{"id":968,"name":"cryptography","ecosystem":"pip","repository_url":"https://github.com/pyca/cryptography","issues_count":10184,"created_at":"2025-06-06T15:01:39.325Z","updated_at":"2025-06-06T15:01:39.325Z","purl":"pkg:pypi/cryptography","metadata":{"id":2683636,"name":"cryptography","ecosystem":"pypi","description":"cryptography is a package which provides cryptographic recipes and primitives to Python developers.","homepage":null,"licenses":"Apache-2.0 OR BSD-3-Clause","normalized_licenses":["Apache-2.0","BSD-3-Clause"],"repository_url":"https://github.com/pyca/cryptography","keywords_array":[],"namespace":null,"versions_count":142,"first_release_published_at":"2014-01-08T23:17:39.000Z","latest_release_published_at":"2025-05-25T14:16:12.000Z","latest_release_number":"45.0.3","last_synced_at":"2025-06-06T01:31:01.723Z","created_at":"2022-04-10T10:29:12.911Z","updated_at":"2025-06-06T01:31:01.723Z","registry_url":"https://pypi.org/project/cryptography/","install_command":"pip install cryptography --index-url https://pypi.org/simple","documentation_url":"https://cryptography.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","Natural Language :: English","Operating System :: MacOS :: MacOS X","Operating System :: Microsoft :: Windows","Operating System :: POSIX","Operating System :: POSIX :: BSD","Operating System :: POSIX :: Linux","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Security :: Cryptography"],"normalized_name":"cryptography"},"repo_metadata":{"id":9926844,"uuid":"11939484","full_name":"pyca/cryptography","owner":"pyca","description":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.","archived":false,"fork":false,"pushed_at":"2024-10-29T11:33:44.000Z","size":56737,"stargazers_count":6646,"open_issues_count":45,"forks_count":1524,"subscribers_count":130,"default_branch":"main","last_synced_at":"2024-10-29T13:10:47.492Z","etag":null,"topics":["cryptography","python"],"latest_commit_sha":null,"homepage":"https://cryptography.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyca.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.rst","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2013-08-07T02:23:38.000Z","updated_at":"2024-10-29T11:33:47.000Z","dependencies_parsed_at":"2023-09-24T14:02:14.320Z","dependency_job_id":"d5dc0f8b-3770-41b4-846d-990eeae096ae","html_url":"https://github.com/pyca/cryptography","commit_stats":{"total_commits":9815,"total_committers":318,"mean_commits":"30.864779874213838","dds":0.6791645440652063,"last_synced_commit":"a70c92c01faf75a32abc0836fd525154d0583b9d"},"previous_names":[],"tags_count":127,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222062278,"owners_count":16924718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"pyca","name":"Python Cryptographic Authority","uuid":"5615737","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/5615737?v=4","repositories_count":7,"last_synced_at":"2024-03-25T19:58:32.183Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/pyca","funding_links":[],"total_stars":9342,"followers":129,"following":0,"created_at":"2022-11-02T16:22:49.629Z","updated_at":"2024-03-25T19:58:34.188Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca/repositories"},"tags":[{"name":"42.0.5","sha":"33833f031d9d36234e11d9671be150d53b9e598d","kind":"tag","published_at":"2024-02-24T01:04:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.5/manifests"},{"name":"42.0.4","sha":"fe18470f7d05f963e7267e34fdf985d81ea6ceea","kind":"tag","published_at":"2024-02-21T02:55:17.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.4/manifests"},{"name":"42.0.3","sha":"c49a7a5271178c6e8ef36fa1c499f62c63ec19b9","kind":"tag","published_at":"2024-02-16T03:42:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.3/manifests"},{"name":"42.0.2","sha":"2202123b50de1b8788f909a3e5afe350c56ad81e","kind":"tag","published_at":"2024-01-30T17:24:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.2/manifests"},{"name":"42.0.1","sha":"337437dc2e62772bde4ad5544f4b1db9ee7572d9","kind":"tag","published_at":"2024-01-25T02:32:06.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.1/manifests"},{"name":"42.0.0","sha":"4e64baf360a3a89bd92582f59344c12b5c0bd3fd","kind":"tag","published_at":"2024-01-23T01:07:16.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/42.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/42.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/42.0.0/manifests"},{"name":"41.0.7","sha":"4054596afc6f2b6cfcc54f56c35c34e0e429cb66","kind":"tag","published_at":"2023-11-28T00:35:07.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.7","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.7/manifests"},{"name":"41.0.6","sha":"f09c261ca10a31fe41b1262306db7f8f1da0e48a","kind":"tag","published_at":"2023-11-27T19:38:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.6","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.6/manifests"},{"name":"41.0.5","sha":"5012bedaef2dc60af3955306774b77ef379116e3","kind":"tag","published_at":"2023-10-24T16:02:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.5/manifests"},{"name":"41.0.4","sha":"fc11bce6930e591ce26a2317b31b9ce2b3e25512","kind":"tag","published_at":"2023-09-19T16:20:30.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.4/manifests"},{"name":"41.0.3","sha":"b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d","kind":"tag","published_at":"2023-08-01T20:02:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.3/manifests"},{"name":"41.0.2","sha":"7431db737cf0407560fac689d24f1d2e5efc349d","kind":"tag","published_at":"2023-07-11T03:13:51.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.2/manifests"},{"name":"41.0.1","sha":"d02de9f26e9a2353e89427c1cea8b9ed2bae969e","kind":"tag","published_at":"2023-06-01T12:20:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.1/manifests"},{"name":"41.0.0","sha":"c4d494fd3ee907316bd846e90cbf4a8df75a25ac","kind":"tag","published_at":"2023-05-30T21:37:07.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/41.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/41.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/41.0.0/manifests"},{"name":"40.0.2","sha":"f816b457494e010b655cd7fdcd30e3446f86a703","kind":"tag","published_at":"2023-04-14T12:23:51.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.2/manifests"},{"name":"40.0.1","sha":"9dd0b26c48f567d5a7c4a0bc9f45ef2176a2d4a4","kind":"tag","published_at":"2023-03-25T01:12:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.1/manifests"},{"name":"40.0.0","sha":"45e37718098edca2c5ac2135394bcf17fd7982f0","kind":"tag","published_at":"2023-03-24T04:23:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/40.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/40.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/40.0.0/manifests"},{"name":"39.0.2","sha":"125b149dc0bd9db33b08455b66c0f1586b8ce257","kind":"tag","published_at":"2023-03-02T20:51:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.2/manifests"},{"name":"39.0.1","sha":"d6951dca25de45abd52da51b608055371fbcde4e","kind":"tag","published_at":"2023-02-07T19:21:00.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.1/manifests"},{"name":"39.0.0","sha":"338a65a7df74e189f6b5d1d3a6315ffa911b21c2","kind":"tag","published_at":"2023-01-02T03:08:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/39.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/39.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/39.0.0/manifests"},{"name":"38.0.4","sha":"c18d0567386414efa3caef7ed586c4ca75bf3a8b","kind":"tag","published_at":"2022-11-27T18:53:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.4/manifests"},{"name":"38.0.3","sha":"7d9c6c3d6a211091281c1cbe2a2fa1597ffb7c49","kind":"tag","published_at":"2022-11-01T21:21:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.3/manifests"},{"name":"38.0.2","sha":"277ee0d58c6c8cfc9517df35c8a020bea33bddf4","kind":"tag","published_at":"2022-10-11T18:06:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.2/manifests"},{"name":"38.0.1","sha":"3ff52182ba6e7f1a063079d48ed5c21616918d70","kind":"tag","published_at":"2022-09-07T12:24:19.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.1/manifests"},{"name":"38.0.0","sha":"52d6f1a491f6ade379ace124b843ffba9fb4ab4f","kind":"tag","published_at":"2022-09-06T23:50:39.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/38.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/38.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/38.0.0/manifests"},{"name":"37.0.4","sha":"7ad17d819affb996c6681c6aac57e43184c54865","kind":"tag","published_at":"2022-07-05T13:23:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.4/manifests"},{"name":"37.0.3","sha":"b71c39202ba2d7dfb7a89215e04946e7fbf92896","kind":"tag","published_at":"2022-06-21T18:55:28.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.3/manifests"},{"name":"37.0.2","sha":"5954a52f0900569a83138d71ec1c04971452ea5b","kind":"tag","published_at":"2022-05-04T00:34:56.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.2/manifests"},{"name":"37.0.1","sha":"3fb93cfde75d073a91bc4a73a51f62962092501e","kind":"tag","published_at":"2022-04-27T22:26:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.1/manifests"},{"name":"37.0.0","sha":"e0f6f38433e3a1cb57509dec1bec9107cbbe827d","kind":"tag","published_at":"2022-04-26T14:05:57.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/37.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/37.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/37.0.0/manifests"},{"name":"36.0.2","sha":"df06889f348d7c3b7e9c35e4e5a1b1480f0b2c5a","kind":"tag","published_at":"2022-03-15T22:10:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.2/manifests"},{"name":"36.0.1","sha":"3fd9d5a8424eef3e08260a622ae3644777ac5339","kind":"tag","published_at":"2021-12-14T22:01:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.1/manifests"},{"name":"36.0.0","sha":"5d21990c32d0f93df4e54ef4ee7ff3a2dae3c3da","kind":"tag","published_at":"2021-11-21T21:29:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/36.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/36.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/36.0.0/manifests"},{"name":"35.0.0","sha":"c7fbef767a94ee1569ae0630006fdb144d6a4e8d","kind":"tag","published_at":"2021-09-30T01:20:47.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/35.0.0","html_url":"https://github.com/pyca/cryptography/releases/tag/35.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/35.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/35.0.0/manifests"},{"name":"3.4.8","sha":"70ccc2542cf3bf374861b55f6527424307722763","kind":"tag","published_at":"2021-08-24T17:18:00.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.8","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.8/manifests"},{"name":"3.4.7","sha":"a19014a087759f3df72b2cd70ed7a0d8a6481340","kind":"tag","published_at":"2021-03-25T17:20:38.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.7","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.7/manifests"},{"name":"3.4.6","sha":"75b002ae7fb1f263fdd4983d0c23493878e127fe","kind":"tag","published_at":"2021-02-16T20:27:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.6","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.6/manifests"},{"name":"3.4.5","sha":"4d77fb9d3edab81652210da81a5af7fe6aa79d60","kind":"tag","published_at":"2021-02-13T22:35:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.5","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.5/manifests"},{"name":"3.4.4","sha":"4a3018e6ae3e04a250be9fd1c1a1ad115727f517","kind":"tag","published_at":"2021-02-09T19:28:03.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.4","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.4/manifests"},{"name":"3.4.3","sha":"86c9e4a763579d6b2369db83064c0c4b8e9c1c77","kind":"tag","published_at":"2021-02-09T04:28:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.3","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.3/manifests"},{"name":"3.4.2","sha":"74a3df42c43d341014a4a6f111804f304a446902","kind":"tag","published_at":"2021-02-08T16:27:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.2/manifests"},{"name":"3.4.1","sha":"ebde3be7ef92658bfbc322476a6f2604f41639fb","kind":"tag","published_at":"2021-02-07T21:54:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4.1/manifests"},{"name":"3.4","sha":"2c11ad53c07179e03ea2f60813cb52d83f766292","kind":"tag","published_at":"2021-02-07T18:29:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.4","html_url":"https://github.com/pyca/cryptography/releases/tag/3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.4/manifests"},{"name":"3.3.2","sha":"82b6ce28389f0a317bc55ba2091a74b346db7cae","kind":"tag","published_at":"2021-02-07T16:39:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.2/manifests"},{"name":"3.3.1","sha":"1ff0d50948bbb6f2aa53d5648f1188a567d941cd","kind":"tag","published_at":"2020-12-10T02:17:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3.1/manifests"},{"name":"3.3","sha":"7e8fff73cf0c597fe2df34daf2027506f84b9d3b","kind":"tag","published_at":"2020-12-09T00:29:24.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.3","html_url":"https://github.com/pyca/cryptography/releases/tag/3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.3/manifests"},{"name":"3.2.1","sha":"0c7592c34fd58f0634f493d6ce542ab35d940b26","kind":"tag","published_at":"2020-10-28T03:17:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2.1/manifests"},{"name":"3.2","sha":"c9e65222c91df8b6f61650a3460e30232962c1e0","kind":"tag","published_at":"2020-10-26T02:11:09.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.2/manifests"},{"name":"3.1.1","sha":"d4e17ea937a50d69f615f7fe53d0482bd8660bb9","kind":"tag","published_at":"2020-09-22T16:54:53.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1.1/manifests"},{"name":"3.1","sha":"ba2c0e5e3e4fb242b80474d2ff7368c91e7ebeaf","kind":"tag","published_at":"2020-08-27T04:34:43.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.1/manifests"},{"name":"3.0","sha":"b0d9bdcfc9659fffcb1d539cb00130f8fda3d011","kind":"tag","published_at":"2020-07-20T21:41:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/3.0","html_url":"https://github.com/pyca/cryptography/releases/tag/3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/3.0/manifests"},{"name":"2.9.2","sha":"9263178a208716bfb7b0e4fbe6aadf8c942e8547","kind":"tag","published_at":"2020-04-22T22:28:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.2/manifests"},{"name":"2.9.1","sha":"6199f620ed4e765cc57f49c366f46a576bf17f3d","kind":"tag","published_at":"2020-04-21T15:22:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9.1/manifests"},{"name":"2.9","sha":"81b7fc65460247c4212efd9484779d8b3e516c26","kind":"tag","published_at":"2020-04-02T19:44:26.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.9","html_url":"https://github.com/pyca/cryptography/releases/tag/2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.9/manifests"},{"name":"2.8","sha":"25494f96d57b8995ee2fde099146b1192582ee1b","kind":"tag","published_at":"2019-10-17T13:00:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.8","html_url":"https://github.com/pyca/cryptography/releases/tag/2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.8/manifests"},{"name":"2.7","sha":"9c2637d7ee1e5e7ce66fb8838f6b3f1e8c106242","kind":"tag","published_at":"2019-05-30T23:36:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.7","html_url":"https://github.com/pyca/cryptography/releases/tag/2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.7/manifests"},{"name":"2.6.1","sha":"e4570532541be7284f7d6660a429eb12edf8b027","kind":"tag","published_at":"2019-02-27T23:28:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.6.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6.1/manifests"},{"name":"2.6","sha":"da259203be156990efff49c0ad8d1afaba1791cc","kind":"tag","published_at":"2019-02-27T14:00:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.6","html_url":"https://github.com/pyca/cryptography/releases/tag/2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.6/manifests"},{"name":"2.5","sha":"83aa36dd407d0eb9a10e20cc35c51274174cd5bc","kind":"tag","published_at":"2019-01-22T16:44:26.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.5","html_url":"https://github.com/pyca/cryptography/releases/tag/2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.5/manifests"},{"name":"2.4.2","sha":"704fe0fcaf206462b6a994ab69ad302601d9fad3","kind":"tag","published_at":"2018-11-21T03:08:45.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.2/manifests"},{"name":"2.4.1","sha":"db08466131a2d495e4bf58e34bf8d0090be04a2d","kind":"tag","published_at":"2018-11-12T01:02:03.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4.1/manifests"},{"name":"2.4","sha":"5e52fdc5f8f3b6c970051c1bf3325b2d0ed8a5db","kind":"tag","published_at":"2018-11-12T00:12:27.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.4","html_url":"https://github.com/pyca/cryptography/releases/tag/2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.4/manifests"},{"name":"2.3.1","sha":"16f43545751bb24cee79cccba453d49992a7cc6c","kind":"tag","published_at":"2018-08-14T17:37:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3.1/manifests"},{"name":"2.3","sha":"0a846e294806478770469219a26cd49dcb5502d7","kind":"tag","published_at":"2018-07-18T11:57:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.3/manifests"},{"name":"2.2.2","sha":"4ec6a48d5cb99636fe8e99e29d1a9221dcce8fde","kind":"tag","published_at":"2018-03-27T16:43:12.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.2/manifests"},{"name":"2.2.1","sha":"4eaa511c62ecaf2f3d0b31a8b4f90fa0114e4468","kind":"tag","published_at":"2018-03-20T23:56:23.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2.1/manifests"},{"name":"2.2","sha":"4601fbab9552b0fc938ae3864e9c14e4476231c0","kind":"tag","published_at":"2018-03-19T02:57:11.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.2/manifests"},{"name":"2.1.4","sha":"ed5a7717a50edd3b0a9b7c729b2281dabd18390d","kind":"tag","published_at":"2017-11-30T01:55:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.4","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.4/manifests"},{"name":"2.1.3","sha":"2219ea7609eaacfa2d09f80d1baf60be7af5eaca","kind":"tag","published_at":"2017-11-02T19:01:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.3/manifests"},{"name":"2.1.2","sha":"106de1cb976c8ab7057484cb555979bb27e2430e","kind":"tag","published_at":"2017-10-24T15:47:33.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"85fa6ce5b29f94e27f1b712da015c2039cd108f9","kind":"tag","published_at":"2017-10-12T05:14:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1.1/manifests"},{"name":"2.1","sha":"0ed0e7e87b5e83270f4aca4efc630790c1fea429","kind":"tag","published_at":"2017-10-11T12:48:20.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.1/manifests"},{"name":"2.0.3","sha":"87a6dcae8a527d6e0b5c8feabfa768cd8fa6e264","kind":"tag","published_at":"2017-08-03T21:51:48.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.3/manifests"},{"name":"2.0.2","sha":"38a2d0b94852bcd4d017ee77cb6dec8dee3ce2ae","kind":"tag","published_at":"2017-07-27T03:25:52.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.2/manifests"},{"name":"2.0.1","sha":"e758aa6066f79a4181ba8183112e1f4477bcce1b","kind":"tag","published_at":"2017-07-26T20:16:14.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0.1/manifests"},{"name":"2.0","sha":"9799e580c6b073a0a612bdc4f120365940d0da3d","kind":"tag","published_at":"2017-07-17T15:24:46.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/2.0","html_url":"https://github.com/pyca/cryptography/releases/tag/2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/2.0/manifests"},{"name":"1.9","sha":"23ead43fd70df17828937dac9521df1753ce9407","kind":"tag","published_at":"2017-05-30T02:20:21.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.9","html_url":"https://github.com/pyca/cryptography/releases/tag/1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.9/manifests"},{"name":"1.8.2","sha":"bd54a2c68f7771abde5ef9e8c30a1f73d5614e47","kind":"tag","published_at":"2017-05-26T06:36:22.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.2/manifests"},{"name":"1.8.1","sha":"6c5a519f9b382a1746c1bda5f01aaeb2809250ef","kind":"tag","published_at":"2017-03-10T03:59:27.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8.1/manifests"},{"name":"1.8","sha":"928e4ee28564359973298624cf023ae5ea7f62c3","kind":"tag","published_at":"2017-03-10T02:57:55.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.8","html_url":"https://github.com/pyca/cryptography/releases/tag/1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.8/manifests"},{"name":"1.7.2","sha":"86b8b865b622fa8e81bb6f436c064a1e9476b4fd","kind":"tag","published_at":"2017-01-27T15:13:56.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.2/manifests"},{"name":"1.7.1","sha":"605b918a9df69cfb1773d4b16ee03b42a002ec88","kind":"tag","published_at":"2016-12-13T22:53:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7.1/manifests"},{"name":"1.7","sha":"5df72e82c0156b0e60d355c5c03c85dcf2e694fb","kind":"tag","published_at":"2016-12-12T18:18:24.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.7","html_url":"https://github.com/pyca/cryptography/releases/tag/1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.7/manifests"},{"name":"1.6","sha":"4a2f36bc11342ca15cb49bfc313c20bbd4a045ae","kind":"tag","published_at":"2016-11-22T03:11:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.6","html_url":"https://github.com/pyca/cryptography/releases/tag/1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.6/manifests"},{"name":"1.5.3","sha":"090ece652bf47ee5bd081b6eab4c8e6953276752","kind":"tag","published_at":"2016-11-06T04:08:15.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.3/manifests"},{"name":"1.5.2","sha":"cad77746539f504d53eb1bf9b278ec081ab8040a","kind":"tag","published_at":"2016-09-26T20:22:54.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"1ed0235eae895d09b4702d8cf592050fbe9364ef","kind":"tag","published_at":"2016-09-22T20:08:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5.1/manifests"},{"name":"1.5","sha":"c0ee738a8460dc3551758400772978ed62a84d46","kind":"tag","published_at":"2016-08-26T15:13:13.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.5","html_url":"https://github.com/pyca/cryptography/releases/tag/1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.5/manifests"},{"name":"1.4","sha":"69365ce2041081fe6b109496bbb9c56f86ccb7b5","kind":"tag","published_at":"2016-06-04T17:07:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.4","html_url":"https://github.com/pyca/cryptography/releases/tag/1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.4/manifests"},{"name":"1.3.4","sha":"35fedcb1966dcaf610df79dbaaaf3545d3dbb189","kind":"tag","published_at":"2016-06-03T03:09:11.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.4","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"9863d7334864a3eb5e43a2e698a32a4e6b6c7b14","kind":"tag","published_at":"2016-06-02T21:43:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.3/manifests"},{"name":"1.3.2","sha":"afcd8f5ad8eb21f13be308c5183ef34ad28f9987","kind":"tag","published_at":"2016-05-04T16:09:45.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"17259f2d701979fdd5647574dec77ec08199e551","kind":"tag","published_at":"2016-03-21T21:45:42.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3.1/manifests"},{"name":"1.3","sha":"bf1566ec4be14110cbca5a36ee339a76ac9f6272","kind":"tag","published_at":"2016-03-18T13:10:53.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.3/manifests"},{"name":"1.2.3","sha":"cd7ee203c8459ff74a2cd782013ba1c05793130c","kind":"tag","published_at":"2016-03-02T02:10:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.3","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.3/manifests"},{"name":"1.2.2","sha":"5b32344deadf371f3a5301ac4c71508eb1a6cf17","kind":"tag","published_at":"2016-01-29T19:27:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"80543674d13b44ca9030b83443a1d922d492df1e","kind":"tag","published_at":"2016-01-08T21:28:50.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2.1/manifests"},{"name":"1.2","sha":"a617ee9d10f875b88db0c76eb18734537bc83904","kind":"tag","published_at":"2016-01-08T15:38:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.2/manifests"},{"name":"1.1.2","sha":"d0237e6dcdbbedaa50f88b6cf821f9944b734678","kind":"tag","published_at":"2015-12-10T19:54:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.2/manifests"},{"name":"1.1.1","sha":"a9d5ffb0c4dda2e5ddc6f14ec68be99ddc3d69b1","kind":"tag","published_at":"2015-11-19T04:01:52.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1.1/manifests"},{"name":"1.1","sha":"246a44e78c0d370452b3c5508d5fdabbb1b04c99","kind":"tag","published_at":"2015-10-28T22:26:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.1/manifests"},{"name":"1.0.2","sha":"612e72e2d794c58bc413a3062e664dcc1a1259ee","kind":"tag","published_at":"2015-09-27T13:52:09.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.2/manifests"},{"name":"1.0.1","sha":"34cb7cd8bc9c4c6dad38c3ea5285996cbea60162","kind":"tag","published_at":"2015-09-06T01:54:02.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0.1/manifests"},{"name":"1.0","sha":"4abba0474a751192b5abbd5a97c1817021aae337","kind":"tag","published_at":"2015-08-12T13:38:22.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/1.0","html_url":"https://github.com/pyca/cryptography/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/1.0/manifests"},{"name":"0.9.3","sha":"c08a0dcf09ffa517a2c7df6d2fe7fcfabd6e14e4","kind":"tag","published_at":"2015-07-09T14:41:31.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.3/manifests"},{"name":"0.9.2","sha":"b2ac9e59e069aa973c837da202cb459cb733530f","kind":"tag","published_at":"2015-07-03T22:57:29.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.2/manifests"},{"name":"0.9.1","sha":"bd17d14bd05d49e3a851cabbc863f74ee5c86702","kind":"tag","published_at":"2015-06-06T21:23:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9.1/manifests"},{"name":"0.9","sha":"6199d8f04310aa22e862f8936fe47d895788daf3","kind":"tag","published_at":"2015-05-14T01:39:47.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.9","html_url":"https://github.com/pyca/cryptography/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.9/manifests"},{"name":"0.8.2","sha":"8622f0e8c530a7326d885aeb47daa081e66b5ab1","kind":"tag","published_at":"2015-04-11T01:52:50.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.2/manifests"},{"name":"0.8.1","sha":"53f947e99e972ef669f833a19b3d36e3fbd7b5da","kind":"tag","published_at":"2015-03-20T15:22:46.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8.1/manifests"},{"name":"0.8","sha":"3dd326767b34980f3095c67251d77a86bc9202fe","kind":"tag","published_at":"2015-03-09T04:49:31.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.8","html_url":"https://github.com/pyca/cryptography/releases/tag/0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.8/manifests"},{"name":"0.7.2","sha":"9ac7d55150c8410a08ee3b00b89bfeac3dbd8e8f","kind":"tag","published_at":"2015-01-16T14:15:57.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.2/manifests"},{"name":"0.7.1","sha":"9a4f1a0f6c89e3e56b955e5acc6c0001e418443d","kind":"tag","published_at":"2014-12-29T01:47:43.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7.1/manifests"},{"name":"0.7","sha":"4597edf00274c71c1f71f0e75d0c6bcfd62dcb8a","kind":"tag","published_at":"2014-12-18T03:26:41.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.7","html_url":"https://github.com/pyca/cryptography/releases/tag/0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.7/manifests"},{"name":"0.6.1","sha":"3406be8667d35ed55ef8dc64822e9009d0386696","kind":"tag","published_at":"2014-10-16T04:10:17.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.6.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6.1/manifests"},{"name":"0.6","sha":"b2ab5ef112f8de507d2db72fdf4a5fa698a954e0","kind":"tag","published_at":"2014-09-30T02:27:05.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.6","html_url":"https://github.com/pyca/cryptography/releases/tag/0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.6/manifests"},{"name":"0.5.4","sha":"93281bfa89342ed9ccf48cb391b1f19cdb4fe78c","kind":"tag","published_at":"2014-08-21T06:02:10.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.4","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.4/manifests"},{"name":"0.5.3","sha":"c787791c8fed109e128b577cfb7594d2aab8e3b6","kind":"tag","published_at":"2014-08-07T15:25:32.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.3/manifests"},{"name":"0.5.2","sha":"544523f97f182157f8b27342ae11ef3520a49c62","kind":"tag","published_at":"2014-07-10T01:24:36.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.2/manifests"},{"name":"0.5.1","sha":"d329d535d0a1598eae8dd63fd6d65ab7f5d30ad4","kind":"tag","published_at":"2014-07-08T03:01:25.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5.1/manifests"},{"name":"0.5","sha":"e4b1e854e0482ae4bc363f7938ad5b214c124d9f","kind":"tag","published_at":"2014-07-07T18:03:34.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.5","html_url":"https://github.com/pyca/cryptography/releases/tag/0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.5/manifests"},{"name":"0.4","sha":"0520c2973509f6a45d2ad06dc2d84a85958887b3","kind":"tag","published_at":"2014-05-03T14:33:59.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.4","html_url":"https://github.com/pyca/cryptography/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.4/manifests"},{"name":"0.3","sha":"e0d2e1ea7367e05197634c8c869678b7b169c102","kind":"tag","published_at":"2014-03-27T21:01:33.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.3","html_url":"https://github.com/pyca/cryptography/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.3/manifests"},{"name":"0.2.2","sha":"f36fcdbd055c236641e8704bfa559d8bbf274b61","kind":"tag","published_at":"2014-03-04T01:53:58.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.2/manifests"},{"name":"0.2.1","sha":"aa4692c112d756fc12980f7039b030caec27bc0d","kind":"tag","published_at":"2014-02-22T21:35:44.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2.1/manifests"},{"name":"0.2","sha":"6a364d5262905d00ae422d24d91af822b87e899d","kind":"tag","published_at":"2014-02-20T19:46:18.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.2","html_url":"https://github.com/pyca/cryptography/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.2/manifests"},{"name":"0.1","sha":"ec688200e2dde5cef94fe2eb60fa2f8f820eab47","kind":"tag","published_at":"2014-01-08T23:15:49.000Z","download_url":"https://codeload.github.com/pyca/cryptography/tar.gz/0.1","html_url":"https://github.com/pyca/cryptography/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fcryptography/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2024-10-30T00:55:48.279Z","dependent_packages_count":3396,"downloads":374813273,"downloads_period":"last-month","dependent_repos_count":131580,"rankings":{"downloads":0.0027512486083267453,"dependent_repos_count":0.006786413233872639,"dependent_packages_count":0.008620578972757136,"stargazers_count":0.7545757849770821,"forks_count":1.5489529664879578,"docker_downloads_count":0.0014673325911075978,"average":0.3871923874785173},"purl":"pkg:pypi/cryptography","advisories":[{"uuid":"GSA_kwCzR0hTQS03OXY0LTY1eGctcHE0Z84ABEUU","url":"https://github.com/advisories/GHSA-79v4-65xg-pq4g","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2025-02-11T18:06:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g","https://openssl-library.org/news/secadv/20250211.txt","https://nvd.nist.gov/vuln/detail/CVE-2024-12797","https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9","https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7","https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699","http://www.openwall.com/lists/oss-security/2025/02/11/3","http://www.openwall.com/lists/oss-security/2025/02/11/4","https://github.com/advisories/GHSA-79v4-65xg-pq4g"],"source_kind":"github","identifiers":["GHSA-79v4-65xg-pq4g","CVE-2024-12797"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"44.0.1","vulnerable_version_range":"\u003e= 42.0.0, \u003c 44.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2025-02-11T19:07:29.680Z","updated_at":"2025-02-12T18:20:08.000Z","epss_percentage":0.0013,"epss_percentile":0.33844},{"uuid":"GSA_kwCzR0hTQS1oNGdoLXFxNDUtdmgyN84AA_QU","url":"https://github.com/advisories/GHSA-h4gh-qq45-vh27","title":"pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-09-03T21:59:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27","https://openssl-library.org/news/secadv/20240903.txt","https://github.com/advisories/GHSA-h4gh-qq45-vh27"],"source_kind":"github","identifiers":["GHSA-h4gh-qq45-vh27"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"43.0.1","vulnerable_version_range":"\u003e= 37.0.0, \u003c 43.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-09-03T22:05:59.113Z","updated_at":"2024-09-03T21:59:48.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS1xM2NqLTJyMzQtMmN3Y84AAbxz","url":"https://github.com/advisories/GHSA-q3cj-2r34-2cwc","title":"Improper input validation in cryptography","description":"HKDF in cryptography before 1.5.3 returns an empty byte-string if used with a length less than algorithm.digest_size.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:51:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9243","https://github.com/pyca/cryptography/issues/3211","https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874","https://cryptography.io/en/latest/changelog","http://www.openwall.com/lists/oss-security/2016/11/09/2","http://www.ubuntu.com/usn/USN-3138-1","https://cryptography.io/en/latest/changelog/#v1-5-3","https://github.com/advisories/GHSA-q3cj-2r34-2cwc","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml","http://www.securityfocus.com/bid/94216","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT"],"source_kind":"github","identifiers":["GHSA-q3cj-2r34-2cwc","CVE-2016-9243"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"1.5.3","vulnerable_version_range":"\u003c 1.5.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:12:18.669Z","updated_at":"2024-09-13T20:08:28.000Z","epss_percentage":0.01644,"epss_percentile":0.80875},{"uuid":"GSA_kwCzR0hTQS1jZjdwLWdtMm0tODMzbc4AA0t4","url":"https://github.com/advisories/GHSA-cf7p-gm2m-833m","title":"cryptography mishandles SSH certificates","description":"The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-07-14T21:31:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-38325","https://github.com/pyca/cryptography/issues/9207","https://github.com/pyca/cryptography/pull/9208","https://github.com/pyca/cryptography/compare/41.0.1...41.0.2","https://pypi.org/project/cryptography/#history","https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3","https://github.com/pyca/cryptography/pull/7960","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK","https://security.netapp.com/advisory/ntap-20230824-0010","https://github.com/advisories/GHSA-cf7p-gm2m-833m"],"source_kind":"github","identifiers":["GHSA-cf7p-gm2m-833m","CVE-2023-38325"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"41.0.2","vulnerable_version_range":"\u003e= 40.0.0, \u003c 41.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-07-14T23:03:45.263Z","updated_at":"2024-09-13T20:06:13.000Z","epss_percentage":0.00791,"epss_percentile":0.72554},{"uuid":"GSA_kwCzR0hTQS13N3BwLW04d2Ytdmo2cs4AAxeE","url":"https://github.com/advisories/GHSA-w7pp-m8wf-vj6r","title":"Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf","description":"Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n\u003e\u003e\u003e outbuf = b\"\\x00\" * 32\n\u003e\u003e\u003e c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n\u003e\u003e\u003e c.update_into(b\"\\x00\" * 16, outbuf)\n16\n\u003e\u003e\u003e outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-02-07T20:54:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r","https://nvd.nist.gov/vuln/detail/CVE-2023-23931","https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e","https://github.com/pyca/cryptography/pull/8230","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml","https://github.com/advisories/GHSA-w7pp-m8wf-vj6r"],"source_kind":"github","identifiers":["GHSA-w7pp-m8wf-vj6r","CVE-2023-23931"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":35.32241018622205,"packages":[{"versions":[{"first_patched_version":"39.0.1","vulnerable_version_range":"\u003e= 1.8, \u003c 39.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-02-07T21:03:06.064Z","updated_at":"2025-05-20T01:11:33.997Z","epss_percentage":0.00737,"epss_percentile":0.71625},{"uuid":"GSA_kwCzR0hTQS14NHFyLTJmdmYtM21yNc4AAxfn","url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0  are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-02-08T22:17:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5","https://nvd.nist.gov/vuln/detail/CVE-2023-0286","https://rustsec.org/advisories/RUSTSEC-2023-0006.html","https://www.openssl.org/news/secadv/20230207.txt","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d","https://access.redhat.com/security/cve/cve-2023-0286","https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt","https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig","https://security.gentoo.org/glsa/202402-08","https://github.com/advisories/GHSA-x4qr-2fvf-3mr5"],"source_kind":"github","identifiers":["GHSA-x4qr-2fvf-3mr5","CVE-2023-0286"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"300.0.12","vulnerable_version_range":"\u003e= 300.0.0, \u003c 300.0.12"},{"first_patched_version":"111.25.0","vulnerable_version_range":"\u003c 111.25.0"}],"ecosystem":"cargo","package_name":"openssl-src"},{"versions":[{"first_patched_version":"39.0.1","vulnerable_version_range":"\u003e= 0.8.1, \u003c 39.0.1"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-02-08T23:03:18.370Z","updated_at":"2025-05-20T01:11:58.159Z","epss_percentage":0.91013,"epss_percentile":0.99606},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnZ20tanBnMy12NDc2","url":"https://github.com/advisories/GHSA-hggm-jpg3-v476","title":"RSA decryption vulnerable to Bleichenbacher timing vulnerability","description":"RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2. ","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-10-27T20:33:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476","https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494","https://nvd.nist.gov/vuln/detail/CVE-2020-25659","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/pyca/cryptography/pull/5507","https://github.com/advisories/GHSA-hggm-jpg3-v476","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml","https://pypi.org/project/cryptography"],"source_kind":"github","identifiers":["GHSA-hggm-jpg3-v476","CVE-2020-25659"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":41.977357032901566,"packages":[{"versions":[{"first_patched_version":"3.2","vulnerable_version_range":"\u003c 3.