check from error to warning by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4501\"\u003eaws-cloudformation/cfn-lint#4501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3664\"\u003eW3664\u003c/a\u003e false positive for regional CWL principal by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4506\"\u003eaws-cloudformation/cfn-lint#4506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix schema validation issues and add warning rules by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4502\"\u003eaws-cloudformation/cfn-lint#4502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-12\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4503\"\u003eaws-cloudformation/cfn-lint#4503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude usage path in \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3034\"\u003eW3034\u003c/a\u003e parameter range error by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4507\"\u003eaws-cloudformation/cfn-lint#4507\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.50.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3031\"\u003eE3031\u003c/a\u003e false positive for boolean values with pattern by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4485\"\u003eaws-cloudformation/cfn-lint#4485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd python \u003ccode\u003e3.14\u003c/code\u003e support by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4487\"\u003eaws-cloudformation/cfn-lint#4487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-04-29\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4483\"\u003eaws-cloudformation/cfn-lint#4483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use TOML-native posargs syntax for multi-arg expansion by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4488\"\u003eaws-cloudformation/cfn-lint#4488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/blob/main/CHANGELOG.md\"\u003ecfn-lint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.51.0\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate snapshots script and conditions yaml by \u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W1054\"\u003eW1054\u003c/a\u003e to warn on raw pseudo-parameter strings without Ref by \u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3064\"\u003eE3064\u003c/a\u003e to validate duplicate Interface VPC Endpoint with PrivateDnsEnabled by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4492\"\u003eaws-cloudformation/cfn-lint#4492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add support for \u003ccode\u003eFn::GetStackOutput\u003c/code\u003e intrinsic function by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4495\"\u003eaws-cloudformation/cfn-lint#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3039\"\u003eE3039\u003c/a\u003e crash when \u003ccode\u003eFn::Transform\u003c/code\u003e used at list properties by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4498\"\u003eaws-cloudformation/cfn-lint#4498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions by \u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-11\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4490\"\u003eaws-cloudformation/cfn-lint#4490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SSM Parameter Name prefix check from error to warning by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4501\"\u003eaws-cloudformation/cfn-lint#4501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3664\"\u003eW3664\u003c/a\u003e false positive for regional CWL principal by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4506\"\u003eaws-cloudformation/cfn-lint#4506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix schema validation issues and add warning rules by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4502\"\u003eaws-cloudformation/cfn-lint#4502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-05-12\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4503\"\u003eaws-cloudformation/cfn-lint#4503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude usage path in \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#W3034\"\u003eW3034\u003c/a\u003e parameter range error by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4507\"\u003eaws-cloudformation/cfn-lint#4507\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/satyakigh\"\u003e\u003ccode\u003e@​satyakigh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4479\"\u003eaws-cloudformation/cfn-lint#4479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cv-dote\"\u003e\u003ccode\u003e@​cv-dote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4453\"\u003eaws-cloudformation/cfn-lint#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/szbartnik\"\u003e\u003ccode\u003e@​szbartnik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4497\"\u003eaws-cloudformation/cfn-lint#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.1...v1.51.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003ev1.50.1\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Rule \u003ca href=\"https://github.com/aws-cloudformation/cfn-python-lint/blob/main/docs/rules.md#E3031\"\u003eE3031\u003c/a\u003e false positive for boolean values with pattern by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4485\"\u003eaws-cloudformation/cfn-lint#4485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd python \u003ccode\u003e3.14\u003c/code\u003e support by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4487\"\u003eaws-cloudformation/cfn-lint#4487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CloudFormation schemas to \u003ccode\u003e2026-04-29\u003c/code\u003e by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4483\"\u003eaws-cloudformation/cfn-lint#4483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use TOML-native posargs syntax for multi-arg expansion by \u003ca href=\"https://github.com/kddejong\"\u003e\u003ccode\u003e@​kddejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/pull/4488\"\u003eaws-cloudformation/cfn-lint#4488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\"\u003ehttps://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.50.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/9c6ff05015d6b3c5404462b5209782ff20e4da95\"\u003e\u003ccode\u003e9c6ff05\u003c/code\u003e\u003c/a\u003e Release v1.51.0 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4508\"\u003e#4508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/e132445efb2d7fc7b114d54c12cb7178c558ca1f\"\u003e\u003ccode\u003ee132445\u003c/code\u003e\u003c/a\u003e Include usage path in resolved function error messages (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4507\"\u003e#4507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/36b449dd3dd169354f481d4ce5e4004f85bfa939\"\u003e\u003ccode\u003e36b449d\u003c/code\u003e\u003c/a\u003e Update CloudFormation schemas to 2026-05-12 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4503\"\u003e#4503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/4ea032cba8bb0c266ba13c8e4bc1b6ed297cd3f3\"\u003e\u003ccode\u003e4ea032c\u003c/code\u003e\u003c/a\u003e Fix schema validation issues and add warning rules (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4502\"\u003e#4502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/d3a87179a773db9af1f64fc4d0caf19aeb287965\"\u003e\u003ccode\u003ed3a8717\u003c/code\u003e\u003c/a\u003e