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:13:13.271Z","updated_at":"2024-11-18T16:26:10.000Z","epss_percentage":0.00343,"epss_percentile":0.55927},{"uuid":"GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN","url":"https://github.com/advisories/GHSA-6vqw-3v5j-54x4","title":"cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override","description":"If `pkcs12.serialize_key_and_certificates` is called with both:\n\n1. A certificate whose public key did not match the provided private key\n2. An `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`\n\nThen a NULL pointer dereference would occur, crashing the Python process.\n\nThis has been resolved, and now a `ValueError` is properly raised.\n\nPatched in https://github.com/pyca/cryptography/pull/10423","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-21T18:04:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4","https://github.com/pyca/cryptography/pull/10423","https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55","https://nvd.nist.gov/vuln/detail/CVE-2024-26130","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml","https://github.com/advisories/GHSA-6vqw-3v5j-54x4"],"source_kind":"github","identifiers":["GHSA-6vqw-3v5j-54x4","CVE-2024-26130"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"42.0.4","vulnerable_version_range":"\u003e= 38.0.0, \u003c 42.0.4"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-21T19:04:44.408Z","updated_at":"2025-02-06T18:07:26.000Z","epss_percentage":0.00257,"epss_percentile":0.48893},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJobTktcDl3NS1md203","url":"https://github.com/advisories/GHSA-rhm9-p9w5-fwm7","title":"PyCA Cryptography symmetrically encrypting large values can lead to integer overflow","description":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of `update()` calls with large values (multiple GBs) for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of buffers. This is patched in version 3.3.2 and newer.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-02-10T01:32:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7","https://nvd.nist.gov/vuln/detail/CVE-2020-36242","https://github.com/pyca/cryptography/issues/5615","https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst","https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae","https://github.com/pyca/cryptography/compare/3.3.1...3.3.2","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-rhm9-p9w5-fwm7","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E"],"source_kind":"github","identifiers":["GHSA-rhm9-p9w5-fwm7","CVE-2020-36242"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":45.048870962138274,"packages":[{"versions":[{"first_patched_version":"3.3.2","vulnerable_version_range":"\u003e= 3.1, \u003c 3.3.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:12:32.811Z","updated_at":"2025-05-20T01:09:28.307Z","epss_percentage":0.01307,"epss_percentile":0.78723},{"uuid":"GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w","url":"https://github.com/advisories/GHSA-v8gr-m533-ghj9","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-09-21T17:07:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9","https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512","https://github.com/advisories/GHSA-v8gr-m533-ghj9"],"source_kind":"github","identifiers":["GHSA-v8gr-m533-ghj9"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.4","vulnerable_version_range":"\u003e= 2.5, \u003c 41.0.4"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-09-21T18:05:56.673Z","updated_at":"2023-09-21T17:07:01.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq","url":"https://github.com/advisories/GHSA-3ww4-gg4f-jr7f","title":"Python Cryptography package vulnerable to Bleichenbacher timing oracle attack","description":"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-05T21:30:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-50782","https://access.redhat.com/security/cve/CVE-2023-50782","https://bugzilla.redhat.com/show_bug.cgi?id=2254432","https://github.com/pyca/cryptography/issues/9785","https://github.com/advisories/GHSA-3ww4-gg4f-jr7f"],"source_kind":"github","identifiers":["GHSA-3ww4-gg4f-jr7f","CVE-2023-50782"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"42.0.0","vulnerable_version_range":"\u003c 42.0.0"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-06T00:04:47.789Z","updated_at":"2024-08-08T05:10:55.000Z","epss_percentage":0.00521,"epss_percentile":0.65731},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjZjktM3F3My1neG1q","url":"https://github.com/advisories/GHSA-fcf9-3qw3-gxmj","title":"PyCA Cryptography vulnerable to GCM tag forgery","description":"A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-07-31T18:28:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-10903","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903","https://github.com/pyca/cryptography/pull/4342","https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb","https://access.redhat.com/errata/RHSA-2018:3600","https://github.com/advisories/GHSA-fcf9-3qw3-gxmj","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml","https://usn.ubuntu.com/3720-1"],"source_kind":"github","identifiers":["GHSA-fcf9-3qw3-gxmj","CVE-2018-10903"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":44.53695197393215,"packages":[{"versions":[{"first_patched_version":"2.3","vulnerable_version_range":"\u003e= 1.9.0, \u003c 2.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:13:36.794Z","updated_at":"2024-09-13T18:13:04.000Z","epss_percentage":0.00327,"epss_percentile":0.54837},{"uuid":"GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw","url":"https://github.com/advisories/GHSA-jfhm-5ghh-2f97","title":"cryptography vulnerable to NULL-dereference when loading PKCS7 certificates","description":"### Summary\n\nCalling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault.\n\n### PoC\nHere is a Python code that triggers the issue:\n```python\nfrom cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates\n\npem_p7 = b\"\"\"\n-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n\"\"\"\n\nder_p7 = b\"\\x30\\x0B\\x06\\x09\\x2A\\x86\\x48\\x86\\xF7\\x0D\\x01\\x07\\x02\"\n\nload_pem_pkcs7_certificates(pem_p7)\nload_der_pkcs7_certificates(der_p7)\n```\n\n### Impact\nExploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-11-28T20:46:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97","https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a","https://nvd.nist.gov/vuln/detail/CVE-2023-49083","https://github.com/pyca/cryptography/pull/9926","http://www.openwall.com/lists/oss-security/2023/11/29/2","https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV","https://github.com/advisories/GHSA-jfhm-5ghh-2f97"],"source_kind":"github","identifiers":["GHSA-jfhm-5ghh-2f97","CVE-2023-49083"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.6","vulnerable_version_range":"\u003e= 3.1, \u003c 41.0.6"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-11-28T21:06:00.277Z","updated_at":"2024-02-20T18:14:36.000Z","epss_percentage":0.00457,"epss_percentile":0.62805},{"uuid":"GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V","url":"https://github.com/advisories/GHSA-jm77-qphf-c4w8","title":"pyca/cryptography's wheels include vulnerable OpenSSL","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-08-01T22:34:41.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8","https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d","https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2","https://www.openssl.org/news/secadv/20230714.txt","https://www.openssl.org/news/secadv/20230719.txt","https://www.openssl.org/news/secadv/20230731.txt","https://github.com/advisories/GHSA-jm77-qphf-c4w8"],"source_kind":"github","identifiers":["GHSA-jm77-qphf-c4w8"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.3","vulnerable_version_range":"\u003e= 0.8, \u003c 41.0.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-08-01T23:03:46.702Z","updated_at":"2023-08-01T22:34:41.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB","url":"https://github.com/advisories/GHSA-5cpq-8wj7-hf2v","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-06-02T17:13:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v","https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22","https://cryptography.io/en/latest/changelog/#v41-0-0","https://github.com/advisories/GHSA-5cpq-8wj7-hf2v"],"source_kind":"github","identifiers":["GHSA-5cpq-8wj7-hf2v"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"41.0.0","vulnerable_version_range":"\u003e= 0.5, \u003c= 40.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2023-06-02T18:03:17.370Z","updated_at":"2023-06-02T17:13:11.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0zOWhjLXY4N2otNzQ3eM4AAvq8","url":"https://github.com/advisories/GHSA-39hc-v87j-747x","title":"Vulnerable OpenSSL included in cryptography wheels","description":"pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-02T18:11:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x","https://github.com/pyca/cryptography/commit/382e759bcded5773330eeed748c86b213ec618c5","https://github.com/pyca/cryptography/commit/cf2ada625d1188d6cd46396f301b98095da577f7","https://github.com/advisories/GHSA-39hc-v87j-747x"],"source_kind":"github","identifiers":["GHSA-39hc-v87j-747x"],"repository_url":"https://github.com/pyca/cryptography","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"38.0.3","vulnerable_version_range":"\u003e= 37.0.0, \u003c 38.0.3"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2022-12-21T16:11:53.468Z","updated_at":"2023-01-08T05:03:03.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS05djloLWNnajgtaDY0cM4AA44M","url":"https://github.com/advisories/GHSA-9v9h-cgj8-h64p","title":"Null pointer dereference in PKCS12 parsing","description":"Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-01-26T09:30:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-0727","https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2","https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a","https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c","https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8","https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539","https://www.openssl.org/news/secadv/20240125.txt","https://github.com/github/advisory-database/pull/3472","https://github.com/openssl/openssl/pull/23362","https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2","https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d","https://security.netapp.com/advisory/ntap-20240208-0006","http://www.openwall.com/lists/oss-security/2024/03/11/1","https://github.com/advisories/GHSA-9v9h-cgj8-h64p"],"source_kind":"github","identifiers":["GHSA-9v9h-cgj8-h64p","CVE-2024-0727"],"repository_url":"https://github.com/openssl/openssl","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"42.0.2","vulnerable_version_range":"\u003c 42.0.2"}],"ecosystem":"pypi","package_name":"cryptography"}],"created_at":"2024-02-16T21:04:38.629Z","updated_at":"2025-05-20T01:10:22.578Z","epss_percentage":0.0016,"epss_percentile":0.37966}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/cryptography","docker_dependents_count":20440,"docker_downloads_count":15967514223,"usage_url":"https://repos.ecosyste.ms/usage/pypi/cryptography","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/cryptography/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/cryptography/related_packages","maintainers":[{"uuid":"reaperhulk","login":"reaperhulk","name":null,"email":null,"url":null,"packages_count":7,"html_url":"https://pypi.org/user/reaperhulk/","role":null,"created_at":"2022-11-27T19:19:59.964Z","updated_at":"2022-11-27T19:19:59.964Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/reaperhulk/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690322,"maintainers_count":292759,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":4559,"unique_repositories_count_past_30_days":55,"recent_issues":[{"uuid":"4843795241","node_id":"PR_kwDONlPUKM7vmet3","number":814,"state":"open","title":"Bump cryptography from 46.0.3 to 48.0.1 in /libs/sdk","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":["mootpointer"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-09T06:30:16.000Z","updated_at":"2026-07-16T01:09:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.3","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"/libs/sdk","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/destiny-evidence/destiny-repository/pull/814","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/destiny-evidence%2Fdestiny-repository/issues/814","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/814/packages"},{"uuid":"4840102172","node_id":"PR_kwDOQs1TMs7vahMm","number":176,"state":"closed","title":"Bump cryptography from 44.0.0 to 48.0.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-08T18:37:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-08T18:24:28.000Z","updated_at":"2026-07-08T18:37:27.000Z","time_to_close":770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"44.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/44.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=44.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/webzfs/webzfs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/webzfs/webzfs/pull/176","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/webzfs%2Fwebzfs/issues/176","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/176/packages"},{"uuid":"4815180695","node_id":"PR_kwDOTABO587uJR76","number":23,"state":"closed","title":"deps(backend): update cryptography requirement from \u003e=42.0.0 to \u003e=49.0.0 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-07T12:52:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-06T01:08:48.000Z","updated_at":"2026-07-07T12:52:59.000Z","time_to_close":128648,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend): update","packages":[{"name":"cryptography","old_version":"\u003e=42.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/MS33834/EmpValue-AI/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS33834%2FEmpValue-AI/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"},{"uuid":"4811416290","node_id":"PR_kwDOTNVyuc7t-Klw","number":8,"state":"open","title":"Update cryptography requirement from \u003e=42.0 to \u003e=49.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-05T03:03:26.000Z","updated_at":"2026-07-05T03:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"cryptography","old_version":"\u003e=42.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/FMSMITH91/linuxgsm-panel/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FMSMITH91%2Flinuxgsm-panel/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4806963494","node_id":"PR_kwDOSG1b6s7twtxt","number":4,"state":"closed","title":"chore(deps): bump the backend group across 1 directory with 30 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-04T00:31:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-04T00:02:18.000Z","updated_at":"2026-07-04T00:31:42.000Z","time_to_close":1741,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"backend","update_count":30,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.139.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.42.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.51","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.5","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"cryptography","old_version":"46.0.5","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"httpx","old_version":"0.27.2","new_version":"0.28.1","repository_url":"https://github.com/encode/httpx"},{"name":"typer","old_version":"0.24.1","new_version":"0.26.8","repository_url":"https://github.com/fastapi/typer"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nUpdates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [alembic](https://github.com/sqlalchemy/alembic), [pydantic](https://github.com/pydantic/pydantic), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [cryptography](https://github.com/pyca/cryptography), [httpx](https://github.com/encode/httpx), [typer](https://github.com/fastapi/typer), [redis](https://github.com/redis/redis-py), [celery](https://github.com/celery/celery), [grpcio](https://github.com/grpc/grpc), [grpcio-reflection](https://grpc.io), [protobuf](https://github.com/protocolbuffers/protobuf), [reportlab](https://www.reportlab.com/), [rapidfuzz](https://github.com/rapidfuzz/RapidFuzz), [prometheus-client](https://github.com/prometheus/client_python), [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator), [neo4j](https://github.com/neo4j/neo4j-python-driver), [chromadb](https://github.com/chroma-core/chroma), [groq](https://github.com/groq/groq-python), [pyotp](https://github.com/pyauth/pyotp), [pybind11](https://github.com/pybind/pybind11), [fakeredis](https://github.com/cunla/fakeredis-py), [pytest](https://github.com/pytest-dev/pytest), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [prompt-toolkit](https://github.com/prompt-toolkit/python-prompt-toolkit), [websockets](https://github.com/python-websockets/websockets), [keyring](https://github.com/jaraco/keyring) and [textual](https://github.com/Textualize/textual) to permit the latest version.\nUpdates `fastapi` from 0.135.1 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.139.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support dependencies in \u003ccode\u003eapp.frontend()\u003c/code\u003e, e.g. for automatic cookie authentication for the frontend. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15908\"\u003e#15908\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15897\"\u003e#15897\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15895\"\u003e#15895\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15896\"\u003e#15896\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15899\"\u003e#15899\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15892\"\u003e#15892\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15891\"\u003e#15891\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15893\"\u003e#15893\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15898\"\u003e#15898\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15900\"\u003e#15900\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15890\"\u003e#15890\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15894\"\u003e#15894\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15888\"\u003e#15888\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15880\"\u003e#15880\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15889\"\u003e#15889\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15883\"\u003e#15883\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15885\"\u003e#15885\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15882\"\u003e#15882\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15887\"\u003e#15887\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15886\"\u003e#15886\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15881\"\u003e#15881\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15884\"\u003e#15884\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15879\"\u003e#15879\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15909\"\u003e#15909\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15906\"\u003e#15906\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15878\"\u003e#15878\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Remove not needed \u003ccode\u003eallow-unsafe-pr-checkout: true\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15876\"\u003e#15876\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the github-actions group with 5 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15872\"\u003e#15872\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the python-packages group across 1 directory with 10 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15870\"\u003e#15870\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump CodSpeedHQ/action from 4.17.0 to 4.17.5 in the github-actions group. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15826\"\u003e#15826\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.138.1\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Refactor Library Skills, make info easier to find for agents. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15841\"\u003e#15841\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👷 Simplify pull request workflow triggers. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15836\"\u003e#15836\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Update issue-manager to 0.7.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15833\"\u003e#15833\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update issue-manager to 0.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15831\"\u003e#15831\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cecd96d9c6c318e0df1c40cedbc2e953381ddfd3\"\u003e\u003ccode\u003ececd96d\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.139.0 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15910\"\u003e#15910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/aea660936b55fdbd84270d24f892839388922dd6\"\u003e\u003ccode\u003eaea6609\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/319be508ce7db9ee5f52c3b9baa68c6cc1037c10\"\u003e\u003ccode\u003e319be50\u003c/code\u003e\u003c/a\u003e ✨ Support dependencies in \u003ccode\u003eapp.frontend()\u003c/code\u003e, e.g. for automatic cookie authent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/66a90f6ee9c0cf58ec61b14f8925344d6f16eae5\"\u003e\u003ccode\u003e66a90f6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d30a3ebfc7d7fd7851ba4243677266c53cb9f154\"\u003e\u003ccode\u003ed30a3eb\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15909\"\u003e#15909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/122f1b58f4e0fabfefef3710a8c8247bb2bd820b\"\u003e\u003ccode\u003e122f1b5\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fd6ece32eeb27c9ce164bd9170f9d8e1db1dacff\"\u003e\u003ccode\u003efd6ece3\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI GitHub topic repositories (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15906\"\u003e#15906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ec2a6adaf14c440bdcd0fd3f4ca203daa8c3ba6a\"\u003e\u003ccode\u003eec2a6ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9d7d7febd3a66844f948254c1ba4745b6cc16f40\"\u003e\u003ccode\u003e9d7d7fe\u003c/code\u003e\u003c/a\u003e 🌐 Update translations for fr (update-outdated) (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15897\"\u003e#15897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8dc852df4713efa998d126c5194302e9f06e7675\"\u003e\u003ccode\u003e8dc852d\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.42.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.42.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.51\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.51\u003c/h1\u003e\n\u003cp\u003eReleased: June 15, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.subqueryload()\u003c/code\u003e combined with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e and \u003ccode\u003ePropComparator.and_()\u003c/code\u003e would\nsilently drop the additional filter criteria, causing all related objects\nto be loaded instead of only those matching the filter.  The\n\u003ccode\u003eLoaderCriteriaOption\u003c/code\u003e was being constructed against the base\nentity rather than the effective entity indicated by\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e.  Pull request courtesy Arya Rizky.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13207\"\u003e#13207\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed bug where a failure during \u003ccode\u003etpc_prepare()\u003c/code\u003e within\n\u003ccode\u003e_orm.Session.commit()\u003c/code\u003e for a two-phase session would raise\n\u003ccode\u003eIllegalStateChangeError\u003c/code\u003e instead of the original database\nexception.  The internal \u003ccode\u003e_prepare_impl()\u003c/code\u003e method's error handler\nwas unable to invoke \u003ccode\u003e_orm.SessionTransaction.rollback()\u003c/code\u003e due\nto a state-change guard, preventing proper cleanup and masking the\nunderlying error.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13356\"\u003e#13356\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eengine\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[engine] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003eResult.freeze()\u003c/code\u003e would lose track of ambiguous\ncolumn names present in the original \u003ccode\u003eCursorResult\u003c/code\u003e, causing\nkey-based access on the thawed result to silently return a value instead of\nraising \u003ccode\u003eInvalidRequestError\u003c/code\u003e.  The\n\u003ccode\u003eSimpleResultMetaData\u003c/code\u003e now accepts and propagates ambiguous key\ninformation so that frozen, thawed, and pickled results raise consistently\nfor duplicate column names.  Pull request courtesy Saurabh Kohli.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/9427\"\u003e#9427\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_sql.StatementLambdaElement\u003c/code\u003e would proxy\nattribute access through the cached \u0026quot;expected\u0026quot; expression rather than the\nresolved expression, causing stale closure-bound parameter values to be\nused when a lambda statement was extended with non-lambda criteria such as\nan additional \u003ccode\u003e.where()\u003c/code\u003e clause.  Courtesy cjc0013.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10827\"\u003e#10827\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.5\u003c/h1\u003e\n\u003cp\u003eReleased: June 25, 2026\u003c/p\u003e\n\u003ch2\u003eusecase\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[usecase] [commands]\u003c/strong\u003e Added \u003ccode\u003e--splice\u003c/code\u003e support to the \u003ccode\u003emerge()\u003c/code\u003e command. Previously, the\nmerge command would suggest using \u003ccode\u003e--splice\u003c/code\u003e when attempting to merge\nnon-head revisions, but the flag was not actually accepted by the command.\nThe \u003ccode\u003esplice\u003c/code\u003e parameter is now available in both the command-line\ninterface and the \u003ccode\u003ecommand.merge()\u003c/code\u003e function, matching the existing\nsupport in \u003ccode\u003ecommand.revision()\u003c/code\u003e.  Pull request courtesy Kadir Can\nOzden.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[usecase] [environment]\u003c/strong\u003e Added \u003ccode\u003eScriptDirectory.get_heads.consider_depends_on\u003c/code\u003e\nparameter to \u003ccode\u003eScriptDirectory.get_heads()\u003c/code\u003e. When set to \u003ccode\u003eTrue\u003c/code\u003e,\nhead revisions that are also a dependency of another revision via\n\u003ccode\u003edepends_on\u003c/code\u003e are excluded from the result, matching the effective\nheads that would be present in the \u003ccode\u003ealembic_version\u003c/code\u003e table after\nrunning all upgrades.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1806\"\u003e#1806\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed rendering of dialect keyword arguments containing\n\u003ccode\u003e~sqlalchemy.schema.Column\u003c/code\u003e objects within sequences, such as\n\u003ccode\u003epostgresql_include\u003c/code\u003e.  These were previously rendered using \u003ccode\u003erepr()\u003c/code\u003e,\nproducing invalid Python in the generated migration scripts.  Column\nobjects within list or tuple values are now correctly rendered as their\nstring column names.  Pull request courtesy Ajay Singh.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1258\"\u003e#1258\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [mysql]\u003c/strong\u003e Implemented type comparison for \u003ccode\u003eENUM\u003c/code\u003e datatypes on MySQL, which\nchecks that the individual enum values are equivalent.  If additional\nentries are on either side, this generates a diff.  Changes of order do not\ngenerate a diff.  Pull request courtesy Furkan Köykıran.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1745\"\u003e#1745\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/779\"\u003e#779\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Fixed bug where the \u003ccode\u003einline_references\u003c/code\u003e parameter of\n\u003ccode\u003eOperations.add_column()\u003c/code\u003e did not include foreign key referential\nactions such as \u003ccode\u003eON DELETE\u003c/code\u003e, \u003ccode\u003eON UPDATE\u003c/code\u003e, \u003ccode\u003eDEFERRABLE\u003c/code\u003e,\n\u003ccode\u003eINITIALLY\u003c/code\u003e, and \u003ccode\u003eMATCH\u003c/code\u003e when rendering the inline \u003ccode\u003eREFERENCES\u003c/code\u003e\nclause.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a security patch release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e from following symlinks outside \u003ccode\u003esecrets_dir\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/889\"\u003epydantic/pydantic-settings#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.2 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/890\"\u003epydantic/pydantic-settings#890\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j\"\u003eGHSA-4xgf-cpjx-pc3j\u003c/a\u003e: \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e with \u003ccode\u003esecrets_nested_subdir=True\u003c/code\u003e could follow a symbolic link inside \u003ccode\u003esecrets_dir\u003c/code\u003e pointing outside it, reading out-of-tree files into settings values and bypassing the \u003ccode\u003esecrets_dir_max_size\u003c/code\u003e cap. Affected versions: \u003ccode\u003e\u0026gt;= 2.12.0, \u0026lt; 2.14.2\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/d703bd717e5e07439fa89da2245eee6139413e9e\"\u003e\u003ccode\u003ed703bd7\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.2 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/890\"\u003e#890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httpx` from 0.27.2 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/httpx/releases\"\u003ehttpx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.28.1\u003c/h2\u003e\n\u003ch2\u003e0.28.1 (6th December, 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix SSL case where \u003ccode\u003everify=False\u003c/code\u003e together with client side certificates.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 0.28.0\u003c/h2\u003e\n\u003ch2\u003e0.28.0 (28th November, 2024)\u003c/h2\u003e\n\u003cp\u003eThe 0.28 release includes a limited set of deprecations.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e:\u003c/p\u003e\n\u003cp\u003eWe are working towards a simplified SSL configuration API.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFor users of the standard \u003ccode\u003everify=True\u003c/code\u003e or \u003ccode\u003everify=False\u003c/code\u003e cases, or \u003ccode\u003everify=\u0026lt;ssl_context\u0026gt;\u003c/code\u003e case this should require no changes. The following cases have been deprecated...\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003everify\u003c/code\u003e argument as a string argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecert\u003c/code\u003e argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOur revised \u003ca href=\"https://github.com/encode/httpx/blob/HEAD/docs/advanced/ssl.md\"\u003eSSL documentation\u003c/a\u003e covers how to implement the same behaviour with a more constrained API.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe following changes are also included\u003c/strong\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eproxies\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eapp\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eJSON request bodies use a compact representation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReview URL percent escape sets, based on WHATWG spec. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3371\"\u003e#3371\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/encode/httpx/issues/3373\"\u003e#3373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecertifi\u003c/code\u003e and \u003ccode\u003ehttpcore\u003c/code\u003e are only imported if required. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3377\"\u003e#3377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003esocks5h\u003c/code\u003e as a valid proxy scheme. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3178\"\u003e#3178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleanup \u003ccode\u003eRequest()\u003c/code\u003e method signature in line with \u003ccode\u003eclient.request()\u003c/code\u003e and \u003ccode\u003ehttpx.request()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBugfix: When passing \u003ccode\u003eparams={}\u003c/code\u003e, always strictly update rather than merge with an existing querystring. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/httpx/blob/master/CHANGELOG.md\"\u003ehttpx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1 (6th December, 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix SSL case where \u003ccode\u003everify=False\u003c/code\u003e together with client side certificates.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0 (28th November, 2024)\u003c/h2\u003e\n\u003cp\u003eBe aware that the default \u003cem\u003eJSON request bodies now use a more compact representation\u003c/em\u003e. This is generally considered a prefered style, tho may require updates to test suites.\u003c/p\u003e\n\u003cp\u003eThe 0.28 release includes a limited set of deprecations...\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e:\u003c/p\u003e\n\u003cp\u003eWe are working towards a simplified SSL configuration API.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFor users of the standard \u003ccode\u003everify=True\u003c/code\u003e or \u003ccode\u003everify=False\u003c/code\u003e cases, or \u003ccode\u003everify=\u0026lt;ssl_context\u0026gt;\u003c/code\u003e case this should require no changes. The following cases have been deprecated...\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003everify\u003c/code\u003e argument as a string argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecert\u003c/code\u003e argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOur revised \u003ca href=\"https://github.com/encode/httpx/blob/master/docs/advanced/ssl.md\"\u003eSSL documentation\u003c/a\u003e covers how to implement the same behaviour with a more constrained API.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe following changes are also included\u003c/strong\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eproxies\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eapp\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eJSON request bodies use a compact representation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReview URL percent escape sets, based on WHATWG spec. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3371\"\u003e#3371\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/encode/httpx/issues/3373\"\u003e#3373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecertifi\u003c/code\u003e and \u003ccode\u003ehttpcore\u003c/code\u003e are only imported if required. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3377\"\u003e#3377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003esocks5h\u003c/code\u003e as a valid proxy scheme. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3178\"\u003e#3178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleanup \u003ccode\u003eRequest()\u003c/code\u003e method signature in line with \u003ccode\u003eclient.request()\u003c/code\u003e and \u003ccode\u003ehttpx.request()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBugfix: When passing \u003ccode\u003eparams={}\u003c/code\u003e, always strictly update rather than merge with an existing querystring. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/26d48e0634e6ee9cdc0533996db289ce4b430177\"\u003e\u003ccode\u003e26d48e0\u003c/code\u003e\u003c/a\u003e Version 0.28.1 (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/89599a9541af14bcf906fc4ed58ccbdf403802ba\"\u003e\u003ccode\u003e89599a9\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003everify=False\u003c/code\u003e, \u003ccode\u003ecert=...\u003c/code\u003e case. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3442\"\u003e#3442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/8ecb86f0d74ffc52d4663214fae9526bee89358d\"\u003e\u003ccode\u003e8ecb86f\u003c/code\u003e\u003c/a\u003e Add test for request params behavior changes (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3440\"\u003e#3440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/0cb7e5a2e736628e2f506d259fcf0d48cd2bde82\"\u003e\u003ccode\u003e0cb7e5a\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 11 updates (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/15e21e9ea3cad4f06e22a7e704aabefdf43d2e29\"\u003e\u003ccode\u003e15e21e9\u003c/code\u003e\u003c/a\u003e Updating deprecated docstring Client() class (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/80960fa31918d7663c3f4c3ad61661cf0e80628f\"\u003e\u003ccode\u003e80960fa\u003c/code\u003e\u003c/a\u003e Version 0.28.0. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/a33c87852b8a0dddc65e5f739af1e0a6fca4b91f\"\u003e\u003ccode\u003ea33c878\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eextensions\u003c/code\u003e type annotation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3380\"\u003e#3380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/ce7e14da27abba6574be9b3ea7cd5990556a9343\"\u003e\u003ccode\u003ece7e14d\u003c/code\u003e\u003c/a\u003e Error on verify as str. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3418\"\u003e#3418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/47f4a96ffaaaa07dca1614409549b5d7a6e7af49\"\u003e\u003ccode\u003e47f4a96\u003c/code\u003e\u003c/a\u003e Handle empty zstd responses (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3412\"\u003e#3412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/189fc4bcbe5f314128775dec66a616ac9a31ad48\"\u003e\u003ccode\u003e189fc4b\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md, fix typo(s) (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3406\"\u003e#3406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/httpx/compare/0.27.2...0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.24.1 to 0.26.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.8\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Make second column of Rich help output reflect the type consistently, even when using \u003ccode\u003emetavar\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1410\"\u003e#1410\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🐛 Fix formatting in \u003ccode\u003eNoSuchOption.format_message()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1843\"\u003e#1843\u003c/a\u003e by \u003ca href=\"https://github.com/foomunleong\"\u003e\u003ccode\u003e@​foomunleong\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update docs badges: remove Publish badge, it doesn't give extra information. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1850\"\u003e#1850\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix formatting for help link to support GitHub-specific overview edge-case. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1826\"\u003e#1826\u003c/a\u003e by \u003ca href=\"https://github.com/phalberg\"\u003e\u003ccode\u003e@​phalberg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👷 Simplify pull request workflow triggers. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1858\"\u003e#1858\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Update issue-manager to 0.7.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1857\"\u003e#1857\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update issue-manager to 0.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1856\"\u003e#1856\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Update zizmor workflow security checks. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1854\"\u003e#1854\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Group Dependabot updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1853\"\u003e#1853\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update Dependabot ecosystem coverage. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1851\"\u003e#1851\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Fix alls-green test dependency. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1848\"\u003e#1848\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.7 to 48.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1841\"\u003e#1841\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.13.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1839\"\u003e#1839\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the github-actions group across 1 directory with 3 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1828\"\u003e#1828\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the python-packages group with 3 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1829\"\u003e#1829\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]...\n\n_Description has been truncated_","html_url":"https://github.com/zak-li/Pxtly/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zak-li%2FPxtly/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4798050198","node_id":"PR_kwDOSgD7is7tTscz","number":96,"state":"closed","title":"chore(deps): bump the pip group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-02T20:46:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-02T20:43:18.000Z","updated_at":"2026-07-02T20:46:59.000Z","time_to_close":212,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":3,"packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"starlette","old_version":"1.0.1","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"python-multipart","old_version":"0.0.29","new_version":"0.0.31","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /requirements directory: [cryptography](https://github.com/pyca/cryptography), [starlette](https://github.com/Kludex/starlette) and [python-multipart](https://github.com/Kludex/python-multipart).\n\nUpdates `cryptography` from 48.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.1 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eStarletteDeprecationWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3119\"\u003eKludex/starlette#3119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3329\"\u003eKludex/starlette#3329\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3331\"\u003eKludex/starlette#3331\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.3.0...1.3.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.3.0...1.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClamp oversized suffix ranges in \u003ccode\u003eFileResponse\u003c/code\u003e by \u003ca href=\"https://github.com/jiyujie2006\"\u003e\u003ccode\u003e@​jiyujie2006\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3307\"\u003eKludex/starlette#3307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCatch \u003ccode\u003eOSError\u003c/code\u003e alongside \u003ccode\u003eMultiPartException\u003c/code\u003e when closing temp files by \u003ca href=\"https://github.com/N3XT3R1337\"\u003e\u003ccode\u003e@​N3XT3R1337\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3191\"\u003eKludex/starlette#3191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ehttpx2\u003c/code\u003e to the \u003ccode\u003efull\u003c/code\u003e extra by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3323\"\u003eKludex/starlette#3323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust testclient typing and warnings by \u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3322\"\u003eKludex/starlette#3322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix IndexError in URL.replace() on a URL with no authority by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3317\"\u003eKludex/starlette#3317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotate URLPath protocol parameter with Literal by \u003ca href=\"https://github.com/Chang-LeHung\"\u003e\u003ccode\u003e@​Chang-LeHung\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3285\"\u003eKludex/starlette#3285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eavoid collapsing exception groups from user code by \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2830\"\u003eKludex/starlette#2830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eremoveprefix\u003c/code\u003e to strip weak ETag indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e by \u003ca href=\"https://github.com/gnosyslambda\"\u003e\u003ccode\u003e@​gnosyslambda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3193\"\u003eKludex/starlette#3193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild \u003ccode\u003erequest.url\u003c/code\u003e from structured components by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3326\"\u003eKludex/starlette#3326\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jiyujie2006\"\u003e\u003ccode\u003e@​jiyujie2006\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3307\"\u003eKludex/starlette#3307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/N3XT3R1337\"\u003e\u003ccode\u003e@​N3XT3R1337\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3191\"\u003eKludex/starlette#3191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leestana01\"\u003e\u003ccode\u003e@​leestana01\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3319\"\u003eKludex/starlette#3319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3317\"\u003eKludex/starlette#3317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EmmanuelNiyonshuti\"\u003e\u003ccode\u003e@​EmmanuelNiyonshuti\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3204\"\u003eKludex/starlette#3204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chang-LeHung\"\u003e\u003ccode\u003e@​Chang-LeHung\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3285\"\u003eKludex/starlette#3285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gnosyslambda\"\u003e\u003ccode\u003e@​gnosyslambda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3193\"\u003eKludex/starlette#3193\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.1...1.3.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.1...1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module by \u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assert error for requires() when request param is not Request type by \u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/diskeu\"\u003e\u003ccode\u003e@​diskeu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3243\"\u003eKludex/starlette#3243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.0...1.2.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.0...1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3291\"\u003eKludex/starlette#3291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.1.0...1.2.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.1.0...1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.3.1 (June 12, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3329\"\u003e#3329\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3331\"\u003e#3331\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0 (June 11, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehttpx2\u003c/code\u003e to the \u003ccode\u003efull\u003c/code\u003e extra \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3323\"\u003e#3323\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAnnotate the \u003ccode\u003eURLPath\u003c/code\u003e \u003ccode\u003eprotocol\u003c/code\u003e parameter with \u003ccode\u003eLiteral\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3285\"\u003e#3285\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBuild \u003ccode\u003erequest.url\u003c/code\u003e from structured components \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3326\"\u003e#3326\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eClamp oversized suffix ranges in \u003ccode\u003eFileResponse\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3307\"\u003e#3307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCatch \u003ccode\u003eOSError\u003c/code\u003e alongside \u003ccode\u003eMultiPartException\u003c/code\u003e when closing temp files \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3191\"\u003e#3191\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAvoid collapsing exception groups raised from user code \u003ca href=\"https://redirect.github.com/encode/starlette/pull/2830\"\u003e#2830\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eremoveprefix\u003c/code\u003e to strip the weak \u003ccode\u003eETag\u003c/code\u003e indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3193\"\u003e#3193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e in \u003ccode\u003eURL.replace()\u003c/code\u003e on a URL with no authority \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3317\"\u003e#3317\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdjust \u003ccode\u003etestclient\u003c/code\u003e typing and warnings \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3322\"\u003e#3322\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.1 (May 31, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3304\"\u003e#3304\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd assert error for \u003ccode\u003erequires()\u003c/code\u003e when the request parameter is not a \u003ccode\u003eRequest\u003c/code\u003e type \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3298\"\u003e#3298\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0 (May 28, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3291\"\u003e#3291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.1.0 (May 23, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3283\"\u003e#3283\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3286\"\u003e#3286\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3287\"\u003e#3287\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/8ebffd0678570ddd5d5bb11c6f3c3c7fd4682ab9\"\u003e\u003ccode\u003e8ebffd0\u003c/code\u003e\u003c/a\u003e Version 1.3.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/25b8e179d8d7ed86769c02f648772dd5fb43dc3c\"\u003e\u003ccode\u003e25b8e17\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3331\"\u003e#3331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/dba1c4babc4f99ad2622bb913d87045775dda735\"\u003e\u003ccode\u003edba1c4b\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/45e51dcf99f3a270b0bcec1aec5410b4345863a9\"\u003e\u003ccode\u003e45e51dc\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eStarletteDeprecationWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3119\"\u003e#3119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/5f8610c386e13de1d80d36efa961e1486a1d2d01\"\u003e\u003ccode\u003e5f8610c\u003c/code\u003e\u003c/a\u003e Version 1.3.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/167b5850e809f38b27fbfed62d58bf6442855975\"\u003e\u003ccode\u003e167b585\u003c/code\u003e\u003c/a\u003e Build \u003ccode\u003erequest.url\u003c/code\u003e from structured components (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/37309255b4c1b9c381a2d24a1eaf83100984a16a\"\u003e\u003ccode\u003e3730925\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eremoveprefix\u003c/code\u003e to strip weak ETag indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3193\"\u003e#3193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e6f7ad1ab85efb27ab7910d8007b3f4531f7b083\"\u003e\u003ccode\u003ee6f7ad1\u003c/code\u003e\u003c/a\u003e avoid collapsing exception groups from user code (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2830\"\u003e#2830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/115228fcdca0e0ef5bf4a95a40ddce5a9fced428\"\u003e\u003ccode\u003e115228f\u003c/code\u003e\u003c/a\u003e Annotate URLPath protocol parameter with Literal (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3285\"\u003e#3285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/113f193a34353c9153857028c1074351d22fad07\"\u003e\u003ccode\u003e113f193\u003c/code\u003e\u003c/a\u003e docs: replace inline ASGI server list with link to canonical implemen… (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3204\"\u003e#3204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.1...1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.29 to 0.0.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9d3ead568a259f222cff6425262ff63e88d930d4\"\u003e\u003ccode\u003e9d3ead5\u003c/code\u003e\u003c/a\u003e Version 0.0.30 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d\"\u003e\u003ccode\u003e3506c15\u003c/code\u003e\u003c/a\u003e Ignore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d69df35cd2cad9c72794c2c340db646afae957d8\"\u003e\u003ccode\u003ed69df35\u003c/code\u003e\u003c/a\u003e Treat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1e6ff9740b09fb439755f30e2b0e2ada1d297325\"\u003e\u003ccode\u003e1e6ff97\u003c/code\u003e\u003c/a\u003e Bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yasufumi-nakata/openri/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yasufumi-nakata/openri/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasufumi-nakata%2Fopenri/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"},{"uuid":"4788376467","node_id":"PR_kwDOPJsOlc7s0ZDN","number":3,"state":"open","title":"chore(deps): bump the uv group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T18:51:27.000Z","updated_at":"2026-07-01T18:55:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.6.0","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"cryptography","old_version":"45.0.5","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"fastmcp","old_version":"2.10.5","new_version":"3.2.0","repository_url":"https://github.com/PrefectHQ/fastmcp"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"joserfc","old_version":"1.6.4","new_version":"1.6.7","repository_url":"https://github.com/authlib/joserfc"},{"name":"langchain-core","old_version":"1.1.0","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"1.0.0","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.4.7","new_version":"0.8.18","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pillow","old_version":"11.3.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.31","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.46.2","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"transformers","old_version":"4.53.2","new_version":"5.3.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"ujson","old_version":"5.10.0","new_version":"5.13.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.0` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `48.0.1` |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.10.5` | `3.2.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [joserfc](https://github.com/authlib/joserfc) | `1.6.4` | `1.6.7` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.1.0` | `1.3.3` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.0.0` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.8.18` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.31` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `1.3.1` |\n| [transformers](https://github.com/huggingface/transformers) | `4.53.2` | `5.3.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.13.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\nBumps the uv group with 19 updates in the /docker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.0` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `48.0.1` |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.10.5` | `3.2.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.1.0` | `1.3.3` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.0.0` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.8.18` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.31` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `1.3.1` |\n| [transformers](https://github.com/huggingface/transformers) | `4.53.2` | `5.3.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.13.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.10.0 2026-06-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce the stricter \u003ccode\u003enltk.pathsec\u003c/code\u003e security policy by default\u003c/li\u003e\n\u003cli\u003eDocument the new security model and migration guidance\u003c/li\u003e\n\u003cli\u003eHarden resource loading against path traversal and SSRF/DNS-rebinding\u003c/li\u003e\n\u003cli\u003eHarden downloader path handling and block XML entity expansion\u003c/li\u003e\n\u003cli\u003eClose remaining corpus-reader security edge cases\u003c/li\u003e\n\u003cli\u003eReplace unsafe \u003ccode\u003eexec()\u003c/code\u003e usage in the utility CLI\u003c/li\u003e\n\u003cli\u003eWarn on unpickling user-provided pickles\u003c/li\u003e\n\u003cli\u003eAdd HuggingFace datasets integration (\u003ccode\u003enltk.huggingface\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAlign TnT with Brants (2000) specifications\u003c/li\u003e\n\u003cli\u003eFix PorterStemmer irregular-form lowercasing in NLTK mode\u003c/li\u003e\n\u003cli\u003eFix TransitionParser sparse index dtype for scikit-learn 1.9\u003c/li\u003e\n\u003cli\u003eFix TextCat tie handling\u003c/li\u003e\n\u003cli\u003eFix WordNet object comparisons for incompatible types\u003c/li\u003e\n\u003cli\u003eCache WordNet max depth lazily for \u003ccode\u003elch_similarity()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix CCG variable direction, substitution, and type-raising bugs\u003c/li\u003e\n\u003cli\u003eFix Jaro similarity for single-character and empty-string cases\u003c/li\u003e\n\u003cli\u003eImprove CI and release-maintenance workflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.10.0:\n13rac1, alvations, bowiechen, devesh-2002, ekaf, elias-ba,\nhaosenwang1018, HyperPS, ihitamandal, jancallewaert, jhnwnstd,\nJuanIMartinezB, Lemm1, LinZiyuu, Mr-Neutr0n, PastelStorm,\nscruge1, Syzygy2048, ylwango613, yzhaoinuw\u003c/p\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.0 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.0...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.5 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.5...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastmcp` from 2.10.5 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases\"\u003efastmcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0: Show Don't Tool\u003c/h2\u003e\n\u003cp\u003eFastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.\u003c/p\u003e\n\u003ch2\u003eFastMCPApp\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eFastMCPApp\u003c/code\u003e is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (\u003ccode\u003e@app.ui()\u003c/code\u003e) from the backend tools the UI calls (\u003ccode\u003e@app.tool()\u003c/code\u003e), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003efrom fastmcp import FastMCP, FastMCPApp\nfrom prefab_ui.actions.mcp import CallTool\nfrom prefab_ui.components import Column, Form, Input, Button, ForEach, Text\n\u003cp\u003eapp = FastMCPApp(\u0026quot;Contacts\u0026quot;)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.tool()\ndef save_contact(name: str, email: str) -\u0026gt; list[dict]:\ndb.append({\u0026quot;name\u0026quot;: name, \u0026quot;email\u0026quot;: email})\nreturn list(db)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.ui()\ndef contact_manager() -\u0026gt; PrefabApp:\nwith PrefabApp(state={\u0026quot;contacts\u0026quot;: list(db)}) as view:\nwith Column(gap=4):\nForEach(\u0026quot;contacts\u0026quot;, lambda c: Text(c.name))\nwith Form(on_submit=CallTool(\u0026quot;save_contact\u0026quot;)):\nInput(name=\u0026quot;name\u0026quot;, required=True)\nInput(name=\u0026quot;email\u0026quot;, required=True)\nButton(\u0026quot;Save\u0026quot;)\nreturn view\u003c/p\u003e\n\u003cp\u003emcp = FastMCP(\u0026quot;Server\u0026quot;, providers=[app])\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe UI is built with \u003ca href=\"https://prefab.prefect.io\"\u003ePrefab\u003c/a\u003e, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.\u003c/p\u003e\n\u003cp\u003eFor simpler cases where you just want to visualize data without server interaction, set \u003ccode\u003eapp=True\u003c/code\u003e on any tool and return Prefab components directly:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e@mcp.tool(app=True)\ndef revenue_chart(year: int) -\u0026gt; PrefabApp:\n    with PrefabApp() as app:\n        BarChart(data=revenue_data, series=[ChartSeries(data_key=\u0026quot;revenue\u0026quot;)])\n    return app\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eBuilt-in Providers\u003c/h2\u003e\n\u003cp\u003eFive ready-made providers you add with a single \u003ccode\u003eadd_provider()\u003c/code\u003e call:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFileUpload\u003c/strong\u003e — drag-and-drop file upload with session-scoped storage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx\"\u003efastmcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003etitle: \u0026quot;Changelog\u0026quot;\nicon: \u0026quot;list-check\u0026quot;\nrss: true\ntag: NEW\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.1\"\u003ev3.4.1: Floor It\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.4.1 floors Starlette at \u003ccode\u003e\u0026gt;=1.0.1\u003c/code\u003e so installs can no longer resolve to a version affected by CVE-2026-48710, which was previously only constrained transitively through \u003ccode\u003emcp\u003c/code\u003e. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.\u003c/p\u003e\n\u003ch3\u003eEnhancements ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLog refresh-token misses in OAuthProxy instead of failing silently by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4276\"\u003e#4276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity 🔒\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit starlette\u0026gt;=1.0.1 floor (CVE-2026-48710) by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4286\"\u003e#4286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument --notes-start-tag in release instructions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4275\"\u003e#4275\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v3.4.0...v3.4.1\"\u003ev3.4.0...v3.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.0\"\u003ev3.4.0: Remote Control\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.4 is about reaching servers that live somewhere else. The headline is \u003ccode\u003efastmcp-remote\u003c/code\u003e, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, the proxy layer those connections depend on is hardened: a proxy now forwards \u003ccode\u003einitialize\u003c/code\u003e upstream and fails loudly when the backend is missing or misconfigured, instead of reporting a connected-but-empty proxy. And FastMCP-issued access tokens can now outlive short-lived upstream tokens, so authenticated sessions survive the long idle periods remote clients are prone to.\u003c/p\u003e\n\u003ch3\u003eNew Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fastmcp-remote bridge package by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4208\"\u003e#4208\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eForward proxy initialize as bridge behavior by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4228\"\u003e#4228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: require external PRs to link a tracked issue by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4173\"\u003e#4173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: new options --host and --no-log-panel | --log-panel  to cli dev apps by \u003ca href=\"https://github.com/itaru2622\"\u003e\u003ccode\u003e@​itaru2622\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4123\"\u003e#4123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd valid_scopes and extra_authorize_params to WorkOSProvider by \u003ca href=\"https://github.com/tiagoskaneta\"\u003e\u003ccode\u003e@​tiagoskaneta\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4135\"\u003e#4135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd token_expiry_threshold_seconds for proactive token refresh by \u003ca href=\"https://github.com/mohankumarelec\"\u003e\u003ccode\u003e@​mohankumarelec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4142\"\u003e#4142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd review-issue skill for triaging gated external contributions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4212\"\u003e#4212\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contract gate to review-issue skill by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4214\"\u003e#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLet ToolResult return an error result via is_error by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4217\"\u003e#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate published docs after PyPI release by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4211\"\u003e#4211\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow pre-bound HTTP sockets by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4222\"\u003e#4222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd targeted coverage tests by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4230\"\u003e#4230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade ty to 0.0.39 by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4225\"\u003e#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple FastMCP access token lifetime from upstream expires_in by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4254\"\u003e#4254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity 🔒\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(code-mode): default sandbox limits and per-execution tool-call cap by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4170\"\u003e#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: Fix 3 findings in GitHub Actions workflows by \u003ca href=\"https://github.com/jpr5\"\u003e\u003ccode\u003e@​jpr5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4183\"\u003e#4183\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/665514e19a78543709be85b4261153bbe98e882f\"\u003e\u003ccode\u003e665514e\u003c/code\u003e\u003c/a\u003e Add forward_resource flag to OAuthProxy (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3711\"\u003e#3711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f189d1f7fbfd55c9f68c750a3a293e31c7586e8b\"\u003e\u003ccode\u003ef189d1f\u003c/code\u003e\u003c/a\u003e Bump pydantic-monty to 0.0.9 (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3707\"\u003e#3707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/6faa2d61f82eab670694965606fd7b14bedddc7f\"\u003e\u003ccode\u003e6faa2d6\u003c/code\u003e\u003c/a\u003e Remove hardcoded prefab-ui version from pinning warnings (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3708\"\u003e#3708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/dd8816c6ccc733048fe6208bfc8f80ded505f993\"\u003e\u003ccode\u003edd8816c\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3701\"\u003e#3701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/d27495960af23969f11d6e1e44e2018529c1c37e\"\u003e\u003ccode\u003ed274959\u003c/code\u003e\u003c/a\u003e docs: note that custom routes are unauthenticated (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3706\"\u003e#3706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/4a54be2d5f1ac8925a461e67cf993e0278729d4d\"\u003e\u003ccode\u003e4a54be2\u003c/code\u003e\u003c/a\u003e Add examples gallery page (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3705\"\u003e#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/961dd5045611e9c1bd6b7c4f5ac3aa14f0a30ce7\"\u003e\u003ccode\u003e961dd50\u003c/code\u003e\u003c/a\u003e Add interactive map example with geocoding (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f01d0c581c7a821a9701d6dde4d9beb95e32d479\"\u003e\u003ccode\u003ef01d0c5\u003c/code\u003e\u003c/a\u003e Add quiz example app, fix dev server empty string args (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3700\"\u003e#3700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/85b7efd74601a72c74ac68e23599de6c032bb9c4\"\u003e\u003ccode\u003e85b7efd\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/27abe3c3f0cc2ce1925cc3cbc7968d5637ebc82b\"\u003e\u003ccode\u003e27abe3c\u003c/code\u003e\u003c/a\u003e Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v2.10.5...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joserfc` from 1.6.4 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/joserfc/releases\"\u003ejoserfc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ejws\u003c/strong\u003e: Validate payload size for b64=false  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/4d4ea2e\"\u003e\u003c!-- raw HTML omitted --\u003e(4d4ea)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etyping\u003c/strong\u003e: Accept any Collection for algorithms, not just list  -  by \u003ca href=\"https://github.com/jonathangreen\"\u003e\u003ccode\u003e@​jonathangreen\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/102a7a7\"\u003e\u003c!-- raw HTML omitted --\u003e(102a7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etyping\u003c/strong\u003e: Use cast for type hints  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/75d9f95\"\u003e\u003c!-- raw HTML omitted --\u003e(75d9f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.5...1.6.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003e1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003eNo significant changes\u003c/em\u003e\u003c/p\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.4...1.6.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/joserfc/blob/main/docs/changelog.rst\"\u003ejoserfc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 23, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate for type hints.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 18, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJWS\u003c/strong\u003e: validate payload size when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJWS\u003c/strong\u003e: increase registry's payload max size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/1e5b94da589c695f54abd9f1a0ad822dcffe0305\"\u003e\u003ccode\u003e1e5b94d\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/75d9f95815f522ccb50515fb36efbcc6601b2e34\"\u003e\u003ccode\u003e75d9f95\u003c/code\u003e\u003c/a\u003e fix(typing): use cast for type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/6d240377ce8ddfb15793822d9d82cf66e66a9980\"\u003e\u003ccode\u003e6d24037\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/98\"\u003e#98\u003c/a\u003e from jonathangreen/algorithms-accept-collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/102a7a7610eb50cd53cd46d917146b7af295613f\"\u003e\u003ccode\u003e102a7a7\u003c/code\u003e\u003c/a\u003e fix(typing): accept any Collection for algorithms, not just list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/8b869e8754b5022c3a2a9e1071fe15f65d3749c6\"\u003e\u003ccode\u003e8b869e8\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/00d599bfc1282cf887bb6a8bc82598dc10532fa5\"\u003e\u003ccode\u003e00d599b\u003c/code\u003e\u003c/a\u003e chore: update actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/9186561fc40de112e3b3f01934b11d7ca54da142\"\u003e\u003ccode\u003e9186561\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/97\"\u003e#97\u003c/a\u003e from authlib/fix-b64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/4d4ea2e787ed36a2190158d86d8470e3acbb349b\"\u003e\u003ccode\u003e4d4ea2e\u003c/code\u003e\u003c/a\u003e fix(jws): validate payload size for b64=false\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/b6554cca2f0ae4f246411aa569b2980381eb35a3\"\u003e\u003ccode\u003eb6554cc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/96\"\u003e#96\u003c/a\u003e from sebasxsala/fix-p512-fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/b89eadff61ef9d8cf4302d18987f27dc1b281647\"\u003e\u003ccode\u003eb89eadf\u003c/code\u003e\u003c/a\u003e test: normalize P-521 private key fixture\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.4...1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.1.0 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.1.0...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.0.0 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.0.0...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.4.7 to 0.8.