Fix W3664 false positive for regional CloudWatch Logs principal (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4506\"\u003e#4506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/11231fd395f14bbd6b0073fb80b17a1732e1f89e\"\u003e\u003ccode\u003e11231fd\u003c/code\u003e\u003c/a\u003e Move SSM Parameter Name /aws/ prefix check from error to warning (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4501\"\u003e#4501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/6fc80975b14147989f9ad2b826ed5708d565ca47\"\u003e\u003ccode\u003e6fc8097\u003c/code\u003e\u003c/a\u003e Update CloudFormation schemas to 2026-05-11 (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4490\"\u003e#4490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/1492d3f4314f3531bddcb923ad5a253d93752e9d\"\u003e\u003ccode\u003e1492d3f\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eResultWriter\u003c/code\u003e schema of step functions (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4497\"\u003e#4497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/9b9acbfd7943608eb8930ba407d269e8a17c37ef\"\u003e\u003ccode\u003e9b9acbf\u003c/code\u003e\u003c/a\u003e Fix E3039 crash when Fn::Transform is used at list property positions (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4498\"\u003e#4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/commit/a74054f4f605dccb169902da49af95ff138b1b4e\"\u003e\u003ccode\u003ea74054f\u003c/code\u003e\u003c/a\u003e feat: Add support for Fn::GetStackOutput intrinsic function (\u003ca href=\"https://redirect.github.com/aws-cloudformation/cfn-lint/issues/4495\"\u003e#4495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws-cloudformation/cfn-lint/compare/v1.50.0...v1.51.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ASFHyP3/hyp3/pull/3105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASFHyP3%2Fhyp3/issues/3105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3105/packages"}},{"old_version":"46.0.7","new_version":"48.0.0","update_type":"major","path":"/scripts","pr_created_at":"2026-05-20T23:25:12.000Z","version_change":"46.0.7 → 48.0.0","issue":{"uuid":"4490555033","node_id":"PR_kwDOSYDk_87du2RV","number":34,"state":"open","title":"chore(deps): bump cryptography from 46.0.7 to 48.0.0 in /scripts","user":"dependabot[bot]","labels":["dependencies","🔧 scripts"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T23:25:12.000Z","updated_at":"2026-05-20T23:31:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/scripts","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 48.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=46.0.7\u0026new-version=48.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated cryptography library to the latest version for improved stability and security.\n\n\u003c!-- review_stack_entry_start --\u003e\n\n[![Review Change Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/kaelys-js/heron/pull/34?utm_source=github_walkthrough\u0026utm_medium=github\u0026utm_campaign=change_stack)\n\n\u003c!-- review_stack_entry_end --\u003e\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/kaelys-js/heron/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelys-js%2Fheron/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"46.0.5","new_version":"46.0.7","update_type":"patch","path":null,"pr_created_at":"2026-05-20T22:16:28.000Z","version_change":"46.0.5 → 46.0.7","issue":{"uuid":"4490276256","node_id":"PR_kwDORlmpCM7dt-yd","number":1,"state":"open","title":"chore(deps): bump the uv group across 3 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T22:16:28.000Z","updated_at":"2026-05-20T22:54:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":8,"packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /src/time directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /src/git directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n\nBumps the uv group with 8 updates in the /src/fetch directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter an...\n\n_Description has been truncated_","html_url":"https://github.com/mh241/servers/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mh241%2Fservers/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"36.0.1","new_version":"46.0.7","update_type":"major","path":null,"pr_created_at":"2026-05-19T23:50:15.000Z","version_change":"36.0.1 → 46.0.7","issue":{"uuid":"4481937417","node_id":"PR_kwDOOx5pCM7dTHL-","number":175,"state":"open","title":"chore(deps): bump the pip group across 20 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T23:50:15.000Z","updated_at":"2026-05-19T23:51:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"certifi","old_version":"2022.12.7","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"cryptography","old_version":"36.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h11","old_version":"0.13.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.3","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"4.9.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pyopenssl","old_version":"22.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"requests","old_version":"2.27.1","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.63.0","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"1.26.19","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /examples/benchmarks/ADARNN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ADD directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ALSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GATs directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GRU directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/HIST directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/IGMTF directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/LSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Localformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/MLP directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/SFM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCTS directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/TFT directory: [tensorflow-gpu](https://github.com/tensorflow/tensorflow).\nBumps the pip group with 2 updates in the /examples/benchmarks/TRA directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TabNet directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Transformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks_dynamic/DDG-DA directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/hyperparameter/LightGBM directory: [lightgbm](https://github.com/microsoft/LightGBM).\nBumps the pip group with 9 updates in the /scripts/data_collector/br_index directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `46.0.7` |\n| [h11](https://github.com/python-hyper/h11) | `0.13.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.3` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `4.9.1` | `6.1.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.0.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.27.1` | `2.33.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.19` | `2.7.0` |\n\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/qlib/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fqlib/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"}}]}