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.18\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3002\"\u003elangchain-ai/langsmith-sdk#3002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3030\"\u003elangchain-ai/langsmith-sdk#3030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3036\"\u003elangchain-ai/langsmith-sdk#3036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3037\"\u003elangchain-ai/langsmith-sdk#3037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3038\"\u003elangchain-ai/langsmith-sdk#3038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3039\"\u003elangchain-ai/langsmith-sdk#3039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3044\"\u003elangchain-ai/langsmith-sdk#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 4 directories with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3046\"\u003elangchain-ai/langsmith-sdk#3046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3060\"\u003elangchain-ai/langsmith-sdk#3060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(python): fix integration assertions for updated attachment error message by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3061\"\u003elangchain-ai/langsmith-sdk#3061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: reconcile bumpversion config and mandate release process for agents by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3062\"\u003elangchain-ai/langsmith-sdk#3062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.18 by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3063\"\u003elangchain-ai/langsmith-sdk#3063\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: expose the resources from the generated openapi client in the langsmith client by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018\"\u003elangchain-ai/langsmith-sdk#3018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): port \u003ccode\u003eisTracingEnabled\u003c/code\u003e utility from Python by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3032\"\u003elangchain-ai/langsmith-sdk#3032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox mount support to JS SDK by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3010\"\u003elangchain-ai/langsmith-sdk#3010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): bump to 0.7.9 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3035\"\u003elangchain-ai/langsmith-sdk#3035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox mount support to Python SDK by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3009\"\u003elangchain-ai/langsmith-sdk#3009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: note that _openapi_client directories are auto-generated by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3034\"\u003elangchain-ai/langsmith-sdk#3034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update JS SDK type declarations with skipLibCheck disabled by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3043\"\u003elangchain-ai/langsmith-sdk#3043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.7.10 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3045\"\u003elangchain-ai/langsmith-sdk#3045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: adding python async for online evals by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3048\"\u003elangchain-ai/langsmith-sdk#3048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox Git mount SDK helpers by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3040\"\u003elangchain-ai/langsmith-sdk#3040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use insights tab in sdk report links [closes LSO-2936] by \u003ca href=\"https://github.com/eric-langchain\"\u003e\u003ccode\u003e@​eric-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050\"\u003elangchain-ai/langsmith-sdk#3050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(client): warn when backend version is below minimum required by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3041\"\u003elangchain-ai/langsmith-sdk#3041\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by \u003ca href=\"https://github.com/langtions-bot\"\u003e\u003ccode\u003e@​langtions-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3053\"\u003elangchain-ai/langsmith-sdk#3053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sandbox): use built-in gcp auth host matching by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3055\"\u003elangchain-ai/langsmith-sdk#3055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(python): py to 0.8.17 by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3056\"\u003elangchain-ai/langsmith-sdk#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018\"\u003elangchain-ai/langsmith-sdk#3018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eric-langchain\"\u003e\u003ccode\u003e@​eric-langchain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050\"\u003elangchain-ai/langsmith-sdk#3050\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/CaffeeLake/MemOS/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaffeeLake%2FMemOS/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4771607092","node_id":"PR_kwDOSG89IM7r9UYq","number":32,"state":"closed","title":"Build(deps): Bump the pip group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-30T03:21:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-29T21:08:59.000Z","updated_at":"2026-06-30T03:21:56.000Z","time_to_close":22369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"pip","update_count":6,"packages":[{"name":"cryptography","old_version":"43.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"protobuf","old_version":"4.21.12","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.2","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wheel","old_version":"0.46.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `48.0.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.21.12` | `5.29.6` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.2` | `6.5.7` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.1` | `0.46.2` |\n\n\nUpdates `cryptography` from 43.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.21.12 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tornado` from 6.4.2 to 6.5.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst\"\u003etornado's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease notes\u003c/h1\u003e\n\u003cp\u003e.. toctree::\n:maxdepth: 2\u003c/p\u003e\n\u003cp\u003ereleases/v6.5.7\nreleases/v6.5.6\nreleases/v6.5.5\nreleases/v6.5.4\nreleases/v6.5.3\nreleases/v6.5.2\nreleases/v6.5.1\nreleases/v6.5.0\nreleases/v6.4.2\nreleases/v6.4.1\nreleases/v6.4.0\nreleases/v6.3.3\nreleases/v6.3.2\nreleases/v6.3.1\nreleases/v6.3.0\nreleases/v6.2.0\nreleases/v6.1.0\nreleases/v6.0.4\nreleases/v6.0.3\nreleases/v6.0.2\nreleases/v6.0.1\nreleases/v6.0.0\nreleases/v5.1.1\nreleases/v5.1.0\nreleases/v5.0.2\nreleases/v5.0.1\nreleases/v5.0.0\nreleases/v4.5.3\nreleases/v4.5.2\nreleases/v4.5.1\nreleases/v4.5.0\nreleases/v4.4.3\nreleases/v4.4.2\nreleases/v4.4.1\nreleases/v4.4.0\nreleases/v4.3.0\nreleases/v4.2.1\nreleases/v4.2.0\nreleases/v4.1.0\nreleases/v4.0.2\nreleases/v4.0.1\nreleases/v4.0.0\nreleases/v3.2.2\nreleases/v3.2.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/48fc2d43d1f48b8b3b0be5dcf6a7634c6f45b1c4\"\u003e\u003ccode\u003e48fc2d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3633\"\u003e#3633\u003c/a\u003e from bdarnell/curl-reset-65\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/4ae1ddd14245e56e9fb6fb14d4b9508301fbb841\"\u003e\u003ccode\u003e4ae1ddd\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/3154caabc9a60cb0b6953d28877b2785fbd3ab43\"\u003e\u003ccode\u003e3154caa\u003c/code\u003e\u003c/a\u003e curl_httpclient: Reset the curl object before putting it on the freelist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/7d869c0739b264797ef92b6aa4a80c54b5993ea2\"\u003e\u003ccode\u003e7d869c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3631\"\u003e#3631\u003c/a\u003e from bdarnell/cve-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/288241f6812bb7204984573e55de21d17af951f3\"\u003e\u003ccode\u003e288241f\u003c/code\u003e\u003c/a\u003e docs: Use the correct link syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/8da981c0f614f63d9d3b2cd5017db2b40e5642f6\"\u003e\u003ccode\u003e8da981c\u003c/code\u003e\u003c/a\u003e docs: Add CVE links to 6.5.6 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/aba2569f7ed7a6bdbef816658fb6b7182531b751\"\u003e\u003ccode\u003eaba2569\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3626\"\u003e#3626\u003c/a\u003e from bdarnell/fixes-656\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/a24b260e0d22fd48acea1a2635526c1700e7ac09\"\u003e\u003ccode\u003ea24b260\u003c/code\u003e\u003c/a\u003e httpclient_test: Accept an additional error message variant\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/a74240a70268fe5cb40a127951cb21549ab9ff24\"\u003e\u003ccode\u003ea74240a\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.6.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/e8fc7edb238f1022e39f9d0b9d297fc7c21fb0a5\"\u003e\u003ccode\u003ee8fc7ed\u003c/code\u003e\u003c/a\u003e simple_httpclient: Strip auth headers on cross-origin redirects\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tornadoweb/tornado/compare/v6.4.2...v6.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.46.1 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.46.1...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/WillianSilva51/Achou-UFC/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/WillianSilva51/Achou-UFC/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WillianSilva51%2FAchou-UFC/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"},{"uuid":"4771295460","node_id":"PR_kwDORXAzhc7r8Si0","number":7,"state":"closed","title":"Bump cryptography from 44.0.0 to 49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-06T23:26:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-29T20:15:26.000Z","updated_at":"2026-07-06T23:26:07.000Z","time_to_close":616239,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"44.0.0","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 49.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/44.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=44.0.0\u0026new-version=49.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/dwgx/YuKiKo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwgx%2FYuKiKo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4765554978","node_id":"PR_kwDOS89qmc7rpSSD","number":9,"state":"open","title":"Bump cryptography from 46.0.3 to 48.0.1 in /cloudflared-operator","user":"dependabot[bot]","labels":["dependencies","python:uv","Libraries: Out of sync"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T06:18:43.000Z","updated_at":"2026-06-29T06:28:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.3","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"/cloudflared-operator","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.3\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/canonical/cloudflared-operators/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/canonical/cloudflared-operators/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fcloudflared-operators/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4763906286","node_id":"PR_kwDON2x_8s7rkArn","number":943,"state":"open","title":"build(deps): update cryptography requirement from \u003e=41.0.0 to \u003e=49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-28T23:03:56.000Z","updated_at":"2026-06-28T23:08:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): update","packages":[{"name":"cryptography","old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/christianlouis/DocuElevate/pull/943","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/christianlouis%2FDocuElevate/issues/943","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/943/packages"},{"uuid":"4757756400","node_id":"PR_kwDOIjbHCM7rRKLi","number":699,"state":"open","title":"chore(deps): bump cryptography from 46.0.7 to 48.0.1 in the uv group across 1 directory","user":"dependabot[bot]","labels":["dependencies ⬆️","python 🐍"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-27T09:37:33.000Z","updated_at":"2026-06-27T09:39:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"the uv group across 1 directory","ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `cryptography` from 46.0.7 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.7\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/danstis/ado-asana-sync/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/danstis/ado-asana-sync/pull/699","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danstis%2Fado-asana-sync/issues/699","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/699/packages"},{"uuid":"4739623334","node_id":"PR_kwDOSqGtt87qWeCA","number":96,"state":"closed","title":"chore(deps): Update cryptography requirement from \u003c49,\u003e=45 to \u003e=45,\u003c50","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-02T23:43:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-25T00:54:09.000Z","updated_at":"2026-07-02T23:43:53.000Z","time_to_close":686981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Update","packages":[{"name":"cryptography","old_version":"\u003c49,\u003e=45","new_version":"\u003e=45,\u003c50","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/FlintWave/SearchMob-Desktop/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FlintWave%2FSearchMob-Desktop/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"},{"uuid":"4718784702","node_id":"PR_kwDOE5DY687pR9Hw","number":7608,"state":"closed","title":"python: bump cryptography from 46.0.7 to 49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-30T03:11:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-22T16:53:04.000Z","updated_at":"2026-06-30T03:12:12.000Z","time_to_close":641926,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"python","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 49.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/jauderho/dockerfiles/pull/7608","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jauderho%2Fdockerfiles/issues/7608","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7608/packages"},{"uuid":"4715121499","node_id":"PR_kwDOPdeUwM7pFtS8","number":69651,"state":"open","title":"deps(backend)(deps): Update cryptography requirement from \u003e=41.0.0 to \u003e=49.0.0 in /backend in the security group","user":"dependabot[bot]","labels":["size/small","backend","dependencies"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-22T09:10:07.000Z","updated_at":"2026-06-22T09:46:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend)(deps): Update","packages":[{"name":"cryptography","old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend in the security group","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\nUpdates `cryptography` to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade `cryptography` in the backend to `\u003e=49.0.0` to pull in security fixes and modern crypto support. This is a major bump and may affect older environments.\n\n- **Migration**\n  - macOS: only arm64 wheels are published; Intel macOS is no longer supported.\n  - Windows: 32‑bit Python is not supported; use 64‑bit.\n  - Code: deprecated type aliases were removed; switch to the new names if referenced.\n  - Crypto: ChaCha20 nonce counter rules are enforced and some invalid X.509 signatures now error; verify any affected usage.\n\n\u003csup\u003eWritten for commit d94ee7174627c22b2e8f6a1d1c92f262d2ea6754. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/drussell23/JARVIS/pull/69651?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/drussell23/JARVIS/pull/69651","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/drussell23%2FJARVIS/issues/69651","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/69651/packages"},{"uuid":"4712479688","node_id":"PR_kwDOQIfwjs7o9Fsa","number":47,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-29T00:22:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-22T00:22:32.000Z","updated_at":"2026-06-29T00:23:10.000Z","time_to_close":604794,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":6,"packages":[{"name":"cachetools","old_version":"7.1.1","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"python-multipart","old_version":"0.0.30","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.2.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"coverage","old_version":"7.14.0","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cachetools](https://github.com/tkem/cachetools) | `7.1.1` | `7.1.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `48.0.0` | `48.0.1` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.30` | `0.0.32` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.48.0` | `0.49.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.14.0` | `7.14.1` |\n\n\nUpdates `cachetools` from 7.1.1 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.1.1...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 48.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.30 to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module by \u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assert error for requires() when request param is not Request type by \u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/diskeu\"\u003e\u003ccode\u003e@​diskeu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3243\"\u003eKludex/starlette#3243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.0...1.2.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.0...1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3291\"\u003eKludex/starlette#3291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.1.0...1.2.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.1.0...1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3283\"\u003eKludex/starlette#3283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3286\"\u003eKludex/starlette#3286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3287\"\u003eKludex/starlette#3287\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3283\"\u003eKludex/starlette#3283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.1...1.1.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.1...1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.2.1 (May 31, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3304\"\u003e#3304\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd assert error for \u003ccode\u003erequires()\u003c/code\u003e when the request parameter is not a \u003ccode\u003eRequest\u003c/code\u003e type \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3298\"\u003e#3298\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0 (May 28, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3291\"\u003e#3291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.1.0 (May 23, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3283\"\u003e#3283\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3286\"\u003e#3286\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3287\"\u003e#3287\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/ef773fe9fe86d452ea014a39c6ede1029b341e73\"\u003e\u003ccode\u003eef773fe\u003c/code\u003e\u003c/a\u003e Version 1.2.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3306\"\u003e#3306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3fc68a7e394cb938bd202774b9d6f5c33a237a66\"\u003e\u003ccode\u003e3fc68a7\u003c/code\u003e\u003c/a\u003e Add sponsors section to docs sidebar (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b053f7bbf194c3fac77d87c6033ec6181eb4cd90\"\u003e\u003ccode\u003eb053f7b\u003c/code\u003e\u003c/a\u003e chore(deps): bump the python-packages group across 1 directory with 6 updates...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/14787751400853cc21853983a02d84bbfb4da45d\"\u003e\u003ccode\u003e1478775\u003c/code\u003e\u003c/a\u003e Add assert error for requires() when request param is not Request type (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3298\"\u003e#3298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/65765470827be550cdbc1a2e7165da494da7f6e8\"\u003e\u003ccode\u003e6576547\u003c/code\u003e\u003c/a\u003e Describe disconnected-after-response behavior in test docstring (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3243\"\u003e#3243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/9cb1553be6ff3d18a0d30a18e3b623ea86edeef0\"\u003e\u003ccode\u003e9cb1553\u003c/code\u003e\u003c/a\u003e Use same module (httpx|httpx2) for type checking as for runtime (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3304\"\u003e#3304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4060987466412dcdb3e5a0f05973b4208dddb6f0\"\u003e\u003ccode\u003e4060987\u003c/code\u003e\u003c/a\u003e Version 1.2.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/1e289ca3f957370122fb3bf7e046db65f6675037\"\u003e\u003ccode\u003e1e289ca\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers Static Assets (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/100f05a66bf3ff5643540164ae95fc3ad9ed3443\"\u003e\u003ccode\u003e100f05a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003ehttpx2\u003c/code\u003e as a dev dependency (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3295\"\u003e#3295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/508023b488b649d97c091eb60da1d8ef3636ee06\"\u003e\u003ccode\u003e508023b\u003c/code\u003e\u003c/a\u003e Support httpx2 in the test client (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3291\"\u003e#3291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.14.0 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.14.0...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/onprem-hipster-timer/backend/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onprem-hipster-timer%2Fbackend/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4708705289","node_id":"PR_kwDOQWOdqc7oxpf7","number":472,"state":"closed","title":"chore(deps): Bump the python-dependencies group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-27T23:33:24.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T23:34:08.000Z","updated_at":"2026-06-27T23:33:26.000Z","time_to_close":604756,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"python-dependencies","update_count":16,"packages":[{"name":"fastapi","old_version":"0.136.1","new_version":"0.138.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.47.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"cryptography","old_version":"48.0.0","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [python-multipart](https://github.com/Kludex/python-multipart), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [av](https://github.com/PyAV-Org/PyAV), [cryptography](https://github.com/pyca/cryptography), [slowapi](https://github.com/laurents/slowapi), [openai](https://github.com/openai/openai-python), [anthropic](https://github.com/anthropics/anthropic-sdk-python), [uiprotect](https://github.com/uilibs/uiprotect), [aiosmtplib](https://github.com/cole/aiosmtplib), [sentence-transformers](https://github.com/huggingface/sentence-transformers), [pyjwt](https://github.com/jpadilla/pyjwt), [pytest](https://github.com/pytest-dev/pytest) and [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) to permit the latest version.\nUpdates `fastapi` from 0.136.1 to 0.138.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.138.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003eapp.frontend(\u0026quot;/\u0026quot;, directory=\u0026quot;dist\u0026quot;)\u003c/code\u003e and \u003ccode\u003erouter.frontend(\u0026quot;/\u0026quot;, directory=\u0026quot;dist\u0026quot;)\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15800\"\u003e#15800\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eRead the docs: \u003ca href=\"https://fastapi.tiangolo.com/tutorial/frontend/\"\u003eFrontend\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Fix typo in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15807\"\u003e#15807\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add \u003ccode\u003eapp.frontend()\u003c/code\u003e instructions to Agent Library Skill. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15805\"\u003e#15805\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update release notes link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15802\"\u003e#15802\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Update white space characters in bigger apps. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15801\"\u003e#15801\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix grammar, typos, and broken links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15694\"\u003e#15694\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Enable Hindi docs translations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15554\"\u003e#15554\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Fix failing test, update format for raised errors. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15804\"\u003e#15804\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Fix test-alls-green. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15803\"\u003e#15803\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Enable checking \u003ccode\u003erelease-notes.md\u003c/code\u003e for typos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15796\"\u003e#15796\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Tweak wording about deploying to FastAPI Cloud. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15793\"\u003e#15793\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Use \u003ccode\u003egpt-5.5\u003c/code\u003e model in \u003ccode\u003etranslate.py\u003c/code\u003e, specify \u003ccode\u003e-chat\u003c/code\u003e to avoid warnings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15792\"\u003e#15792\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.137.2\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003eiter_route_contexts()\u003c/code\u003e for advanced use cases that used to use \u003ccode\u003erouter.routes\u003c/code\u003e (e.g. Jupyverse). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15785\"\u003e#15785\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Fix broken Markdown in Korean custom response docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15774\"\u003e#15774\u003c/a\u003e by \u003ca href=\"https://github.com/kooqooo\"\u003e\u003ccode\u003e@​kooqooo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15761\"\u003e#15761\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15760\"\u003e#15760\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15759\"\u003e#15759\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15757\"\u003e#15757\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15756\"\u003e#15756\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15755\"\u003e#15755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15754\"\u003e#15754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15753\"\u003e#15753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15752\"\u003e#15752\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15751\"\u003e#15751\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15758\"\u003e#15758\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Update sponsors: add BairesDev. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15787\"\u003e#15787\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Update sponsors script to simplify previews. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15786\"\u003e#15786\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4b83b0d409009c8de9df4070fe163838b1a700c7\"\u003e\u003ccode\u003e4b83b0d\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.138.0 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15808\"\u003e#15808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/041cb0cdfa2d0f705d14ed07c2c2e0f92ef5f32c\"\u003e\u003ccode\u003e041cb0c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/10393846ede7a2947cec594d15a43f813001cab4\"\u003e\u003ccode\u003e1039384\u003c/code\u003e\u003c/a\u003e 📝 Fix typo in release notes (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15807\"\u003e#15807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0303491b69ff84a4632c0314e6db4df74f2f93f9\"\u003e\u003ccode\u003e0303491\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/190f6e2033c8b886b25027be284d8c8c1893f28c\"\u003e\u003ccode\u003e190f6e2\u003c/code\u003e\u003c/a\u003e 📝 Add Frontend instructions to Agent Library Skill (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15805\"\u003e#15805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/17945e5ab7f25234340c152a40d232a98857e079\"\u003e\u003ccode\u003e17945e5\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/2260afaf433103c8104b34d256cf0b96b058823b\"\u003e\u003ccode\u003e2260afa\u003c/code\u003e\u003c/a\u003e 🐛 Fix failing test, update format for raised errors (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15804\"\u003e#15804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0cd5001d0ef80a07e2d775c5c75522391a3e06d7\"\u003e\u003ccode\u003e0cd5001\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7cb1ab6264bc03319832f553730b511192a0c0d3\"\u003e\u003ccode\u003e7cb1ab6\u003c/code\u003e\u003c/a\u003e 👷 Fix test-alls-green (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15803\"\u003e#15803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9c7eceb00ff6e1d37980954418f7c9dab30a4cd5\"\u003e\u003ccode\u003e9c7eceb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.138.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.47.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` to 2.0.51\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.51\u003c/h1\u003e\n\u003cp\u003eReleased: June 15, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.subqueryload()\u003c/code\u003e combined with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e and \u003ccode\u003ePropComparator.and_()\u003c/code\u003e would\nsilently drop the additional filter criteria, causing all related objects\nto be loaded instead of only those matching the filter.  The\n\u003ccode\u003eLoaderCriteriaOption\u003c/code\u003e was being constructed against the base\nentity rather than the effective entity indicated by\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e.  Pull request courtesy Arya Rizky.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13207\"\u003e#13207\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed bug where a failure during \u003ccode\u003etpc_prepare()\u003c/code\u003e within\n\u003ccode\u003e_orm.Session.commit()\u003c/code\u003e for a two-phase session would raise\n\u003ccode\u003eIllegalStateChangeError\u003c/code\u003e instead of the original database\nexception.  The internal \u003ccode\u003e_prepare_impl()\u003c/code\u003e method's error handler\nwas unable to invoke \u003ccode\u003e_orm.SessionTransaction.rollback()\u003c/code\u003e due\nto a state-change guard, preventing proper cleanup and masking the\nunderlying error.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13356\"\u003e#13356\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eengine\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[engine] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003eResult.freeze()\u003c/code\u003e would lose track of ambiguous\ncolumn names present in the original \u003ccode\u003eCursorResult\u003c/code\u003e, causing\nkey-based access on the thawed result to silently return a value instead of\nraising \u003ccode\u003eInvalidRequestError\u003c/code\u003e.  The\n\u003ccode\u003eSimpleResultMetaData\u003c/code\u003e now accepts and propagates ambiguous key\ninformation so that frozen, thawed, and pickled results raise consistently\nfor duplicate column names.  Pull request courtesy Saurabh Kohli.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/9427\"\u003e#9427\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_sql.StatementLambdaElement\u003c/code\u003e would proxy\nattribute access through the cached \u0026quot;expected\u0026quot; expression rather than the\nresolved expression, causing stale closure-bound parameter values to be\nused when a lambda statement was extended with non-lambda criteria such as\nan additional \u003ccode\u003e.where()\u003c/code\u003e clause.  Courtesy cjc0013.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10827\"\u003e#10827\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a security patch release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e from following symlinks outside \u003ccode\u003esecrets_dir\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/889\"\u003epydantic/pydantic-settings#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.2 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/890\"\u003epydantic/pydantic-settings#890\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j\"\u003eGHSA-4xgf-cpjx-pc3j\u003c/a\u003e: \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e with \u003ccode\u003esecrets_nested_subdir=True\u003c/code\u003e could follow a symbolic link inside \u003ccode\u003esecrets_dir\u003c/code\u003e pointing outside it, reading out-of-tree files into settings values and bypassing the \u003ccode\u003esecrets_dir_max_size\u003c/code\u003e cap. Affected versions: \u003ccode\u003e\u0026gt;= 2.12.0, \u0026lt; 2.14.2\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/d703bd717e5e07439fa89da2245eee6139413e9e\"\u003e\u003ccode\u003ed703bd7\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.2 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/890\"\u003e#890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `av` to 17.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyAV-Org/PyAV/releases\"\u003eav's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.1.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the undertested \u003ccode\u003eav.option\u003c/code\u003e and \u003ccode\u003eav.descriptor\u003c/code\u003e APIs, along with the related \u003ccode\u003eCodec\u003c/code\u003e and \u003ccode\u003eFilter\u003c/code\u003e descriptor accessors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse FFmpeg 8.1.1 in the binary wheels by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBuild Linux ARMv7 binary wheels by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eAVCodecContext.global_quality\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2246\"\u003e#2246\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eStream.discard\u003c/code\u003e so demuxing and seeking can skip unwanted streams by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2272\"\u003e#2272\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStream.set_display_matrix()\u003c/code\u003e and \u003ccode\u003eStream.set_display_rotation()\u003c/code\u003e to write the container display (rotation) matrix on output streams by \u003ca href=\"https://github.com/hmaarrfk\"\u003e\u003ccode\u003e@​hmaarrfk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2287\"\u003e#2287\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eContainer.video_codec_id\u003c/code\u003e to force a specific video codec on a container by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2243\"\u003e#2243\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecython.final\u003c/code\u003e to leaf classes, ensuring that they are not subclassed by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWarn that \u003ccode\u003eCodecContext.decode()\u003c/code\u003e is not memory safe in some cases.\u003c/li\u003e\n\u003cli\u003eFix memory leaks in \u003ccode\u003eFFmpegError\u003c/code\u003e, \u003ccode\u003eAudioLayout\u003c/code\u003e channel layouts, and \u003ccode\u003eFrame.opaque\u003c/code\u003e, and break a reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e by \u003ca href=\"https://github.com/lgeiger\"\u003e\u003ccode\u003e@​lgeiger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReduce excessive logging lock contention by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2276\"\u003e#2276\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash when accessing \u003ccode\u003eStream\u003c/code\u003e from multiple threads under FFmpeg 8.1 by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2247\"\u003e#2247\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash during \u003ccode\u003eInputContainer\u003c/code\u003e initialization by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2010\"\u003e#2010\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eenumerate_input_devices\u003c/code\u003e and \u003ccode\u003eenumerate_output_devices\u003c/code\u003e raising \u003ccode\u003eAttributeError\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kazuki\"\u003e\u003ccode\u003e@​kazuki\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2264\"\u003e#2264\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMap HTTP 429 to \u003ccode\u003eHTTPTooManyRequestsError\u003c/code\u003e instead of \u003ccode\u003eUndefinedError\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2267\"\u003e#2267\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix crash in \u003ccode\u003eVideoFrame.to_ndarray()\u003c/code\u003e and \u003ccode\u003eto_image()\u003c/code\u003e on bottom-up frames with a negative \u003ccode\u003eline_size\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2213\"\u003e#2213\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eDisposition\u003c/code\u003e an \u003ccode\u003eIntFlag\u003c/code\u003e so \u003ccode\u003eStream.disposition\u003c/code\u003e can be assigned without raising \u003ccode\u003eTypeError\u003c/code\u003e by \u003ca href=\"https://github.com/HotariTobu\"\u003e\u003ccode\u003e@​HotariTobu\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAssign parser-inferred \u003ccode\u003epts\u003c/code\u003e, \u003ccode\u003edts\u003c/code\u003e, and \u003ccode\u003eduration\u003c/code\u003e to packets from \u003ccode\u003eCodecContext.parse()\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1919\"\u003e#1919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCopy \u003ccode\u003etime_base\u003c/code\u003e in \u003ccode\u003eadd_stream_from_template()\u003c/code\u003e by \u003ca href=\"https://github.com/daveisfera\"\u003e\u003ccode\u003e@​daveisfera\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2249\"\u003e#2249\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix the remux examples dropping keyframes that demux with no DTS, which produced audio-only output by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1917\"\u003e#1917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix subtitle UTF-8 handling by \u003ca href=\"https://github.com/jbree\"\u003e\u003ccode\u003e@​jbree\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2271\"\u003e#2271\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix several incorrect \u003ccode\u003emalloc\u003c/code\u003e size calculations by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HotariTobu\"\u003e\u003ccode\u003e@​HotariTobu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2257\"\u003ePyAV-Org/PyAV#2257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jbree\"\u003e\u003ccode\u003e@​jbree\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2271\"\u003ePyAV-Org/PyAV#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kazuki\"\u003e\u003ccode\u003e@​kazuki\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2288\"\u003ePyAV-Org/PyAV#2288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\"\u003ehttps://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyAV-Org/PyAV/blob/main/CHANGELOG.rst\"\u003eav's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.1.0\u003c/h2\u003e\n\u003cp\u003eBreaking:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the undertested \u003ccode\u003eav.option\u003c/code\u003e and \u003ccode\u003eav.descriptor\u003c/code\u003e APIs, along with the related \u003ccode\u003eCodec\u003c/code\u003e and \u003ccode\u003eFilter\u003c/code\u003e descriptor accessors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse FFmpeg 8.1.1 in the binary wheels by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBuild Linux ARMv7 binary wheels by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eAVCodecContext.global_quality\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e in (:pr:\u003ccode\u003e2246\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eStream.discard\u003c/code\u003e so demuxing and seeking can skip unwanted streams by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2272\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStream.set_display_matrix()\u003c/code\u003e and \u003ccode\u003eStream.set_display_rotation()\u003c/code\u003e to write the container display (rotation) matrix on output streams by :gh-user:\u003ccode\u003ehmaarrfk\u003c/code\u003e in (:pr:\u003ccode\u003e2287\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eContainer.video_codec_id\u003c/code\u003e to force a specific video codec on a container by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2243\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecython.final\u003c/code\u003e to leaf classes, ensuring that they are not subclassed by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eWarn that \u003ccode\u003eCodecContext.decode()\u003c/code\u003e is not memory safe in some cases.\u003c/li\u003e\n\u003cli\u003eFix memory leaks in \u003ccode\u003eFFmpegError\u003c/code\u003e, \u003ccode\u003eAudioLayout\u003c/code\u003e channel layouts, and \u003ccode\u003eFrame.opaque\u003c/code\u003e, and break a reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReduce excessive logging lock contention by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2276\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash when accessing \u003ccode\u003eStream\u003c/code\u003e from multiple threads under FFmpeg 8.1 by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2247\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash during \u003ccode\u003eInputContainer\u003c/code\u003e initialization by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2010\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eenumerate_input_devices\u003c/code\u003e and \u003ccode\u003eenumerate_output_devices\u003c/code\u003e raising \u003ccode\u003eAttributeError\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e and :gh-user:\u003ccode\u003ekazuki\u003c/code\u003e (:issue:\u003ccode\u003e2264\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMap HTTP 429 to \u003ccode\u003eHTTPTooManyRequestsError\u003c/code\u003e instead of \u003ccode\u003eUndefinedError\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2267\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix crash in \u003ccode\u003eVideoFrame.to_ndarray()\u003c/code\u003e and \u003ccode\u003eto_image()\u003c/code\u003e on bottom-up frames with a negative \u003ccode\u003eline_size\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2213\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eDisposition\u003c/code\u003e an \u003ccode\u003eIntFlag\u003c/code\u003e so \u003ccode\u003eStream.disposition\u003c/code\u003e can be assigned without raising \u003ccode\u003eTypeError\u003c/code\u003e by :gh-user:\u003ccode\u003eHotariTobu\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAssign parser-inferred \u003ccode\u003epts\u003c/code\u003e, \u003ccode\u003edts\u003c/code\u003e, and \u003ccode\u003eduration\u003c/code\u003e to packets from \u003ccode\u003eCodecContext.parse()\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e1919\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eCopy \u003ccode\u003etime_base\u003c/code\u003e in \u003ccode\u003eadd_stream_from_template()\u003c/code\u003e by :gh-user:\u003ccode\u003edaveisfera\u003c/code\u003e in (:pr:\u003ccode\u003e2249\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix the remux examples dropping keyframes that demux with no DTS, which produced audio-only output by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e1917\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix subtitle UTF-8 handling by :gh-user:\u003ccode\u003ejbree\u003c/code\u003e in (:pr:\u003ccode\u003e2271\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix several incorrect \u003ccode\u003emalloc\u003c/code\u003e size calculations by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev17.0.1\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA cdivision decorator for faster division.\u003c/li\u003e\n\u003cli\u003eAdjust tests so they work with 8.1 by :gh-user:\u003ccode\u003estrophy\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMake VideoFormat.components lazy by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBreak reference cycle \u003ccode\u003eStreamContainer.get()\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eExpose threads in filter graph by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix crash with container closing with GC by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix \u0026quot;Writing packets to data stream broken in av\u0026gt;=17\u0026quot; regression :issue:\u003ccode\u003e2223\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e_send_packet_and_recv\u003c/code\u003e to simplify \u003ccode\u003edecode()\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReuse a \u003ccode\u003eAVPacket\u003c/code\u003e read buffer when demuxing by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e and :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eAVCodecContext.frame_num\u003c/code\u003e instead of counting ourselves by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eav_channel_layout_compare()\u003c/code\u003e for \u003ccode\u003eAudioLayout.__eq__()\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/97241598792f4c980c32458187154c7c999d68b3\"\u003e\u003ccode\u003e9724159\u003c/code\u003e\u003c/a\u003e Release 17.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/ef72887eb5be25e2fe23bca92fd11dcc92e4c7d8\"\u003e\u003ccode\u003eef72887\u003c/code\u003e\u003c/a\u003e Update Authors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/5f5535cb017954148d077d6598485c9944cee1ed\"\u003e\u003ccode\u003e5f5535c\u003c/code\u003e\u003c/a\u003e Fix remux examples dropping keyframes with no DTS (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1917\"\u003e#1917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/7edf3fc72af6efd5de8643f24d272179fa9d12cf\"\u003e\u003ccode\u003e7edf3fc\u003c/code\u003e\u003c/a\u003e Remove stale autodoc directives for deleted attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/1940fd450e6165da950f540591da21b608d04a62\"\u003e\u003ccode\u003e1940fd4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2264\"\u003e#2264\u003c/a\u003e (Re-revised)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/28d50ddc0ae99b6980c05d1aec74ffe33b7020f5\"\u003e\u003ccode\u003e28d50dd\u003c/code\u003e\u003c/a\u003e Allow setting the rotation sidedata via new FFMPEG APIs (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2287\"\u003e#2287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/4af11a26fed1e6347d8748d5b48a679a5f9536b1\"\u003e\u003ccode\u003e4af11a2\u003c/code\u003e\u003c/a\u003e Break reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/75e6854648a89b4038cc6e8e1790406a7af94f23\"\u003e\u003ccode\u003e75e6854\u003c/code\u003e\u003c/a\u003e Fix memory leak when setting opaque on Frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/209388f57d640ff150e997ed3c11835db302a792\"\u003e\u003ccode\u003e209388f\u003c/code\u003e\u003c/a\u003e Fix memory leak in \u003ccode\u003eAudioLayout\u003c/code\u003e by uninitializing channel layout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/870dd7090bc30be2841163cab0c90e5ebd6b7f7b\"\u003e\u003ccode\u003e870dd70\u003c/code\u003e\u003c/a\u003e Fix FFmpegError memory leak\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 48.0.0 to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `slowapi` to 0.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/laurents/slowapi/releases\"\u003eslowapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Update warn to warning py3.11 deprecation by \u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/200\"\u003elaurentS/slowapi#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: allow Requests to be sent to exempt_when by \u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/160\"\u003elaurentS/slowapi#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: drop python 3.7 and 3.8 from CI checks by \u003ca href=\"https://github.com/laurentS\"\u003e\u003ccode\u003e@​laurentS\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/238\"\u003elaurentS/slowapi#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: prepare 0.1.10 release by \u003ca href=\"https://github.com/ecly\"\u003e\u003ccode\u003e@​ecly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/212\"\u003elaurentS/slowapi#212\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/200\"\u003elaurentS/slowapi#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/160\"\u003elaurentS/slowapi#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ecly\"\u003e\u003ccode\u003e@​ecly\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/212\"\u003elaurentS/slowapi#212\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/laurentS/slowapi/compare/v0.1.9...v0.1.10\"\u003ehttps://github.com/laurentS/slowapi/compare/v0.1.9...v0.1.10\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md\"\u003eslowapi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.1.10] - 2026-06-13\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: allow usage of the request object in the except_when function (thanks \u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded more test exemption logic (thanks \u003ca href=\"https://github.com/colin99\"\u003e\u003ccode\u003e@​colin99\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix logger warning for Python 3.11 deprecation  (thanks \u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.9] - 2024-02-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elimit_value\u003c/code\u003e typehint in \u003ccode\u003elimit()\u003c/code\u003e function (thanks \u003ca href=\"https://github.com/PookieBuns\"\u003e\u003ccode\u003e@​PookieBuns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003elimit_value\u003c/code\u003e typehint in \u003ccode\u003eshared_limit()\u003c/code\u003e function (thanks \u003ca href=\"https://github.com/aberlioz\"\u003e\u003ccode\u003e@​aberlioz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOnly pass \u003ccode\u003e\u0026quot;.env\u0026quot;\u003c/code\u003e to starlette \u003ccode\u003eConfig\u003c/code\u003e if \u003ccode\u003e\u0026quot;.env\u0026quot;\u003c/code\u003e file exists (thanks \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.8] - 2023-04-07\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLoosen restriction on the limits dependency (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix redis install error (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Python 3.11 support (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.7] - 2022-11-09\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded ASGI middleware alternative (thanks \u003ca href=\"https://github.com/thentgesMindee\"\u003e\u003ccode\u003e@​thentgesMindee\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for custom cost per hit (thanks \u003ca href=\"https://github.com/nootr\"\u003e\u003ccode\u003e@​nootr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ekey_style\u003c/code\u003e parameter to choose between endpoint or url (thanks \u003ca href=\"https://github.com/thentgesMindee\"\u003e\u003ccode\u003e@​thentgesMindee\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.6] - 2022-08-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded feature to support providing functions for dynamically defined limits (thanks \u003ca href=\"https://github.com/maratsarbasov\"\u003e\u003ccode\u003e@​maratsarbasov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded github action to check for unused imports (thanks \u003ca href=\"https://github.com/twcurrie\"\u003e\u003ccode\u003e@​twcurrie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded coverage report in CI (thanks \u003ca href=\"https://github.com/karlnewell\"\u003e\u003ccode\u003e@​karlnewell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded Python 3.10 to CI (thanks \u003ca href=\"https://github.com/Reuben\"\u003e\u003ccode\u003e@​Reuben\u003c/code\u003e\u003c/a\u003e Thomas-Davis)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShifted redis to extras, removed test imports of library (thanks \u003ca href=\"https://github.com/ME-ON1\"\u003e\u003ccode\u003e@​ME-ON1\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgraded dependencies (thanks \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated documentation and example code (thanks \u003ca href=\"https://github.com/Dustyposa\"\u003e\u003ccode\u003e@​Dustyposa\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/nootr\"\u003e\u003ccode\u003e@​nootr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet minimum Python version to 3.6.2 (thanks \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed exempt decorator for async routes (thanks \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandled newly raised exception from parsing library (thanks \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/75799a3ec9498af10110068190356f704f838fe3\"\u003e\u003ccode\u003e75799a3\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/6f22eabc90a793d8c8459b6a8115c6f7fbb05bc5\"\u003e\u003ccode\u003e6f22eab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/212\"\u003e#212\u003c/a\u003e from ecly/release-v0.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/5e2b9c108f79471fc96a5152bb69774894660cd1\"\u003e\u003ccode\u003e5e2b9c1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/238\"\u003e#238\u003c/a\u003e from laurentS/drop-old-python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/a83ec7211ea664fcb65580a386845832c112892d\"\u003e\u003ccode\u003ea83ec72\u003c/code\u003e\u003c/a\u003e Update README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/d1a20b6a4e0ba063bdb2160379be531c385c40a3\"\u003e\u003ccode\u003ed1a20b6\u003c/code\u003e\u003c/a\u003e Drop python 3.7 and 3.8 from CI checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/8bf8b2ec55677aa3c9e0f9bed9f1a48f0b0b8d2e\"\u003e\u003ccode\u003e8bf8b2e\u003c/code\u003e\u003c/a\u003e Make exempt_when with request backwards compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/eaf5ba76cd8657693bcec6dec281a35053b1164b\"\u003e\u003ccode\u003eeaf5ba7\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/a72bcc66597f620f04bf5be3676e40ed308d3a6a\"\u003e\u003ccode\u003ea72bcc6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/160\"\u003e#160\u003c/a\u003e from colin99d/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/42330fcddbf5ce22d18622ca14772cff256c2e74\"\u003e\u003ccode\u003e42330fc\u003c/code\u003e\u003c/a\u003e Merge branch 'laurentS:master' into master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/91145c087d658b6c3404935cd02155e291c2682b\"\u003e\u003ccode\u003e91145c0\u003c/code\u003e\u003c/a\u003e Fixed mypy error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/laurents/slowapi/compare/v0.1.9...v0.1.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` to 2.43.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003ch2\u003e2.43.0 (2026-06-17)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.42.0...v2.43.0\"\u003ev2.42.0...v2.43.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/22542358490ef8f31f0d373e17f7b791b3d983ca\"\u003e2254235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.43.0 (2026-06-17)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.42.0...v2.43.0\"\u003ev2.42.0...v2.43.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/22542358490ef8f31f0d373e17f7b791b3d983ca\"\u003e2254235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.42.0 (2026-06-16)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.41.1...v2.42.0\"\u003ev2.41.1...v2.42.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e admin spend_alerts (\u003ca href=\"https://github.com/openai/openai-python/commit/6134198a488996c4ff6fca4551afd55fb3294fdc\"\u003e6134198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/f337bf43276c880d2daf09a5d7f9fc9a886c4bf2\"\u003ef337bf4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/7015158c3119acf57af6c20903587cef928530a9\"\u003e7015158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild System\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix release workflow permissions (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/a526ee813f085318fe3c6923ac3fa10c1cf56420\"\u003ea526ee8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse CI environment for examples API key (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/d64d811e82aff724397e32d593e50657fee3f905\"\u003ed64d811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.41.1 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.41.0...v2.41.1\"\u003ev2.41.0...v2.41.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBuild System\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove scheduled release workflow trigger (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3366\"\u003e#3366\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/2a91011abc21032db9566b98068afefb5fbb9b24\"\u003e2a91011\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/e20b6b82c145091f0d8412a7e4a9bc5900a40462\"\u003e\u003ccode\u003ee20b6b8\u003c/code\u003e\u003c/a\u003e release: 2.43.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d354538e8c2618e228c80f1fdc332ee1f70d1f2\"\u003e\u003ccode\u003e4d35453\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2bba15e71817a75e9b8517e09cb244bc144b50d0\"\u003e\u003ccode\u003e2bba15e\u003c/code\u003e\u003c/a\u003e release: 2.42.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/1ec3e8298982d900d31b486177b5d4cecadcf035\"\u003e\u003ccode\u003e1ec3e82\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/93c2eca17d2d484b95245c849b39f51c6d291478\"\u003e\u003ccode\u003e93c2eca\u003c/code\u003e\u003c/a\u003e feat(api): manual updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/b269f88a30fcfbcceea1cc30deb00405db88c5e6\"\u003e\u003ccode\u003eb269f88\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ee821d6b4a59d6b73850640162b6454da434f5f7\"\u003e\u003ccode\u003eee821d6\u003c/code\u003e\u003c/a\u003e feat(api): admin spend_alerts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/60002e574925e84261150f3e01be4bcb53658261\"\u003e\u003ccode\u003e60002e5\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d64d811e82aff724397e32d593e50657fee3f905\"\u003e\u003ccode\u003ed64d811\u003c/code\u003e\u003c/a\u003e build: Use CI environment for examples API key (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3394\"\u003e#3394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a526ee813f085318fe3c6923ac3fa10c1cf56420\"\u003e\u003ccode\u003ea526ee8\u003c/code\u003e\u003c/a\u003e build: fix release workflow permissions (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3389\"\u003e#3389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.30.0...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` to 0.111.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.111.0\u003c/h2\u003e\n\u003ch2\u003e0.111.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.110.0...v0.111.0\"\u003ev0.110.0...v0.111.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e tag refusal-fallback middleware requests with fallback-refusal-middleware (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/96\"\u003e#96\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2f8ac789506efc0719b06f1f646c9a98bb25ce7b\"\u003e2f8ac78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.111.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.110.0...v0.111.0\"\u003ev0.110.0...v0.111.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e tag refusal-fallback middleware requests with fallback-refusal-middleware (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/96\"\u003e#96\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2f8ac789506efc0719b06f1f646c9a98bb25ce7b\"\u003e2f8ac78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.110.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.2...v0.110.0\"\u003ev0.109.2...v0.110.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for new code_execution_20260120 tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5e23212dc0883174c879b97ef8e7e33ead4e8da5\"\u003e5e23212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eappend x-stainless-helper across header merges instead of clobbering (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/105\"\u003e#105\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/922558e2ce52e18863dab27bcc04067068827364\"\u003e922558e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock:\u003c/strong\u003e preserve stream event type (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1682\"\u003e#1682\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b27e3439699174dbc41e34e2d6ef5cb1e2930c18\"\u003eb27e343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e single source of truth for x-stainless-helper key + closed value vocabulary (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/95\"\u003e#95\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e6f7a56bb624f4c946cb15ba7973fd6fe052e10f\"\u003ee6f7a56\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.2 (2026-06-15)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.1...v0.109.2\"\u003ev0.109.1...v0.109.2\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e remove retired models from API and SDKs (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/d4bcfcc257bd0c97d5e75060bd19c97abddd9f49\"\u003ed4bcfcc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.1 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.0...v0.109.1\"\u003ev0.109.0...v0.109.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add \u003ccode\u003efrontier_llm\u003c/code\u003e refusal category (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/d3a806b454d8aaf5806db11c651deebe61836131\"\u003ed3a806b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.0 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.108.0...v0.109.0\"\u003ev0.108.0...v0.109.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Managed Agents deployments and environment variable credentials (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47633bff658d4aaced3cd920ef6782c48cf31a9a\"\u003e47633bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.108.0 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.1...v0.108.0\"\u003ev0.107.1...v0.108.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5d6fd8d3f46dfffdc7d1579674053c6efe9d6508\"\u003e\u003ccode\u003e5d6fd8d\u003c/code\u003e\u003c/a\u003e release: 0.111.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9fdf2efcf79c09a086169ea4710ec4b379565453\"\u003e\u003ccode\u003e9fdf2ef\u003c/code\u003e\u003c/a\u003e feat(helpers): tag refusal-fallback middleware requests with fallback-refusal...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/af2b702140d8c53ba841b590b5022053c616c4d7\"\u003e\u003ccode\u003eaf2b702\u003c/code\u003e\u003c/a\u003e release: 0.110.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a10dbaabdf6e0f9dda126c8014465c797f9ff008\"\u003e\u003ccode\u003ea10dbaa\u003c/code\u003e\u003c/a\u003e feat(api): add support for new code_execution_20260120 tool\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9d49b634b44bd70ae344d1e0574347eda2a8ef10\"\u003e\u003ccode\u003e9d49b63\u003c/code\u003e\u003c/a\u003e fix(helpers): single source of truth for x-stainless-helper key + closed valu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e8a5c84e53f0f6282f90bcd809e15835a08e4a06\"\u003e\u003ccode\u003ee8a5c84\u003c/code\u003e\u003c/a\u003e fix: append x-stainless-helper across header merges instead of clobbering (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit...\n\n_Description has been truncated_","html_url":"https://github.com/project-argusai/ArgusAI/pull/472","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/project-argusai%2FArgusAI/issues/472","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/472/packages"},{"uuid":"4706010116","node_id":"PR_kwDOJEpxds7opCPM","number":80,"state":"closed","title":"Bump cryptography from 48.0.0 to 48.0.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-20T12:33:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T09:50:43.000Z","updated_at":"2026-06-20T12:33:35.000Z","time_to_close":9771,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 48.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=48.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SFSeeger/Abitur-Song-Uploader/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SFSeeger/Abitur-Song-Uploader/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SFSeeger%2FAbitur-Song-Uploader/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"},{"uuid":"4705580242","node_id":"PR_kwDOJLMoKM7onso4","number":229,"state":"closed","title":"chore: bump cryptography from 48.0.0 to 48.0.1","user":"dependabot[bot]","labels":["Dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-20T07:34:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T07:32:23.000Z","updated_at":"2026-06-20T07:34:49.000Z","time_to_close":144,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 48.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=48.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/thenativeweb/eventsourcingdb-client-python/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/thenativeweb/eventsourcingdb-client-python/pull/229","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thenativeweb%2Feventsourcingdb-client-python/issues/229","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/229/packages"},{"uuid":"4704779852","node_id":"PR_kwDOSFtRfc7olMCJ","number":29,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv","type: chore"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-06-20T02:22:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T02:18:13.000Z","updated_at":"2026-06-20T02:22:35.000Z","time_to_close":260,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.3","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"jupyter-server","old_version":"2.18.2","new_version":"2.20.0","repository_url":"https://github.com/jupyter-server/jupyter_server"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the / directory: [pypdf](https://github.com/py-pdf/pypdf), [bleach](https://github.com/mozilla/bleach), [cryptography](https://github.com/pyca/cryptography) and [jupyter-server](https://github.com/jupyter-server/jupyter_server).\n\nUpdates `pypdf` from 6.10.2 to 6.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.13.3, 2026-06-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e) by \u003ca href=\"https://github.com/Samuel-Harris\"\u003e\u003ccode\u003e@​Samuel-Harris\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSeveral fixes by \u003ca href=\"https://github.com/metsw24-max\"\u003e\u003ccode\u003e@​metsw24-max\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.2...6.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.2, 2026-06-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDetect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3847\"\u003e#3847\u003c/a\u003e) by \u003ca href=\"https://github.com/fredericoschardong\"\u003e\u003ccode\u003e@​fredericoschardong\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix UnboundLocalError in _read_standard_xref_table on a malformed entry (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3841\"\u003e#3841\u003c/a\u003e) by \u003ca href=\"https://github.com/joszamama\"\u003e\u003ccode\u003e@​joszamama\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise PdfStreamError on non-hexadecimal bytes in hex readers (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3832\"\u003e#3832\u003c/a\u003e) by \u003ca href=\"https://github.com/metsw24-max\"\u003e\u003ccode\u003e@​metsw24-max\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.1...6.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.1, 2026-06-08\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent infinite loops when processing threads/articles (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3839\"\u003e#3839\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.0, 2026-06-05\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loops for outlines and text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3830\"\u003e#3830\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Japanese predefined CMaps (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3800\"\u003e#3800\u003c/a\u003e) by \u003ca href=\"https://github.com/yasuhiroiwaki\"\u003e\u003ccode\u003e@​yasuhiroiwaki\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFont: Collect all character widths, not only those that can be unicode mapped (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3798\"\u003e#3798\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecover a corrupt trailing startxref pointer (closes \u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3238\"\u003e#3238\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3826\"\u003e#3826\u003c/a\u003e) by \u003ca href=\"https://github.com/gaoflow\"\u003e\u003ccode\u003e@​gaoflow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle /Pages node without /Kids during flattening (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3825\"\u003e#3825\u003c/a\u003e) by \u003ca href=\"https://github.com/gaoflow\"\u003e\u003ccode\u003e@​gaoflow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.13.3, 2026-06-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSeveral fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.2...6.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.2, 2026-06-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDetect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix UnboundLocalError in _read_standard_xref_table on a malformed entry (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3841\"\u003e#3841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise PdfStreamError on non-hexadecimal bytes in hex readers (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3832\"\u003e#3832\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.1...6.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.1, 2026-06-08\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent infinite loops when processing threads/articles (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3839\"\u003e#3839\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.0, 2026-06-05\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loops for outlines and text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3830\"\u003e#3830\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Japanese predefined CMaps (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3800\"\u003e#3800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFont: Collect all character widths, not only those that can be unicode mapped (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3798\"\u003e#3798\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecover a corrupt trailing startxref pointer (closes \u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3238\"\u003e#3238\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3826\"\u003e#3826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle /Pages node without /Kids during flattening (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3825\"\u003e#3825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept inline image EI marker at the end of a content stream (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eType the always-raising deprecation helpers as \u003ccode\u003eNoReturn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3819\"\u003e#3819\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9aa05e7bde29a55e3ddb938347082e0d6e333e17\"\u003e\u003ccode\u003e9aa05e7\u003c/code\u003e\u003c/a\u003e REL: 6.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/bbd083d1196d276d9c542418f77ac49e06de3ff1\"\u003e\u003ccode\u003ebbd083d\u003c/code\u003e\u003c/a\u003e SEC: Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/d5cd26622a871635cb8bc6ae0552c843681b5a6e\"\u003e\u003ccode\u003ed5cd266\u003c/code\u003e\u003c/a\u003e ROB: Guard text operators against missing operands in extract_text (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3861\"\u003e#3861\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/82f1f902a466a42c0e586afdfb35227825572df4\"\u003e\u003ccode\u003e82f1f90\u003c/code\u003e\u003c/a\u003e ROB: Tolerate malformed /Limits in index2label (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3858\"\u003e#3858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0276a6fa03a1304a87dfc610ae0335b563cb8788\"\u003e\u003ccode\u003e0276a6f\u003c/code\u003e\u003c/a\u003e PI: Avoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/41a9c3c54f2de0fcb0151e796178c2ed5acb5f79\"\u003e\u003ccode\u003e41a9c3c\u003c/code\u003e\u003c/a\u003e MAINT: Make mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/d1bba60c8e22e6fe23d23998dbaea6ea713868e2\"\u003e\u003ccode\u003ed1bba60\u003c/code\u003e\u003c/a\u003e MAINT: Increase readability of PdfDocCommon (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3834\"\u003e#3834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/53b6fbc71d8596d52002026b821c3436e62060fe\"\u003e\u003ccode\u003e53b6fbc\u003c/code\u003e\u003c/a\u003e DEV: Bump codecov/codecov-action from 6.0.1 to 7.0.0 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3859\"\u003e#3859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/e07c223a67fcbaf3fb29b511b65cb5de650edd17\"\u003e\u003ccode\u003ee07c223\u003c/code\u003e\u003c/a\u003e MAINT: Enforce G004 (no f-strings in logging) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3845\"\u003e#3845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5270f76027c5a41be3247b661b58f435e8be479b\"\u003e\u003ccode\u003e5270f76\u003c/code\u003e\u003c/a\u003e ROB: Guard zero unitsPerEm in from_truetype_font_file (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3846\"\u003e#3846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.2...6.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.7 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.18.2 to 2.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.20.0\u003c/h2\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-44727 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp\"\u003eGHSA-fcw5-x6j4-ccmp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix confusing terminal output when using ServerApp.ip=0.0.0.0 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1643\"\u003e#1643\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a toggle to enable curve encryption for all kernels that support it \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1638\"\u003e#1638\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGrab the port from \u003ccode\u003ebind_sockets\u003c/code\u003e in case its different \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1651\"\u003e#1651\u003c/a\u003e (\u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1664\"\u003e#1664\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a reminder to merge GHSA before release \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1659\"\u003e#1659\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1658\"\u003e#1658\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eci: explicitly pass base-setup inputs to fix strict validation failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1626\"\u003e#1626\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlign docs for curve encryption with latest JEP version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1660\"\u003e#1660\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove PGP key from docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1653\"\u003e#1653\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29\u0026amp;to=2026-06-17\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003e2.19.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix confusing terminal output when using ServerApp.ip=0.0.0.0 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1643\"\u003e#1643\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a toggle to enable curve encryption for all kernels that support it \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1638\"\u003e#1638\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGrab the port from \u003ccode\u003ebind_sockets\u003c/code\u003e in case its different \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1651\"\u003e#1651\u003c/a\u003e (\u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1664\"\u003e#1664\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a reminder to merge GHSA before release \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1659\"\u003e#1659\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1658\"\u003e#1658\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eci: explicitly pass base-setup inputs to fix strict validation failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1626\"\u003e#1626\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlign docs for curve encryption with latest JEP version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1660\"\u003e#1660\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove PGP key from docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1653\"\u003e#1653\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29\u0026amp;to=2026-06-17\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e2.19.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn \u003ccode\u003eunresolved\u003c/code\u003e stanza when kernel scope is unavailable for \u003ccode\u003eresolvePath\u003c/code\u003e (instead of failing with 404) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1641\"\u003e#1641\u003c/a\u003e (\u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecreate notary store on failure to prevent save deadlock and data loss \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1640\"\u003e#1640\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/05a78ad879e69ef87e91b2714a8ebeb5ff9628a7\"\u003e\u003ccode\u003e05a78ad\u003c/code\u003e\u003c/a\u003e Publish 2.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd\"\u003e\u003ccode\u003e6cbee8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003e\u003ccode\u003e333e700\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/cccd543352d9be0365de56627b671cc8aa9cab0c\"\u003e\u003ccode\u003ecccd543\u003c/code\u003e\u003c/a\u003e Fix CI: explicitly pass base-setup inputs to avoid strict validation failures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/cd16d715dfb1f84b2e5056317927fc930b811842\"\u003e\u003ccode\u003ecd16d71\u003c/code\u003e\u003c/a\u003e Align docs for curve encryption with latest JEP version (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e458061e6ee50368bbdb74153092fc8400704ee0\"\u003e\u003ccode\u003ee458061\u003c/code\u003e\u003c/a\u003e Add a toggle to enable curve encryption for all kernels that support it (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1638\"\u003e#1638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceeb4fb61be1deaaa7c1ff01325f7dd47db1c46\"\u003e\u003ccode\u003e0ceeb4f\u003c/code\u003e\u003c/a\u003e Add note in RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/b13f8a241b1111e402457e1d0b1cce252d8e1e5e\"\u003e\u003ccode\u003eb13f8a2\u003c/code\u003e\u003c/a\u003e Markdown does not work.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e885b10a26c11caf109007a901153d1ac373c14d\"\u003e\u003ccode\u003ee885b10\u003c/code\u003e\u003c/a\u003e Add GHSA reminder in prep-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0e28c901e8bc0953d61611fe8cb018460433288f\"\u003e\u003ccode\u003e0e28c90\u003c/code\u003e\u003c/a\u003e Exclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...v2.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/danielbodnar/OpenHands/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/danielbodnar/OpenHands/pull/29","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2FOpenHands/issues/29","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/29/packages"}],"issue_packages":[{"old_version":"46.0.3","new_version":"48.0.1","update_type":"major","path":"/libs/sdk","pr_created_at":"2026-07-09T06:30:16.000Z","version_change":"46.0.3 → 48.0.1","issue":{"uuid":"4843795241","node_id":"PR_kwDONlPUKM7vmet3","number":814,"state":"open","title":"Bump cryptography from 46.0.3 to 48.0.1 in /libs/sdk","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":["mootpointer"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-09T06:30:16.000Z","updated_at":"2026-07-16T01:09:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.3","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"/libs/sdk","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/destiny-evidence/destiny-repository/pull/814","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/destiny-evidence%2Fdestiny-repository/issues/814","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/814/packages"}},{"old_version":"44.0.0","new_version":"48.0.1","update_type":"major","path":null,"pr_created_at":"2026-07-08T18:24:28.000Z","version_change":"44.0.0 → 48.0.1","issue":{"uuid":"4840102172","node_id":"PR_kwDOQs1TMs7vahMm","number":176,"state":"closed","title":"Bump cryptography from 44.0.0 to 48.0.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-08T18:37:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-08T18:24:28.000Z","updated_at":"2026-07-08T18:37:27.000Z","time_to_close":770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"44.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/44.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=44.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/webzfs/webzfs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/webzfs/webzfs/pull/176","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/webzfs%2Fwebzfs/issues/176","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/176/packages"}},{"old_version":"\u003e=42.0.0","new_version":"\u003e=49.0.0","update_type":null,"path":"/backend","pr_created_at":"2026-07-06T01:08:48.000Z","version_change":"\u003e=42.0.0 → \u003e=49.0.0","issue":{"uuid":"4815180695","node_id":"PR_kwDOTABO587uJR76","number":23,"state":"closed","title":"deps(backend): update cryptography requirement from \u003e=42.0.0 to \u003e=49.0.0 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-07T12:52:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-06T01:08:48.000Z","updated_at":"2026-07-07T12:52:59.000Z","time_to_close":128648,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend): update","packages":[{"name":"cryptography","old_version":"\u003e=42.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/MS33834/EmpValue-AI/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MS33834%2FEmpValue-AI/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}},{"old_version":"\u003e=42.0","new_version":"\u003e=49.0.0","update_type":null,"path":null,"pr_created_at":"2026-07-05T03:03:26.000Z","version_change":"\u003e=42.0 → \u003e=49.0.0","issue":{"uuid":"4811416290","node_id":"PR_kwDOTNVyuc7t-Klw","number":8,"state":"open","title":"Update cryptography requirement from \u003e=42.0 to \u003e=49.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-05T03:03:26.000Z","updated_at":"2026-07-05T03:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"cryptography","old_version":"\u003e=42.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/42.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/FMSMITH91/linuxgsm-panel/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FMSMITH91%2Flinuxgsm-panel/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"46.0.5","new_version":"49.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-04T00:02:18.000Z","version_change":"46.0.5 → 49.0.0","issue":{"uuid":"4806963494","node_id":"PR_kwDOSG1b6s7twtxt","number":4,"state":"closed","title":"chore(deps): bump the backend group across 1 directory with 30 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-04T00:31:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-04T00:02:18.000Z","updated_at":"2026-07-04T00:31:42.000Z","time_to_close":1741,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"backend","update_count":30,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.139.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.42.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.51","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.5","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"cryptography","old_version":"46.0.5","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"httpx","old_version":"0.27.2","new_version":"0.28.1","repository_url":"https://github.com/encode/httpx"},{"name":"typer","old_version":"0.24.1","new_version":"0.26.8","repository_url":"https://github.com/fastapi/typer"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nUpdates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [alembic](https://github.com/sqlalchemy/alembic), [pydantic](https://github.com/pydantic/pydantic), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [cryptography](https://github.com/pyca/cryptography), [httpx](https://github.com/encode/httpx), [typer](https://github.com/fastapi/typer), [redis](https://github.com/redis/redis-py), [celery](https://github.com/celery/celery), [grpcio](https://github.com/grpc/grpc), [grpcio-reflection](https://grpc.io), [protobuf](https://github.com/protocolbuffers/protobuf), [reportlab](https://www.reportlab.com/), [rapidfuzz](https://github.com/rapidfuzz/RapidFuzz), [prometheus-client](https://github.com/prometheus/client_python), [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator), [neo4j](https://github.com/neo4j/neo4j-python-driver), [chromadb](https://github.com/chroma-core/chroma), [groq](https://github.com/groq/groq-python), [pyotp](https://github.com/pyauth/pyotp), [pybind11](https://github.com/pybind/pybind11), [fakeredis](https://github.com/cunla/fakeredis-py), [pytest](https://github.com/pytest-dev/pytest), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [prompt-toolkit](https://github.com/prompt-toolkit/python-prompt-toolkit), [websockets](https://github.com/python-websockets/websockets), [keyring](https://github.com/jaraco/keyring) and [textual](https://github.com/Textualize/textual) to permit the latest version.\nUpdates `fastapi` from 0.135.1 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.139.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support dependencies in \u003ccode\u003eapp.frontend()\u003c/code\u003e, e.g. for automatic cookie authentication for the frontend. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15908\"\u003e#15908\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15897\"\u003e#15897\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15895\"\u003e#15895\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15896\"\u003e#15896\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15899\"\u003e#15899\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15892\"\u003e#15892\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15891\"\u003e#15891\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15893\"\u003e#15893\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15898\"\u003e#15898\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15900\"\u003e#15900\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15890\"\u003e#15890\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15894\"\u003e#15894\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15888\"\u003e#15888\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15880\"\u003e#15880\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15889\"\u003e#15889\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15883\"\u003e#15883\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15885\"\u003e#15885\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15882\"\u003e#15882\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15887\"\u003e#15887\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15886\"\u003e#15886\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15881\"\u003e#15881\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15884\"\u003e#15884\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15879\"\u003e#15879\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15909\"\u003e#15909\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15906\"\u003e#15906\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15878\"\u003e#15878\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Remove not needed \u003ccode\u003eallow-unsafe-pr-checkout: true\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15876\"\u003e#15876\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the github-actions group with 5 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15872\"\u003e#15872\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the python-packages group across 1 directory with 10 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15870\"\u003e#15870\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump CodSpeedHQ/action from 4.17.0 to 4.17.5 in the github-actions group. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15826\"\u003e#15826\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.138.1\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Refactor Library Skills, make info easier to find for agents. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15841\"\u003e#15841\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👷 Simplify pull request workflow triggers. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15836\"\u003e#15836\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Update issue-manager to 0.7.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15833\"\u003e#15833\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update issue-manager to 0.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15831\"\u003e#15831\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cecd96d9c6c318e0df1c40cedbc2e953381ddfd3\"\u003e\u003ccode\u003ececd96d\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.139.0 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15910\"\u003e#15910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/aea660936b55fdbd84270d24f892839388922dd6\"\u003e\u003ccode\u003eaea6609\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/319be508ce7db9ee5f52c3b9baa68c6cc1037c10\"\u003e\u003ccode\u003e319be50\u003c/code\u003e\u003c/a\u003e ✨ Support dependencies in \u003ccode\u003eapp.frontend()\u003c/code\u003e, e.g. for automatic cookie authent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/66a90f6ee9c0cf58ec61b14f8925344d6f16eae5\"\u003e\u003ccode\u003e66a90f6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d30a3ebfc7d7fd7851ba4243677266c53cb9f154\"\u003e\u003ccode\u003ed30a3eb\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15909\"\u003e#15909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/122f1b58f4e0fabfefef3710a8c8247bb2bd820b\"\u003e\u003ccode\u003e122f1b5\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fd6ece32eeb27c9ce164bd9170f9d8e1db1dacff\"\u003e\u003ccode\u003efd6ece3\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI GitHub topic repositories (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15906\"\u003e#15906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ec2a6adaf14c440bdcd0fd3f4ca203daa8c3ba6a\"\u003e\u003ccode\u003eec2a6ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9d7d7febd3a66844f948254c1ba4745b6cc16f40\"\u003e\u003ccode\u003e9d7d7fe\u003c/code\u003e\u003c/a\u003e 🌐 Update translations for fr (update-outdated) (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15897\"\u003e#15897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8dc852df4713efa998d126c5194302e9f06e7675\"\u003e\u003ccode\u003e8dc852d\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.42.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.42.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.48 to 2.0.51\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.51\u003c/h1\u003e\n\u003cp\u003eReleased: June 15, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.subqueryload()\u003c/code\u003e combined with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e and \u003ccode\u003ePropComparator.and_()\u003c/code\u003e would\nsilently drop the additional filter criteria, causing all related objects\nto be loaded instead of only those matching the filter.  The\n\u003ccode\u003eLoaderCriteriaOption\u003c/code\u003e was being constructed against the base\nentity rather than the effective entity indicated by\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e.  Pull request courtesy Arya Rizky.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13207\"\u003e#13207\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed bug where a failure during \u003ccode\u003etpc_prepare()\u003c/code\u003e within\n\u003ccode\u003e_orm.Session.commit()\u003c/code\u003e for a two-phase session would raise\n\u003ccode\u003eIllegalStateChangeError\u003c/code\u003e instead of the original database\nexception.  The internal \u003ccode\u003e_prepare_impl()\u003c/code\u003e method's error handler\nwas unable to invoke \u003ccode\u003e_orm.SessionTransaction.rollback()\u003c/code\u003e due\nto a state-change guard, preventing proper cleanup and masking the\nunderlying error.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13356\"\u003e#13356\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eengine\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[engine] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003eResult.freeze()\u003c/code\u003e would lose track of ambiguous\ncolumn names present in the original \u003ccode\u003eCursorResult\u003c/code\u003e, causing\nkey-based access on the thawed result to silently return a value instead of\nraising \u003ccode\u003eInvalidRequestError\u003c/code\u003e.  The\n\u003ccode\u003eSimpleResultMetaData\u003c/code\u003e now accepts and propagates ambiguous key\ninformation so that frozen, thawed, and pickled results raise consistently\nfor duplicate column names.  Pull request courtesy Saurabh Kohli.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/9427\"\u003e#9427\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_sql.StatementLambdaElement\u003c/code\u003e would proxy\nattribute access through the cached \u0026quot;expected\u0026quot; expression rather than the\nresolved expression, causing stale closure-bound parameter values to be\nused when a lambda statement was extended with non-lambda criteria such as\nan additional \u003ccode\u003e.where()\u003c/code\u003e clause.  Courtesy cjc0013.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10827\"\u003e#10827\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.5\u003c/h1\u003e\n\u003cp\u003eReleased: June 25, 2026\u003c/p\u003e\n\u003ch2\u003eusecase\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[usecase] [commands]\u003c/strong\u003e Added \u003ccode\u003e--splice\u003c/code\u003e support to the \u003ccode\u003emerge()\u003c/code\u003e command. Previously, the\nmerge command would suggest using \u003ccode\u003e--splice\u003c/code\u003e when attempting to merge\nnon-head revisions, but the flag was not actually accepted by the command.\nThe \u003ccode\u003esplice\u003c/code\u003e parameter is now available in both the command-line\ninterface and the \u003ccode\u003ecommand.merge()\u003c/code\u003e function, matching the existing\nsupport in \u003ccode\u003ecommand.revision()\u003c/code\u003e.  Pull request courtesy Kadir Can\nOzden.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[usecase] [environment]\u003c/strong\u003e Added \u003ccode\u003eScriptDirectory.get_heads.consider_depends_on\u003c/code\u003e\nparameter to \u003ccode\u003eScriptDirectory.get_heads()\u003c/code\u003e. When set to \u003ccode\u003eTrue\u003c/code\u003e,\nhead revisions that are also a dependency of another revision via\n\u003ccode\u003edepends_on\u003c/code\u003e are excluded from the result, matching the effective\nheads that would be present in the \u003ccode\u003ealembic_version\u003c/code\u003e table after\nrunning all upgrades.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1806\"\u003e#1806\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed rendering of dialect keyword arguments containing\n\u003ccode\u003e~sqlalchemy.schema.Column\u003c/code\u003e objects within sequences, such as\n\u003ccode\u003epostgresql_include\u003c/code\u003e.  These were previously rendered using \u003ccode\u003erepr()\u003c/code\u003e,\nproducing invalid Python in the generated migration scripts.  Column\nobjects within list or tuple values are now correctly rendered as their\nstring column names.  Pull request courtesy Ajay Singh.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1258\"\u003e#1258\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [mysql]\u003c/strong\u003e Implemented type comparison for \u003ccode\u003eENUM\u003c/code\u003e datatypes on MySQL, which\nchecks that the individual enum values are equivalent.  If additional\nentries are on either side, this generates a diff.  Changes of order do not\ngenerate a diff.  Pull request courtesy Furkan Köykıran.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1745\"\u003e#1745\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/779\"\u003e#779\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Fixed bug where the \u003ccode\u003einline_references\u003c/code\u003e parameter of\n\u003ccode\u003eOperations.add_column()\u003c/code\u003e did not include foreign key referential\nactions such as \u003ccode\u003eON DELETE\u003c/code\u003e, \u003ccode\u003eON UPDATE\u003c/code\u003e, \u003ccode\u003eDEFERRABLE\u003c/code\u003e,\n\u003ccode\u003eINITIALLY\u003c/code\u003e, and \u003ccode\u003eMATCH\u003c/code\u003e when rendering the inline \u003ccode\u003eREFERENCES\u003c/code\u003e\nclause.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a security patch release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e from following symlinks outside \u003ccode\u003esecrets_dir\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/889\"\u003epydantic/pydantic-settings#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.2 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/890\"\u003epydantic/pydantic-settings#890\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j\"\u003eGHSA-4xgf-cpjx-pc3j\u003c/a\u003e: \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e with \u003ccode\u003esecrets_nested_subdir=True\u003c/code\u003e could follow a symbolic link inside \u003ccode\u003esecrets_dir\u003c/code\u003e pointing outside it, reading out-of-tree files into settings values and bypassing the \u003ccode\u003esecrets_dir_max_size\u003c/code\u003e cap. Affected versions: \u003ccode\u003e\u0026gt;= 2.12.0, \u0026lt; 2.14.2\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/d703bd717e5e07439fa89da2245eee6139413e9e\"\u003e\u003ccode\u003ed703bd7\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.2 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/890\"\u003e#890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httpx` from 0.27.2 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/httpx/releases\"\u003ehttpx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.28.1\u003c/h2\u003e\n\u003ch2\u003e0.28.1 (6th December, 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix SSL case where \u003ccode\u003everify=False\u003c/code\u003e together with client side certificates.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 0.28.0\u003c/h2\u003e\n\u003ch2\u003e0.28.0 (28th November, 2024)\u003c/h2\u003e\n\u003cp\u003eThe 0.28 release includes a limited set of deprecations.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e:\u003c/p\u003e\n\u003cp\u003eWe are working towards a simplified SSL configuration API.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFor users of the standard \u003ccode\u003everify=True\u003c/code\u003e or \u003ccode\u003everify=False\u003c/code\u003e cases, or \u003ccode\u003everify=\u0026lt;ssl_context\u0026gt;\u003c/code\u003e case this should require no changes. The following cases have been deprecated...\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003everify\u003c/code\u003e argument as a string argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecert\u003c/code\u003e argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOur revised \u003ca href=\"https://github.com/encode/httpx/blob/HEAD/docs/advanced/ssl.md\"\u003eSSL documentation\u003c/a\u003e covers how to implement the same behaviour with a more constrained API.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe following changes are also included\u003c/strong\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eproxies\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eapp\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eJSON request bodies use a compact representation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReview URL percent escape sets, based on WHATWG spec. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3371\"\u003e#3371\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/encode/httpx/issues/3373\"\u003e#3373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecertifi\u003c/code\u003e and \u003ccode\u003ehttpcore\u003c/code\u003e are only imported if required. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3377\"\u003e#3377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003esocks5h\u003c/code\u003e as a valid proxy scheme. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3178\"\u003e#3178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleanup \u003ccode\u003eRequest()\u003c/code\u003e method signature in line with \u003ccode\u003eclient.request()\u003c/code\u003e and \u003ccode\u003ehttpx.request()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBugfix: When passing \u003ccode\u003eparams={}\u003c/code\u003e, always strictly update rather than merge with an existing querystring. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/httpx/blob/master/CHANGELOG.md\"\u003ehttpx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1 (6th December, 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix SSL case where \u003ccode\u003everify=False\u003c/code\u003e together with client side certificates.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0 (28th November, 2024)\u003c/h2\u003e\n\u003cp\u003eBe aware that the default \u003cem\u003eJSON request bodies now use a more compact representation\u003c/em\u003e. This is generally considered a prefered style, tho may require updates to test suites.\u003c/p\u003e\n\u003cp\u003eThe 0.28 release includes a limited set of deprecations...\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e:\u003c/p\u003e\n\u003cp\u003eWe are working towards a simplified SSL configuration API.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFor users of the standard \u003ccode\u003everify=True\u003c/code\u003e or \u003ccode\u003everify=False\u003c/code\u003e cases, or \u003ccode\u003everify=\u0026lt;ssl_context\u0026gt;\u003c/code\u003e case this should require no changes. The following cases have been deprecated...\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003everify\u003c/code\u003e argument as a string argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecert\u003c/code\u003e argument is now deprecated and will raise warnings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOur revised \u003ca href=\"https://github.com/encode/httpx/blob/master/docs/advanced/ssl.md\"\u003eSSL documentation\u003c/a\u003e covers how to implement the same behaviour with a more constrained API.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe following changes are also included\u003c/strong\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eproxies\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eapp\u003c/code\u003e argument has now been removed.\u003c/li\u003e\n\u003cli\u003eJSON request bodies use a compact representation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReview URL percent escape sets, based on WHATWG spec. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3371\"\u003e#3371\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/encode/httpx/issues/3373\"\u003e#3373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecertifi\u003c/code\u003e and \u003ccode\u003ehttpcore\u003c/code\u003e are only imported if required. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3377\"\u003e#3377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003esocks5h\u003c/code\u003e as a valid proxy scheme. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3178\"\u003e#3178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleanup \u003ccode\u003eRequest()\u003c/code\u003e method signature in line with \u003ccode\u003eclient.request()\u003c/code\u003e and \u003ccode\u003ehttpx.request()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBugfix: When passing \u003ccode\u003eparams={}\u003c/code\u003e, always strictly update rather than merge with an existing querystring. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/26d48e0634e6ee9cdc0533996db289ce4b430177\"\u003e\u003ccode\u003e26d48e0\u003c/code\u003e\u003c/a\u003e Version 0.28.1 (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/89599a9541af14bcf906fc4ed58ccbdf403802ba\"\u003e\u003ccode\u003e89599a9\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003everify=False\u003c/code\u003e, \u003ccode\u003ecert=...\u003c/code\u003e case. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3442\"\u003e#3442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/8ecb86f0d74ffc52d4663214fae9526bee89358d\"\u003e\u003ccode\u003e8ecb86f\u003c/code\u003e\u003c/a\u003e Add test for request params behavior changes (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3364\"\u003e#3364\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3440\"\u003e#3440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/0cb7e5a2e736628e2f506d259fcf0d48cd2bde82\"\u003e\u003ccode\u003e0cb7e5a\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 11 updates (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/15e21e9ea3cad4f06e22a7e704aabefdf43d2e29\"\u003e\u003ccode\u003e15e21e9\u003c/code\u003e\u003c/a\u003e Updating deprecated docstring Client() class (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/80960fa31918d7663c3f4c3ad61661cf0e80628f\"\u003e\u003ccode\u003e80960fa\u003c/code\u003e\u003c/a\u003e Version 0.28.0. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/a33c87852b8a0dddc65e5f739af1e0a6fca4b91f\"\u003e\u003ccode\u003ea33c878\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eextensions\u003c/code\u003e type annotation. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3380\"\u003e#3380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/ce7e14da27abba6574be9b3ea7cd5990556a9343\"\u003e\u003ccode\u003ece7e14d\u003c/code\u003e\u003c/a\u003e Error on verify as str. (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3418\"\u003e#3418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/47f4a96ffaaaa07dca1614409549b5d7a6e7af49\"\u003e\u003ccode\u003e47f4a96\u003c/code\u003e\u003c/a\u003e Handle empty zstd responses (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3412\"\u003e#3412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/httpx/commit/189fc4bcbe5f314128775dec66a616ac9a31ad48\"\u003e\u003ccode\u003e189fc4b\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md, fix typo(s) (\u003ca href=\"https://redirect.github.com/encode/httpx/issues/3406\"\u003e#3406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/httpx/compare/0.27.2...0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.24.1 to 0.26.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.8\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Make second column of Rich help output reflect the type consistently, even when using \u003ccode\u003emetavar\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1410\"\u003e#1410\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🐛 Fix formatting in \u003ccode\u003eNoSuchOption.format_message()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1843\"\u003e#1843\u003c/a\u003e by \u003ca href=\"https://github.com/foomunleong\"\u003e\u003ccode\u003e@​foomunleong\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update docs badges: remove Publish badge, it doesn't give extra information. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1850\"\u003e#1850\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix formatting for help link to support GitHub-specific overview edge-case. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1826\"\u003e#1826\u003c/a\u003e by \u003ca href=\"https://github.com/phalberg\"\u003e\u003ccode\u003e@​phalberg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👷 Simplify pull request workflow triggers. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1858\"\u003e#1858\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Update issue-manager to 0.7.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1857\"\u003e#1857\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update issue-manager to 0.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1856\"\u003e#1856\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Update zizmor workflow security checks. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1854\"\u003e#1854\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Group Dependabot updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1853\"\u003e#1853\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Update Dependabot ecosystem coverage. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1851\"\u003e#1851\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Fix alls-green test dependency. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1848\"\u003e#1848\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.7 to 48.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1841\"\u003e#1841\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.13.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1839\"\u003e#1839\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the github-actions group across 1 directory with 3 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1828\"\u003e#1828\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump the python-packages group with 3 updates. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1829\"\u003e#1829\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]...\n\n_Description has been truncated_","html_url":"https://github.com/zak-li/Pxtly/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zak-li%2FPxtly/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"48.0.0","new_version":"48.0.1","update_type":"patch","path":null,"pr_created_at":"2026-07-02T20:43:18.000Z","version_change":"48.0.0 → 48.0.1","issue":{"uuid":"4798050198","node_id":"PR_kwDOSgD7is7tTscz","number":96,"state":"closed","title":"chore(deps): bump the pip group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-02T20:46:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-02T20:43:18.000Z","updated_at":"2026-07-02T20:46:59.000Z","time_to_close":212,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":3,"packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"starlette","old_version":"1.0.1","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"python-multipart","old_version":"0.0.29","new_version":"0.0.31","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /requirements directory: [cryptography](https://github.com/pyca/cryptography), [starlette](https://github.com/Kludex/starlette) and [python-multipart](https://github.com/Kludex/python-multipart).\n\nUpdates `cryptography` from 48.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.1 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eStarletteDeprecationWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3119\"\u003eKludex/starlette#3119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3329\"\u003eKludex/starlette#3329\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3331\"\u003eKludex/starlette#3331\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.3.0...1.3.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.3.0...1.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClamp oversized suffix ranges in \u003ccode\u003eFileResponse\u003c/code\u003e by \u003ca href=\"https://github.com/jiyujie2006\"\u003e\u003ccode\u003e@​jiyujie2006\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3307\"\u003eKludex/starlette#3307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCatch \u003ccode\u003eOSError\u003c/code\u003e alongside \u003ccode\u003eMultiPartException\u003c/code\u003e when closing temp files by \u003ca href=\"https://github.com/N3XT3R1337\"\u003e\u003ccode\u003e@​N3XT3R1337\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3191\"\u003eKludex/starlette#3191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ehttpx2\u003c/code\u003e to the \u003ccode\u003efull\u003c/code\u003e extra by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3323\"\u003eKludex/starlette#3323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust testclient typing and warnings by \u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3322\"\u003eKludex/starlette#3322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix IndexError in URL.replace() on a URL with no authority by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3317\"\u003eKludex/starlette#3317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotate URLPath protocol parameter with Literal by \u003ca href=\"https://github.com/Chang-LeHung\"\u003e\u003ccode\u003e@​Chang-LeHung\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3285\"\u003eKludex/starlette#3285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eavoid collapsing exception groups from user code by \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2830\"\u003eKludex/starlette#2830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eremoveprefix\u003c/code\u003e to strip weak ETag indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e by \u003ca href=\"https://github.com/gnosyslambda\"\u003e\u003ccode\u003e@​gnosyslambda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3193\"\u003eKludex/starlette#3193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild \u003ccode\u003erequest.url\u003c/code\u003e from structured components by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3326\"\u003eKludex/starlette#3326\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jiyujie2006\"\u003e\u003ccode\u003e@​jiyujie2006\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3307\"\u003eKludex/starlette#3307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/N3XT3R1337\"\u003e\u003ccode\u003e@​N3XT3R1337\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3191\"\u003eKludex/starlette#3191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leestana01\"\u003e\u003ccode\u003e@​leestana01\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3319\"\u003eKludex/starlette#3319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3317\"\u003eKludex/starlette#3317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EmmanuelNiyonshuti\"\u003e\u003ccode\u003e@​EmmanuelNiyonshuti\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3204\"\u003eKludex/starlette#3204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chang-LeHung\"\u003e\u003ccode\u003e@​Chang-LeHung\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3285\"\u003eKludex/starlette#3285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gnosyslambda\"\u003e\u003ccode\u003e@​gnosyslambda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3193\"\u003eKludex/starlette#3193\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.1...1.3.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.1...1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module by \u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assert error for requires() when request param is not Request type by \u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/diskeu\"\u003e\u003ccode\u003e@​diskeu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3243\"\u003eKludex/starlette#3243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.0...1.2.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.0...1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3291\"\u003eKludex/starlette#3291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.1.0...1.2.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.1.0...1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.3.1 (June 12, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3329\"\u003e#3329\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3331\"\u003e#3331\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0 (June 11, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehttpx2\u003c/code\u003e to the \u003ccode\u003efull\u003c/code\u003e extra \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3323\"\u003e#3323\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAnnotate the \u003ccode\u003eURLPath\u003c/code\u003e \u003ccode\u003eprotocol\u003c/code\u003e parameter with \u003ccode\u003eLiteral\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3285\"\u003e#3285\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBuild \u003ccode\u003erequest.url\u003c/code\u003e from structured components \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3326\"\u003e#3326\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eClamp oversized suffix ranges in \u003ccode\u003eFileResponse\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3307\"\u003e#3307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCatch \u003ccode\u003eOSError\u003c/code\u003e alongside \u003ccode\u003eMultiPartException\u003c/code\u003e when closing temp files \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3191\"\u003e#3191\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAvoid collapsing exception groups raised from user code \u003ca href=\"https://redirect.github.com/encode/starlette/pull/2830\"\u003e#2830\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eremoveprefix\u003c/code\u003e to strip the weak \u003ccode\u003eETag\u003c/code\u003e indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3193\"\u003e#3193\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e in \u003ccode\u003eURL.replace()\u003c/code\u003e on a URL with no authority \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3317\"\u003e#3317\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdjust \u003ccode\u003etestclient\u003c/code\u003e typing and warnings \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3322\"\u003e#3322\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.1 (May 31, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3304\"\u003e#3304\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd assert error for \u003ccode\u003erequires()\u003c/code\u003e when the request parameter is not a \u003ccode\u003eRequest\u003c/code\u003e type \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3298\"\u003e#3298\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0 (May 28, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3291\"\u003e#3291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.1.0 (May 23, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3283\"\u003e#3283\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3286\"\u003e#3286\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3287\"\u003e#3287\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/8ebffd0678570ddd5d5bb11c6f3c3c7fd4682ab9\"\u003e\u003ccode\u003e8ebffd0\u003c/code\u003e\u003c/a\u003e Version 1.3.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/25b8e179d8d7ed86769c02f648772dd5fb43dc3c\"\u003e\u003ccode\u003e25b8e17\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eFormParser\u003c/code\u003e limits in parser callbacks (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3331\"\u003e#3331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/dba1c4babc4f99ad2622bb913d87045775dda735\"\u003e\u003ccode\u003edba1c4b\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003emax_fields\u003c/code\u003e and \u003ccode\u003emax_part_size\u003c/code\u003e in \u003ccode\u003eFormParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/45e51dcf99f3a270b0bcec1aec5410b4345863a9\"\u003e\u003ccode\u003e45e51dc\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eStarletteDeprecationWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3119\"\u003e#3119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/5f8610c386e13de1d80d36efa961e1486a1d2d01\"\u003e\u003ccode\u003e5f8610c\u003c/code\u003e\u003c/a\u003e Version 1.3.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/167b5850e809f38b27fbfed62d58bf6442855975\"\u003e\u003ccode\u003e167b585\u003c/code\u003e\u003c/a\u003e Build \u003ccode\u003erequest.url\u003c/code\u003e from structured components (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/37309255b4c1b9c381a2d24a1eaf83100984a16a\"\u003e\u003ccode\u003e3730925\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eremoveprefix\u003c/code\u003e to strip weak ETag indicator in \u003ccode\u003eis_not_modified\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3193\"\u003e#3193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e6f7ad1ab85efb27ab7910d8007b3f4531f7b083\"\u003e\u003ccode\u003ee6f7ad1\u003c/code\u003e\u003c/a\u003e avoid collapsing exception groups from user code (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2830\"\u003e#2830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/115228fcdca0e0ef5bf4a95a40ddce5a9fced428\"\u003e\u003ccode\u003e115228f\u003c/code\u003e\u003c/a\u003e Annotate URLPath protocol parameter with Literal (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3285\"\u003e#3285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/113f193a34353c9153857028c1074351d22fad07\"\u003e\u003ccode\u003e113f193\u003c/code\u003e\u003c/a\u003e docs: replace inline ASGI server list with link to canonical implemen… (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3204\"\u003e#3204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.1...1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.29 to 0.0.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9d3ead568a259f222cff6425262ff63e88d930d4\"\u003e\u003ccode\u003e9d3ead5\u003c/code\u003e\u003c/a\u003e Version 0.0.30 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d\"\u003e\u003ccode\u003e3506c15\u003c/code\u003e\u003c/a\u003e Ignore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d69df35cd2cad9c72794c2c340db646afae957d8\"\u003e\u003ccode\u003ed69df35\u003c/code\u003e\u003c/a\u003e Treat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1e6ff9740b09fb439755f30e2b0e2ada1d297325\"\u003e\u003ccode\u003e1e6ff97\u003c/code\u003e\u003c/a\u003e Bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yasufumi-nakata/openri/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yasufumi-nakata/openri/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasufumi-nakata%2Fopenri/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"}},{"old_version":"45.0.5","new_version":"48.0.1","update_type":"major","path":null,"pr_created_at":"2026-07-01T18:51:27.000Z","version_change":"45.0.5 → 48.0.1","issue":{"uuid":"4788376467","node_id":"PR_kwDOPJsOlc7s0ZDN","number":3,"state":"open","title":"chore(deps): bump the uv group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T18:51:27.000Z","updated_at":"2026-07-01T18:55:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.6.0","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"cryptography","old_version":"45.0.5","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"fastmcp","old_version":"2.10.5","new_version":"3.2.0","repository_url":"https://github.com/PrefectHQ/fastmcp"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"joserfc","old_version":"1.6.4","new_version":"1.6.7","repository_url":"https://github.com/authlib/joserfc"},{"name":"langchain-core","old_version":"1.1.0","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"1.0.0","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.4.7","new_version":"0.8.18","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pillow","old_version":"11.3.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.31","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.46.2","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"transformers","old_version":"4.53.2","new_version":"5.3.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"ujson","old_version":"5.10.0","new_version":"5.13.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.0` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `48.0.1` |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.10.5` | `3.2.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [joserfc](https://github.com/authlib/joserfc) | `1.6.4` | `1.6.7` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.1.0` | `1.3.3` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.0.0` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.8.18` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.31` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `1.3.1` |\n| [transformers](https://github.com/huggingface/transformers) | `4.53.2` | `5.3.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.13.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\nBumps the uv group with 19 updates in the /docker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.0` | `1.6.12` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `48.0.1` |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.10.5` | `3.2.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.1.0` | `1.3.3` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.0.0` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.8.18` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.31` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `1.3.1` |\n| [transformers](https://github.com/huggingface/transformers) | `4.53.2` | `5.3.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.13.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.10.0 2026-06-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce the stricter \u003ccode\u003enltk.pathsec\u003c/code\u003e security policy by default\u003c/li\u003e\n\u003cli\u003eDocument the new security model and migration guidance\u003c/li\u003e\n\u003cli\u003eHarden resource loading against path traversal and SSRF/DNS-rebinding\u003c/li\u003e\n\u003cli\u003eHarden downloader path handling and block XML entity expansion\u003c/li\u003e\n\u003cli\u003eClose remaining corpus-reader security edge cases\u003c/li\u003e\n\u003cli\u003eReplace unsafe \u003ccode\u003eexec()\u003c/code\u003e usage in the utility CLI\u003c/li\u003e\n\u003cli\u003eWarn on unpickling user-provided pickles\u003c/li\u003e\n\u003cli\u003eAdd HuggingFace datasets integration (\u003ccode\u003enltk.huggingface\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAlign TnT with Brants (2000) specifications\u003c/li\u003e\n\u003cli\u003eFix PorterStemmer irregular-form lowercasing in NLTK mode\u003c/li\u003e\n\u003cli\u003eFix TransitionParser sparse index dtype for scikit-learn 1.9\u003c/li\u003e\n\u003cli\u003eFix TextCat tie handling\u003c/li\u003e\n\u003cli\u003eFix WordNet object comparisons for incompatible types\u003c/li\u003e\n\u003cli\u003eCache WordNet max depth lazily for \u003ccode\u003elch_similarity()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix CCG variable direction, substitution, and type-raising bugs\u003c/li\u003e\n\u003cli\u003eFix Jaro similarity for single-character and empty-string cases\u003c/li\u003e\n\u003cli\u003eImprove CI and release-maintenance workflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.10.0:\n13rac1, alvations, bowiechen, devesh-2002, ekaf, elias-ba,\nhaosenwang1018, HyperPS, ihitamandal, jancallewaert, jhnwnstd,\nJuanIMartinezB, Lemm1, LinZiyuu, Mr-Neutr0n, PastelStorm,\nscruge1, Syzygy2048, ylwango613, yzhaoinuw\u003c/p\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.0 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.0...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.5 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.5...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastmcp` from 2.10.5 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases\"\u003efastmcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0: Show Don't Tool\u003c/h2\u003e\n\u003cp\u003eFastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.\u003c/p\u003e\n\u003ch2\u003eFastMCPApp\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eFastMCPApp\u003c/code\u003e is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (\u003ccode\u003e@app.ui()\u003c/code\u003e) from the backend tools the UI calls (\u003ccode\u003e@app.tool()\u003c/code\u003e), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003efrom fastmcp import FastMCP, FastMCPApp\nfrom prefab_ui.actions.mcp import CallTool\nfrom prefab_ui.components import Column, Form, Input, Button, ForEach, Text\n\u003cp\u003eapp = FastMCPApp(\u0026quot;Contacts\u0026quot;)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.tool()\ndef save_contact(name: str, email: str) -\u0026gt; list[dict]:\ndb.append({\u0026quot;name\u0026quot;: name, \u0026quot;email\u0026quot;: email})\nreturn list(db)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.ui()\ndef contact_manager() -\u0026gt; PrefabApp:\nwith PrefabApp(state={\u0026quot;contacts\u0026quot;: list(db)}) as view:\nwith Column(gap=4):\nForEach(\u0026quot;contacts\u0026quot;, lambda c: Text(c.name))\nwith Form(on_submit=CallTool(\u0026quot;save_contact\u0026quot;)):\nInput(name=\u0026quot;name\u0026quot;, required=True)\nInput(name=\u0026quot;email\u0026quot;, required=True)\nButton(\u0026quot;Save\u0026quot;)\nreturn view\u003c/p\u003e\n\u003cp\u003emcp = FastMCP(\u0026quot;Server\u0026quot;, providers=[app])\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe UI is built with \u003ca href=\"https://prefab.prefect.io\"\u003ePrefab\u003c/a\u003e, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.\u003c/p\u003e\n\u003cp\u003eFor simpler cases where you just want to visualize data without server interaction, set \u003ccode\u003eapp=True\u003c/code\u003e on any tool and return Prefab components directly:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e@mcp.tool(app=True)\ndef revenue_chart(year: int) -\u0026gt; PrefabApp:\n    with PrefabApp() as app:\n        BarChart(data=revenue_data, series=[ChartSeries(data_key=\u0026quot;revenue\u0026quot;)])\n    return app\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eBuilt-in Providers\u003c/h2\u003e\n\u003cp\u003eFive ready-made providers you add with a single \u003ccode\u003eadd_provider()\u003c/code\u003e call:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFileUpload\u003c/strong\u003e — drag-and-drop file upload with session-scoped storage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx\"\u003efastmcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003etitle: \u0026quot;Changelog\u0026quot;\nicon: \u0026quot;list-check\u0026quot;\nrss: true\ntag: NEW\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.1\"\u003ev3.4.1: Floor It\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.4.1 floors Starlette at \u003ccode\u003e\u0026gt;=1.0.1\u003c/code\u003e so installs can no longer resolve to a version affected by CVE-2026-48710, which was previously only constrained transitively through \u003ccode\u003emcp\u003c/code\u003e. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.\u003c/p\u003e\n\u003ch3\u003eEnhancements ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLog refresh-token misses in OAuthProxy instead of failing silently by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4276\"\u003e#4276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity 🔒\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit starlette\u0026gt;=1.0.1 floor (CVE-2026-48710) by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4286\"\u003e#4286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument --notes-start-tag in release instructions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4275\"\u003e#4275\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v3.4.0...v3.4.1\"\u003ev3.4.0...v3.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.0\"\u003ev3.4.0: Remote Control\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.4 is about reaching servers that live somewhere else. The headline is \u003ccode\u003efastmcp-remote\u003c/code\u003e, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, the proxy layer those connections depend on is hardened: a proxy now forwards \u003ccode\u003einitialize\u003c/code\u003e upstream and fails loudly when the backend is missing or misconfigured, instead of reporting a connected-but-empty proxy. And FastMCP-issued access tokens can now outlive short-lived upstream tokens, so authenticated sessions survive the long idle periods remote clients are prone to.\u003c/p\u003e\n\u003ch3\u003eNew Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fastmcp-remote bridge package by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4208\"\u003e#4208\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eForward proxy initialize as bridge behavior by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4228\"\u003e#4228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: require external PRs to link a tracked issue by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4173\"\u003e#4173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: new options --host and --no-log-panel | --log-panel  to cli dev apps by \u003ca href=\"https://github.com/itaru2622\"\u003e\u003ccode\u003e@​itaru2622\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4123\"\u003e#4123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd valid_scopes and extra_authorize_params to WorkOSProvider by \u003ca href=\"https://github.com/tiagoskaneta\"\u003e\u003ccode\u003e@​tiagoskaneta\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4135\"\u003e#4135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd token_expiry_threshold_seconds for proactive token refresh by \u003ca href=\"https://github.com/mohankumarelec\"\u003e\u003ccode\u003e@​mohankumarelec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4142\"\u003e#4142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd review-issue skill for triaging gated external contributions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4212\"\u003e#4212\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contract gate to review-issue skill by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4214\"\u003e#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLet ToolResult return an error result via is_error by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4217\"\u003e#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate published docs after PyPI release by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4211\"\u003e#4211\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow pre-bound HTTP sockets by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4222\"\u003e#4222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd targeted coverage tests by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4230\"\u003e#4230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade ty to 0.0.39 by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4225\"\u003e#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple FastMCP access token lifetime from upstream expires_in by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4254\"\u003e#4254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity 🔒\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(code-mode): default sandbox limits and per-execution tool-call cap by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4170\"\u003e#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: Fix 3 findings in GitHub Actions workflows by \u003ca href=\"https://github.com/jpr5\"\u003e\u003ccode\u003e@​jpr5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/4183\"\u003e#4183\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/665514e19a78543709be85b4261153bbe98e882f\"\u003e\u003ccode\u003e665514e\u003c/code\u003e\u003c/a\u003e Add forward_resource flag to OAuthProxy (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3711\"\u003e#3711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f189d1f7fbfd55c9f68c750a3a293e31c7586e8b\"\u003e\u003ccode\u003ef189d1f\u003c/code\u003e\u003c/a\u003e Bump pydantic-monty to 0.0.9 (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3707\"\u003e#3707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/6faa2d61f82eab670694965606fd7b14bedddc7f\"\u003e\u003ccode\u003e6faa2d6\u003c/code\u003e\u003c/a\u003e Remove hardcoded prefab-ui version from pinning warnings (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3708\"\u003e#3708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/dd8816c6ccc733048fe6208bfc8f80ded505f993\"\u003e\u003ccode\u003edd8816c\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3701\"\u003e#3701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/d27495960af23969f11d6e1e44e2018529c1c37e\"\u003e\u003ccode\u003ed274959\u003c/code\u003e\u003c/a\u003e docs: note that custom routes are unauthenticated (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3706\"\u003e#3706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/4a54be2d5f1ac8925a461e67cf993e0278729d4d\"\u003e\u003ccode\u003e4a54be2\u003c/code\u003e\u003c/a\u003e Add examples gallery page (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3705\"\u003e#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/961dd5045611e9c1bd6b7c4f5ac3aa14f0a30ce7\"\u003e\u003ccode\u003e961dd50\u003c/code\u003e\u003c/a\u003e Add interactive map example with geocoding (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f01d0c581c7a821a9701d6dde4d9beb95e32d479\"\u003e\u003ccode\u003ef01d0c5\u003c/code\u003e\u003c/a\u003e Add quiz example app, fix dev server empty string args (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3700\"\u003e#3700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/85b7efd74601a72c74ac68e23599de6c032bb9c4\"\u003e\u003ccode\u003e85b7efd\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/27abe3c3f0cc2ce1925cc3cbc7968d5637ebc82b\"\u003e\u003ccode\u003e27abe3c\u003c/code\u003e\u003c/a\u003e Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v2.10.5...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joserfc` from 1.6.4 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/joserfc/releases\"\u003ejoserfc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ejws\u003c/strong\u003e: Validate payload size for b64=false  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/4d4ea2e\"\u003e\u003c!-- raw HTML omitted --\u003e(4d4ea)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etyping\u003c/strong\u003e: Accept any Collection for algorithms, not just list  -  by \u003ca href=\"https://github.com/jonathangreen\"\u003e\u003ccode\u003e@​jonathangreen\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/102a7a7\"\u003e\u003c!-- raw HTML omitted --\u003e(102a7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etyping\u003c/strong\u003e: Use cast for type hints  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/authlib/joserfc/commit/75d9f95\"\u003e\u003c!-- raw HTML omitted --\u003e(75d9f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.5...1.6.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003e1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003eNo significant changes\u003c/em\u003e\u003c/p\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.4...1.6.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/joserfc/blob/main/docs/changelog.rst\"\u003ejoserfc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 23, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate for type hints.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 18, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJWS\u003c/strong\u003e: validate payload size when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJWS\u003c/strong\u003e: increase registry's payload max size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/1e5b94da589c695f54abd9f1a0ad822dcffe0305\"\u003e\u003ccode\u003e1e5b94d\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/75d9f95815f522ccb50515fb36efbcc6601b2e34\"\u003e\u003ccode\u003e75d9f95\u003c/code\u003e\u003c/a\u003e fix(typing): use cast for type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/6d240377ce8ddfb15793822d9d82cf66e66a9980\"\u003e\u003ccode\u003e6d24037\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/98\"\u003e#98\u003c/a\u003e from jonathangreen/algorithms-accept-collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/102a7a7610eb50cd53cd46d917146b7af295613f\"\u003e\u003ccode\u003e102a7a7\u003c/code\u003e\u003c/a\u003e fix(typing): accept any Collection for algorithms, not just list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/8b869e8754b5022c3a2a9e1071fe15f65d3749c6\"\u003e\u003ccode\u003e8b869e8\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/00d599bfc1282cf887bb6a8bc82598dc10532fa5\"\u003e\u003ccode\u003e00d599b\u003c/code\u003e\u003c/a\u003e chore: update actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/9186561fc40de112e3b3f01934b11d7ca54da142\"\u003e\u003ccode\u003e9186561\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/97\"\u003e#97\u003c/a\u003e from authlib/fix-b64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/4d4ea2e787ed36a2190158d86d8470e3acbb349b\"\u003e\u003ccode\u003e4d4ea2e\u003c/code\u003e\u003c/a\u003e fix(jws): validate payload size for b64=false\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/b6554cca2f0ae4f246411aa569b2980381eb35a3\"\u003e\u003ccode\u003eb6554cc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/joserfc/issues/96\"\u003e#96\u003c/a\u003e from sebasxsala/fix-p512-fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/joserfc/commit/b89eadff61ef9d8cf4302d18987f27dc1b281647\"\u003e\u003ccode\u003eb89eadf\u003c/code\u003e\u003c/a\u003e test: normalize P-521 private key fixture\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/joserfc/compare/1.6.4...1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.1.0 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.1.0...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.0.0 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.0.0...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.4.7 to 0.8.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.18\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3002\"\u003elangchain-ai/langsmith-sdk#3002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3030\"\u003elangchain-ai/langsmith-sdk#3030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3036\"\u003elangchain-ai/langsmith-sdk#3036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3037\"\u003elangchain-ai/langsmith-sdk#3037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3038\"\u003elangchain-ai/langsmith-sdk#3038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3039\"\u003elangchain-ai/langsmith-sdk#3039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3044\"\u003elangchain-ai/langsmith-sdk#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 4 directories with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3046\"\u003elangchain-ai/langsmith-sdk#3046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3060\"\u003elangchain-ai/langsmith-sdk#3060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(python): fix integration assertions for updated attachment error message by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3061\"\u003elangchain-ai/langsmith-sdk#3061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: reconcile bumpversion config and mandate release process for agents by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3062\"\u003elangchain-ai/langsmith-sdk#3062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.18 by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3063\"\u003elangchain-ai/langsmith-sdk#3063\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: expose the resources from the generated openapi client in the langsmith client by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018\"\u003elangchain-ai/langsmith-sdk#3018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): port \u003ccode\u003eisTracingEnabled\u003c/code\u003e utility from Python by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3032\"\u003elangchain-ai/langsmith-sdk#3032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox mount support to JS SDK by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3010\"\u003elangchain-ai/langsmith-sdk#3010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): bump to 0.7.9 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3035\"\u003elangchain-ai/langsmith-sdk#3035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox mount support to Python SDK by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3009\"\u003elangchain-ai/langsmith-sdk#3009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: note that _openapi_client directories are auto-generated by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3034\"\u003elangchain-ai/langsmith-sdk#3034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update JS SDK type declarations with skipLibCheck disabled by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3043\"\u003elangchain-ai/langsmith-sdk#3043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.7.10 by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3045\"\u003elangchain-ai/langsmith-sdk#3045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: adding python async for online evals by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3048\"\u003elangchain-ai/langsmith-sdk#3048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sandbox Git mount SDK helpers by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3040\"\u003elangchain-ai/langsmith-sdk#3040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use insights tab in sdk report links [closes LSO-2936] by \u003ca href=\"https://github.com/eric-langchain\"\u003e\u003ccode\u003e@​eric-langchain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050\"\u003elangchain-ai/langsmith-sdk#3050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(client): warn when backend version is below minimum required by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3041\"\u003elangchain-ai/langsmith-sdk#3041\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by \u003ca href=\"https://github.com/langtions-bot\"\u003e\u003ccode\u003e@​langtions-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3053\"\u003elangchain-ai/langsmith-sdk#3053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sandbox): use built-in gcp auth host matching by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3055\"\u003elangchain-ai/langsmith-sdk#3055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(python): py to 0.8.17 by \u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3056\"\u003elangchain-ai/langsmith-sdk#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sineha-mani\"\u003e\u003ccode\u003e@​sineha-mani\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018\"\u003elangchain-ai/langsmith-sdk#3018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eric-langchain\"\u003e\u003ccode\u003e@​eric-langchain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050\"\u003elangchain-ai/langsmith-sdk#3050\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/CaffeeLake/MemOS/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaffeeLake%2FMemOS/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"43.0.0","new_version":"48.0.1","update_type":"major","path":null,"pr_created_at":"2026-06-29T21:08:59.000Z","version_change":"43.0.0 → 48.0.1","issue":{"uuid":"4771607092","node_id":"PR_kwDOSG89IM7r9UYq","number":32,"state":"closed","title":"Build(deps): Bump the pip group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-30T03:21:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-29T21:08:59.000Z","updated_at":"2026-06-30T03:21:56.000Z","time_to_close":22369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"pip","update_count":6,"packages":[{"name":"cryptography","old_version":"43.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"protobuf","old_version":"4.21.12","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.2","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wheel","old_version":"0.46.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `48.0.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.21.12` | `5.29.6` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.2` | `6.5.7` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.1` | `0.46.2` |\n\n\nUpdates `cryptography` from 43.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.21.12 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tornado` from 6.4.2 to 6.5.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst\"\u003etornado's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease notes\u003c/h1\u003e\n\u003cp\u003e.. toctree::\n:maxdepth: 2\u003c/p\u003e\n\u003cp\u003ereleases/v6.5.7\nreleases/v6.5.6\nreleases/v6.5.5\nreleases/v6.5.4\nreleases/v6.5.3\nreleases/v6.5.2\nreleases/v6.5.1\nreleases/v6.5.0\nreleases/v6.4.2\nreleases/v6.4.1\nreleases/v6.4.0\nreleases/v6.3.3\nreleases/v6.3.2\nreleases/v6.3.1\nreleases/v6.3.0\nreleases/v6.2.0\nreleases/v6.1.0\nreleases/v6.0.4\nreleases/v6.0.3\nreleases/v6.0.2\nreleases/v6.0.1\nreleases/v6.0.0\nreleases/v5.1.1\nreleases/v5.1.0\nreleases/v5.0.2\nreleases/v5.0.1\nreleases/v5.0.0\nreleases/v4.5.3\nreleases/v4.5.2\nreleases/v4.5.1\nreleases/v4.5.0\nreleases/v4.4.3\nreleases/v4.4.2\nreleases/v4.4.1\nreleases/v4.4.0\nreleases/v4.3.0\nreleases/v4.2.1\nreleases/v4.2.0\nreleases/v4.1.0\nreleases/v4.0.2\nreleases/v4.0.1\nreleases/v4.0.0\nreleases/v3.2.2\nreleases/v3.2.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/48fc2d43d1f48b8b3b0be5dcf6a7634c6f45b1c4\"\u003e\u003ccode\u003e48fc2d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3633\"\u003e#3633\u003c/a\u003e from bdarnell/curl-reset-65\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/4ae1ddd14245e56e9fb6fb14d4b9508301fbb841\"\u003e\u003ccode\u003e4ae1ddd\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/3154caabc9a60cb0b6953d28877b2785fbd3ab43\"\u003e\u003ccode\u003e3154caa\u003c/code\u003e\u003c/a\u003e curl_httpclient: Reset the curl object before putting it on the freelist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/7d869c0739b264797ef92b6aa4a80c54b5993ea2\"\u003e\u003ccode\u003e7d869c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3631\"\u003e#3631\u003c/a\u003e from bdarnell/cve-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/288241f6812bb7204984573e55de21d17af951f3\"\u003e\u003ccode\u003e288241f\u003c/code\u003e\u003c/a\u003e docs: Use the correct link syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/8da981c0f614f63d9d3b2cd5017db2b40e5642f6\"\u003e\u003ccode\u003e8da981c\u003c/code\u003e\u003c/a\u003e docs: Add CVE links to 6.5.6 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/aba2569f7ed7a6bdbef816658fb6b7182531b751\"\u003e\u003ccode\u003eaba2569\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3626\"\u003e#3626\u003c/a\u003e from bdarnell/fixes-656\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/a24b260e0d22fd48acea1a2635526c1700e7ac09\"\u003e\u003ccode\u003ea24b260\u003c/code\u003e\u003c/a\u003e httpclient_test: Accept an additional error message variant\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/a74240a70268fe5cb40a127951cb21549ab9ff24\"\u003e\u003ccode\u003ea74240a\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.6.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/e8fc7edb238f1022e39f9d0b9d297fc7c21fb0a5\"\u003e\u003ccode\u003ee8fc7ed\u003c/code\u003e\u003c/a\u003e simple_httpclient: Strip auth headers on cross-origin redirects\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tornadoweb/tornado/compare/v6.4.2...v6.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.46.1 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.46.1...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/WillianSilva51/Achou-UFC/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/WillianSilva51/Achou-UFC/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WillianSilva51%2FAchou-UFC/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"}},{"old_version":"44.0.0","new_version":"49.0.0","update_type":"major","path":null,"pr_created_at":"2026-06-29T20:15:26.000Z","version_change":"44.0.0 → 49.0.0","issue":{"uuid":"4771295460","node_id":"PR_kwDORXAzhc7r8Si0","number":7,"state":"closed","title":"Bump cryptography from 44.0.0 to 49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-06T23:26:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-29T20:15:26.000Z","updated_at":"2026-07-06T23:26:07.000Z","time_to_close":616239,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"44.0.0","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 49.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/44.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=44.0.0\u0026new-version=49.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/dwgx/YuKiKo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwgx%2FYuKiKo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"46.0.3","new_version":"48.0.1","update_type":"major","path":"/cloudflared-operator","pr_created_at":"2026-06-29T06:18:43.000Z","version_change":"46.0.3 → 48.0.1","issue":{"uuid":"4765554978","node_id":"PR_kwDOS89qmc7rpSSD","number":9,"state":"open","title":"Bump cryptography from 46.0.3 to 48.0.1 in /cloudflared-operator","user":"dependabot[bot]","labels":["dependencies","python:uv","Libraries: Out of sync"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T06:18:43.000Z","updated_at":"2026-06-29T06:28:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"46.0.3","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"/cloudflared-operator","ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.3\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/canonical/cloudflared-operators/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/canonical/cloudflared-operators/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fcloudflared-operators/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","update_type":null,"path":null,"pr_created_at":"2026-06-28T23:03:56.000Z","version_change":"\u003e=41.0.0 → \u003e=49.0.0","issue":{"uuid":"4763906286","node_id":"PR_kwDON2x_8s7rkArn","number":943,"state":"open","title":"build(deps): update cryptography requirement from \u003e=41.0.0 to \u003e=49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-28T23:03:56.000Z","updated_at":"2026-06-28T23:08:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): update","packages":[{"name":"cryptography","old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/christianlouis/DocuElevate/pull/943","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/christianlouis%2FDocuElevate/issues/943","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/943/packages"}},{"old_version":"46.0.7","new_version":"48.0.1","update_type":"major","path":"the uv group across 1 directory","pr_created_at":"2026-06-27T09:37:33.000Z","version_change":"46.0.7 → 48.0.1","issue":{"uuid":"4757756400","node_id":"PR_kwDOIjbHCM7rRKLi","number":699,"state":"open","title":"chore(deps): bump cryptography from 46.0.7 to 48.0.1 in the uv group across 1 directory","user":"dependabot[bot]","labels":["dependencies ⬆️","python 🐍"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-27T09:37:33.000Z","updated_at":"2026-06-27T09:39:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":"the uv group across 1 directory","ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `cryptography` from 46.0.7 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=46.0.7\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/danstis/ado-asana-sync/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/danstis/ado-asana-sync/pull/699","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danstis%2Fado-asana-sync/issues/699","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/699/packages"}},{"old_version":"\u003c49,\u003e=45","new_version":"\u003e=45,\u003c50","update_type":null,"path":null,"pr_created_at":"2026-06-25T00:54:09.000Z","version_change":"\u003c49,\u003e=45 → \u003e=45,\u003c50","issue":{"uuid":"4739623334","node_id":"PR_kwDOSqGtt87qWeCA","number":96,"state":"closed","title":"chore(deps): Update cryptography requirement from \u003c49,\u003e=45 to \u003e=45,\u003c50","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-07-02T23:43:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-25T00:54:09.000Z","updated_at":"2026-07-02T23:43:53.000Z","time_to_close":686981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Update","packages":[{"name":"cryptography","old_version":"\u003c49,\u003e=45","new_version":"\u003e=45,\u003c50","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/FlintWave/SearchMob-Desktop/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FlintWave%2FSearchMob-Desktop/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"}},{"old_version":"46.0.7","new_version":"49.0.0","update_type":"major","path":null,"pr_created_at":"2026-06-22T16:53:04.000Z","version_change":"46.0.7 → 49.0.0","issue":{"uuid":"4718784702","node_id":"PR_kwDOE5DY687pR9Hw","number":7608,"state":"closed","title":"python: bump cryptography from 46.0.7 to 49.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-30T03:11:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-22T16:53:04.000Z","updated_at":"2026-06-30T03:12:12.000Z","time_to_close":641926,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"python","packages":[{"name":"cryptography","old_version":"46.0.7","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 49.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/jauderho/dockerfiles/pull/7608","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jauderho%2Fdockerfiles/issues/7608","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7608/packages"}},{"old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","update_type":null,"path":"/backend in the security group","pr_created_at":"2026-06-22T09:10:07.000Z","version_change":"\u003e=41.0.0 → \u003e=49.0.0","issue":{"uuid":"4715121499","node_id":"PR_kwDOPdeUwM7pFtS8","number":69651,"state":"open","title":"deps(backend)(deps): Update cryptography requirement from \u003e=41.0.0 to \u003e=49.0.0 in /backend in the security group","user":"dependabot[bot]","labels":["size/small","backend","dependencies"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-22T09:10:07.000Z","updated_at":"2026-06-22T09:46:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(backend)(deps): Update","packages":[{"name":"cryptography","old_version":"\u003e=41.0.0","new_version":"\u003e=49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":"/backend in the security group","ecosystem":"pip"},"body":"Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.\nUpdates `cryptography` to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade `cryptography` in the backend to `\u003e=49.0.0` to pull in security fixes and modern crypto support. This is a major bump and may affect older environments.\n\n- **Migration**\n  - macOS: only arm64 wheels are published; Intel macOS is no longer supported.\n  - Windows: 32‑bit Python is not supported; use 64‑bit.\n  - Code: deprecated type aliases were removed; switch to the new names if referenced.\n  - Crypto: ChaCha20 nonce counter rules are enforced and some invalid X.509 signatures now error; verify any affected usage.\n\n\u003csup\u003eWritten for commit d94ee7174627c22b2e8f6a1d1c92f262d2ea6754. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/drussell23/JARVIS/pull/69651?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/drussell23/JARVIS/pull/69651","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/drussell23%2FJARVIS/issues/69651","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/69651/packages"}},{"old_version":"48.0.0","new_version":"48.0.1","update_type":"patch","path":null,"pr_created_at":"2026-06-22T00:22:32.000Z","version_change":"48.0.0 → 48.0.1","issue":{"uuid":"4712479688","node_id":"PR_kwDOQIfwjs7o9Fsa","number":47,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-29T00:22:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-22T00:22:32.000Z","updated_at":"2026-06-29T00:23:10.000Z","time_to_close":604794,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":6,"packages":[{"name":"cachetools","old_version":"7.1.1","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"python-multipart","old_version":"0.0.30","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.2.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"coverage","old_version":"7.14.0","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cachetools](https://github.com/tkem/cachetools) | `7.1.1` | `7.1.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `48.0.0` | `48.0.1` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.30` | `0.0.32` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.48.0` | `0.49.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.14.0` | `7.14.1` |\n\n\nUpdates `cachetools` from 7.1.1 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.1.1...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 48.0.0 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.30 to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module by \u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assert error for requires() when request param is not Request type by \u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leifwar\"\u003e\u003ccode\u003e@​leifwar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3304\"\u003eKludex/starlette#3304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/diskeu\"\u003e\u003ccode\u003e@​diskeu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3243\"\u003eKludex/starlette#3243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KeeganOP\"\u003e\u003ccode\u003e@​KeeganOP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3298\"\u003eKludex/starlette#3298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.2.0...1.2.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.2.0...1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3291\"\u003eKludex/starlette#3291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.1.0...1.2.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.1.0...1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3283\"\u003eKludex/starlette#3283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3286\"\u003eKludex/starlette#3286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3287\"\u003eKludex/starlette#3287\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3283\"\u003eKludex/starlette#3283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.1...1.1.0\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.1...1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.2.1 (May 31, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ehttpx2\u003c/code\u003e for type checking in the \u003ccode\u003etestclient\u003c/code\u003e module \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3304\"\u003e#3304\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd assert error for \u003ccode\u003erequires()\u003c/code\u003e when the request parameter is not a \u003ccode\u003eRequest\u003c/code\u003e type \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3298\"\u003e#3298\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0 (May 28, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSupport httpx2 in the test client \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3291\"\u003e#3291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.1.0 (May 23, 2026)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e\u0026quot;application/octet-stream\u0026quot;\u003c/code\u003e as the \u003ccode\u003eFileResponse\u003c/code\u003e media type fallback \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3283\"\u003e#3283\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOnly dispatch standard HTTP verbs in \u003ccode\u003eHTTPEndpoint\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3286\"\u003e#3286\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject absolute paths in \u003ccode\u003eStaticFiles.lookup_path\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3287\"\u003e#3287\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/ef773fe9fe86d452ea014a39c6ede1029b341e73\"\u003e\u003ccode\u003eef773fe\u003c/code\u003e\u003c/a\u003e Version 1.2.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3306\"\u003e#3306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3fc68a7e394cb938bd202774b9d6f5c33a237a66\"\u003e\u003ccode\u003e3fc68a7\u003c/code\u003e\u003c/a\u003e Add sponsors section to docs sidebar (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b053f7bbf194c3fac77d87c6033ec6181eb4cd90\"\u003e\u003ccode\u003eb053f7b\u003c/code\u003e\u003c/a\u003e chore(deps): bump the python-packages group across 1 directory with 6 updates...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/14787751400853cc21853983a02d84bbfb4da45d\"\u003e\u003ccode\u003e1478775\u003c/code\u003e\u003c/a\u003e Add assert error for requires() when request param is not Request type (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3298\"\u003e#3298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/65765470827be550cdbc1a2e7165da494da7f6e8\"\u003e\u003ccode\u003e6576547\u003c/code\u003e\u003c/a\u003e Describe disconnected-after-response behavior in test docstring (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3243\"\u003e#3243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/9cb1553be6ff3d18a0d30a18e3b623ea86edeef0\"\u003e\u003ccode\u003e9cb1553\u003c/code\u003e\u003c/a\u003e Use same module (httpx|httpx2) for type checking as for runtime (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3304\"\u003e#3304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4060987466412dcdb3e5a0f05973b4208dddb6f0\"\u003e\u003ccode\u003e4060987\u003c/code\u003e\u003c/a\u003e Version 1.2.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/1e289ca3f957370122fb3bf7e046db65f6675037\"\u003e\u003ccode\u003e1e289ca\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers Static Assets (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/100f05a66bf3ff5643540164ae95fc3ad9ed3443\"\u003e\u003ccode\u003e100f05a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003ehttpx2\u003c/code\u003e as a dev dependency (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3295\"\u003e#3295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/508023b488b649d97c091eb60da1d8ef3636ee06\"\u003e\u003ccode\u003e508023b\u003c/code\u003e\u003c/a\u003e Support httpx2 in the test client (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3291\"\u003e#3291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.14.0 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.14.0...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/onprem-hipster-timer/backend/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onprem-hipster-timer%2Fbackend/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"48.0.0","new_version":"49.0.0","update_type":"major","path":null,"pr_created_at":"2026-06-20T23:34:08.000Z","version_change":"48.0.0 → 49.0.0","issue":{"uuid":"4708705289","node_id":"PR_kwDOQWOdqc7oxpf7","number":472,"state":"closed","title":"chore(deps): Bump the python-dependencies group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-27T23:33:24.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T23:34:08.000Z","updated_at":"2026-06-27T23:33:26.000Z","time_to_close":604756,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"python-dependencies","update_count":16,"packages":[{"name":"fastapi","old_version":"0.136.1","new_version":"0.138.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.47.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"cryptography","old_version":"48.0.0","new_version":"49.0.0","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [python-multipart](https://github.com/Kludex/python-multipart), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [pydantic-settings](https://github.com/pydantic/pydantic-settings), [av](https://github.com/PyAV-Org/PyAV), [cryptography](https://github.com/pyca/cryptography), [slowapi](https://github.com/laurents/slowapi), [openai](https://github.com/openai/openai-python), [anthropic](https://github.com/anthropics/anthropic-sdk-python), [uiprotect](https://github.com/uilibs/uiprotect), [aiosmtplib](https://github.com/cole/aiosmtplib), [sentence-transformers](https://github.com/huggingface/sentence-transformers), [pyjwt](https://github.com/jpadilla/pyjwt), [pytest](https://github.com/pytest-dev/pytest) and [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) to permit the latest version.\nUpdates `fastapi` from 0.136.1 to 0.138.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.138.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003eapp.frontend(\u0026quot;/\u0026quot;, directory=\u0026quot;dist\u0026quot;)\u003c/code\u003e and \u003ccode\u003erouter.frontend(\u0026quot;/\u0026quot;, directory=\u0026quot;dist\u0026quot;)\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15800\"\u003e#15800\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eRead the docs: \u003ca href=\"https://fastapi.tiangolo.com/tutorial/frontend/\"\u003eFrontend\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Fix typo in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15807\"\u003e#15807\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add \u003ccode\u003eapp.frontend()\u003c/code\u003e instructions to Agent Library Skill. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15805\"\u003e#15805\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update release notes link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15802\"\u003e#15802\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Update white space characters in bigger apps. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15801\"\u003e#15801\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix grammar, typos, and broken links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15694\"\u003e#15694\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Enable Hindi docs translations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15554\"\u003e#15554\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Fix failing test, update format for raised errors. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15804\"\u003e#15804\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Fix test-alls-green. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15803\"\u003e#15803\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Enable checking \u003ccode\u003erelease-notes.md\u003c/code\u003e for typos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15796\"\u003e#15796\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Tweak wording about deploying to FastAPI Cloud. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15793\"\u003e#15793\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Use \u003ccode\u003egpt-5.5\u003c/code\u003e model in \u003ccode\u003etranslate.py\u003c/code\u003e, specify \u003ccode\u003e-chat\u003c/code\u003e to avoid warnings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15792\"\u003e#15792\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.137.2\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003eiter_route_contexts()\u003c/code\u003e for advanced use cases that used to use \u003ccode\u003erouter.routes\u003c/code\u003e (e.g. Jupyverse). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15785\"\u003e#15785\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Fix broken Markdown in Korean custom response docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15774\"\u003e#15774\u003c/a\u003e by \u003ca href=\"https://github.com/kooqooo\"\u003e\u003ccode\u003e@​kooqooo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15761\"\u003e#15761\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15760\"\u003e#15760\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15759\"\u003e#15759\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15757\"\u003e#15757\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15756\"\u003e#15756\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15755\"\u003e#15755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15754\"\u003e#15754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15753\"\u003e#15753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15752\"\u003e#15752\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15751\"\u003e#15751\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15758\"\u003e#15758\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Update sponsors: add BairesDev. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15787\"\u003e#15787\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Update sponsors script to simplify previews. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15786\"\u003e#15786\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4b83b0d409009c8de9df4070fe163838b1a700c7\"\u003e\u003ccode\u003e4b83b0d\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.138.0 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15808\"\u003e#15808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/041cb0cdfa2d0f705d14ed07c2c2e0f92ef5f32c\"\u003e\u003ccode\u003e041cb0c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/10393846ede7a2947cec594d15a43f813001cab4\"\u003e\u003ccode\u003e1039384\u003c/code\u003e\u003c/a\u003e 📝 Fix typo in release notes (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15807\"\u003e#15807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0303491b69ff84a4632c0314e6db4df74f2f93f9\"\u003e\u003ccode\u003e0303491\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/190f6e2033c8b886b25027be284d8c8c1893f28c\"\u003e\u003ccode\u003e190f6e2\u003c/code\u003e\u003c/a\u003e 📝 Add Frontend instructions to Agent Library Skill (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15805\"\u003e#15805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/17945e5ab7f25234340c152a40d232a98857e079\"\u003e\u003ccode\u003e17945e5\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/2260afaf433103c8104b34d256cf0b96b058823b\"\u003e\u003ccode\u003e2260afa\u003c/code\u003e\u003c/a\u003e 🐛 Fix failing test, update format for raised errors (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15804\"\u003e#15804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0cd5001d0ef80a07e2d775c5c75522391a3e06d7\"\u003e\u003ccode\u003e0cd5001\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7cb1ab6264bc03319832f553730b511192a0c0d3\"\u003e\u003ccode\u003e7cb1ab6\u003c/code\u003e\u003c/a\u003e 👷 Fix test-alls-green (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15803\"\u003e#15803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9c7eceb00ff6e1d37980954418f7c9dab30a4cd5\"\u003e\u003ccode\u003e9c7eceb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.138.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.47.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` to 2.0.51\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.51\u003c/h1\u003e\n\u003cp\u003eReleased: June 15, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_orm.subqueryload()\u003c/code\u003e combined with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e and \u003ccode\u003ePropComparator.and_()\u003c/code\u003e would\nsilently drop the additional filter criteria, causing all related objects\nto be loaded instead of only those matching the filter.  The\n\u003ccode\u003eLoaderCriteriaOption\u003c/code\u003e was being constructed against the base\nentity rather than the effective entity indicated by\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e.  Pull request courtesy Arya Rizky.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13207\"\u003e#13207\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed bug where a failure during \u003ccode\u003etpc_prepare()\u003c/code\u003e within\n\u003ccode\u003e_orm.Session.commit()\u003c/code\u003e for a two-phase session would raise\n\u003ccode\u003eIllegalStateChangeError\u003c/code\u003e instead of the original database\nexception.  The internal \u003ccode\u003e_prepare_impl()\u003c/code\u003e method's error handler\nwas unable to invoke \u003ccode\u003e_orm.SessionTransaction.rollback()\u003c/code\u003e due\nto a state-change guard, preventing proper cleanup and masking the\nunderlying error.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13356\"\u003e#13356\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eengine\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[engine] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003eResult.freeze()\u003c/code\u003e would lose track of ambiguous\ncolumn names present in the original \u003ccode\u003eCursorResult\u003c/code\u003e, causing\nkey-based access on the thawed result to silently return a value instead of\nraising \u003ccode\u003eInvalidRequestError\u003c/code\u003e.  The\n\u003ccode\u003eSimpleResultMetaData\u003c/code\u003e now accepts and propagates ambiguous key\ninformation so that frozen, thawed, and pickled results raise consistently\nfor duplicate column names.  Pull request courtesy Saurabh Kohli.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/9427\"\u003e#9427\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where \u003ccode\u003e_sql.StatementLambdaElement\u003c/code\u003e would proxy\nattribute access through the cached \u0026quot;expected\u0026quot; expression rather than the\nresolved expression, causing stale closure-bound parameter values to be\nused when a lambda statement was extended with non-lambda criteria such as\nan additional \u003ccode\u003e.where()\u003c/code\u003e clause.  Courtesy cjc0013.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10827\"\u003e#10827\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a security patch release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e from following symlinks outside \u003ccode\u003esecrets_dir\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/889\"\u003epydantic/pydantic-settings#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.2 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/890\"\u003epydantic/pydantic-settings#890\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j\"\u003eGHSA-4xgf-cpjx-pc3j\u003c/a\u003e: \u003ccode\u003eNestedSecretsSettingsSource\u003c/code\u003e with \u003ccode\u003esecrets_nested_subdir=True\u003c/code\u003e could follow a symbolic link inside \u003ccode\u003esecrets_dir\u003c/code\u003e pointing outside it, reading out-of-tree files into settings values and bypassing the \u003ccode\u003esecrets_dir_max_size\u003c/code\u003e cap. Affected versions: \u003ccode\u003e\u0026gt;= 2.12.0, \u0026lt; 2.14.2\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/d703bd717e5e07439fa89da2245eee6139413e9e\"\u003e\u003ccode\u003ed703bd7\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.2 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/890\"\u003e#890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `av` to 17.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyAV-Org/PyAV/releases\"\u003eav's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.1.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the undertested \u003ccode\u003eav.option\u003c/code\u003e and \u003ccode\u003eav.descriptor\u003c/code\u003e APIs, along with the related \u003ccode\u003eCodec\u003c/code\u003e and \u003ccode\u003eFilter\u003c/code\u003e descriptor accessors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse FFmpeg 8.1.1 in the binary wheels by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBuild Linux ARMv7 binary wheels by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eAVCodecContext.global_quality\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2246\"\u003e#2246\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eStream.discard\u003c/code\u003e so demuxing and seeking can skip unwanted streams by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2272\"\u003e#2272\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStream.set_display_matrix()\u003c/code\u003e and \u003ccode\u003eStream.set_display_rotation()\u003c/code\u003e to write the container display (rotation) matrix on output streams by \u003ca href=\"https://github.com/hmaarrfk\"\u003e\u003ccode\u003e@​hmaarrfk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2287\"\u003e#2287\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eContainer.video_codec_id\u003c/code\u003e to force a specific video codec on a container by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2243\"\u003e#2243\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecython.final\u003c/code\u003e to leaf classes, ensuring that they are not subclassed by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWarn that \u003ccode\u003eCodecContext.decode()\u003c/code\u003e is not memory safe in some cases.\u003c/li\u003e\n\u003cli\u003eFix memory leaks in \u003ccode\u003eFFmpegError\u003c/code\u003e, \u003ccode\u003eAudioLayout\u003c/code\u003e channel layouts, and \u003ccode\u003eFrame.opaque\u003c/code\u003e, and break a reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e by \u003ca href=\"https://github.com/lgeiger\"\u003e\u003ccode\u003e@​lgeiger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReduce excessive logging lock contention by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2276\"\u003e#2276\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash when accessing \u003ccode\u003eStream\u003c/code\u003e from multiple threads under FFmpeg 8.1 by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2247\"\u003e#2247\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash during \u003ccode\u003eInputContainer\u003c/code\u003e initialization by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2010\"\u003e#2010\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eenumerate_input_devices\u003c/code\u003e and \u003ccode\u003eenumerate_output_devices\u003c/code\u003e raising \u003ccode\u003eAttributeError\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kazuki\"\u003e\u003ccode\u003e@​kazuki\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2264\"\u003e#2264\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMap HTTP 429 to \u003ccode\u003eHTTPTooManyRequestsError\u003c/code\u003e instead of \u003ccode\u003eUndefinedError\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2267\"\u003e#2267\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix crash in \u003ccode\u003eVideoFrame.to_ndarray()\u003c/code\u003e and \u003ccode\u003eto_image()\u003c/code\u003e on bottom-up frames with a negative \u003ccode\u003eline_size\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2213\"\u003e#2213\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eDisposition\u003c/code\u003e an \u003ccode\u003eIntFlag\u003c/code\u003e so \u003ccode\u003eStream.disposition\u003c/code\u003e can be assigned without raising \u003ccode\u003eTypeError\u003c/code\u003e by \u003ca href=\"https://github.com/HotariTobu\"\u003e\u003ccode\u003e@​HotariTobu\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAssign parser-inferred \u003ccode\u003epts\u003c/code\u003e, \u003ccode\u003edts\u003c/code\u003e, and \u003ccode\u003eduration\u003c/code\u003e to packets from \u003ccode\u003eCodecContext.parse()\u003c/code\u003e by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1919\"\u003e#1919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCopy \u003ccode\u003etime_base\u003c/code\u003e in \u003ccode\u003eadd_stream_from_template()\u003c/code\u003e by \u003ca href=\"https://github.com/daveisfera\"\u003e\u003ccode\u003e@​daveisfera\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2249\"\u003e#2249\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix the remux examples dropping keyframes that demux with no DTS, which produced audio-only output by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1917\"\u003e#1917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix subtitle UTF-8 handling by \u003ca href=\"https://github.com/jbree\"\u003e\u003ccode\u003e@​jbree\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2271\"\u003e#2271\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix several incorrect \u003ccode\u003emalloc\u003c/code\u003e size calculations by \u003ca href=\"https://github.com/WyattBlue\"\u003e\u003ccode\u003e@​WyattBlue\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HotariTobu\"\u003e\u003ccode\u003e@​HotariTobu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2257\"\u003ePyAV-Org/PyAV#2257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jbree\"\u003e\u003ccode\u003e@​jbree\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2271\"\u003ePyAV-Org/PyAV#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kazuki\"\u003e\u003ccode\u003e@​kazuki\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/pull/2288\"\u003ePyAV-Org/PyAV#2288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\"\u003ehttps://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyAV-Org/PyAV/blob/main/CHANGELOG.rst\"\u003eav's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.1.0\u003c/h2\u003e\n\u003cp\u003eBreaking:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the undertested \u003ccode\u003eav.option\u003c/code\u003e and \u003ccode\u003eav.descriptor\u003c/code\u003e APIs, along with the related \u003ccode\u003eCodec\u003c/code\u003e and \u003ccode\u003eFilter\u003c/code\u003e descriptor accessors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse FFmpeg 8.1.1 in the binary wheels by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBuild Linux ARMv7 binary wheels by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eAVCodecContext.global_quality\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e in (:pr:\u003ccode\u003e2246\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003eStream.discard\u003c/code\u003e so demuxing and seeking can skip unwanted streams by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2272\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStream.set_display_matrix()\u003c/code\u003e and \u003ccode\u003eStream.set_display_rotation()\u003c/code\u003e to write the container display (rotation) matrix on output streams by :gh-user:\u003ccode\u003ehmaarrfk\u003c/code\u003e in (:pr:\u003ccode\u003e2287\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eContainer.video_codec_id\u003c/code\u003e to force a specific video codec on a container by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2243\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecython.final\u003c/code\u003e to leaf classes, ensuring that they are not subclassed by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eWarn that \u003ccode\u003eCodecContext.decode()\u003c/code\u003e is not memory safe in some cases.\u003c/li\u003e\n\u003cli\u003eFix memory leaks in \u003ccode\u003eFFmpegError\u003c/code\u003e, \u003ccode\u003eAudioLayout\u003c/code\u003e channel layouts, and \u003ccode\u003eFrame.opaque\u003c/code\u003e, and break a reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReduce excessive logging lock contention by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2276\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash when accessing \u003ccode\u003eStream\u003c/code\u003e from multiple threads under FFmpeg 8.1 by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2247\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix a crash during \u003ccode\u003eInputContainer\u003c/code\u003e initialization by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2010\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eenumerate_input_devices\u003c/code\u003e and \u003ccode\u003eenumerate_output_devices\u003c/code\u003e raising \u003ccode\u003eAttributeError\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e and :gh-user:\u003ccode\u003ekazuki\u003c/code\u003e (:issue:\u003ccode\u003e2264\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMap HTTP 429 to \u003ccode\u003eHTTPTooManyRequestsError\u003c/code\u003e instead of \u003ccode\u003eUndefinedError\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2267\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix crash in \u003ccode\u003eVideoFrame.to_ndarray()\u003c/code\u003e and \u003ccode\u003eto_image()\u003c/code\u003e on bottom-up frames with a negative \u003ccode\u003eline_size\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e2213\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eDisposition\u003c/code\u003e an \u003ccode\u003eIntFlag\u003c/code\u003e so \u003ccode\u003eStream.disposition\u003c/code\u003e can be assigned without raising \u003ccode\u003eTypeError\u003c/code\u003e by :gh-user:\u003ccode\u003eHotariTobu\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAssign parser-inferred \u003ccode\u003epts\u003c/code\u003e, \u003ccode\u003edts\u003c/code\u003e, and \u003ccode\u003eduration\u003c/code\u003e to packets from \u003ccode\u003eCodecContext.parse()\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e1919\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eCopy \u003ccode\u003etime_base\u003c/code\u003e in \u003ccode\u003eadd_stream_from_template()\u003c/code\u003e by :gh-user:\u003ccode\u003edaveisfera\u003c/code\u003e in (:pr:\u003ccode\u003e2249\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix the remux examples dropping keyframes that demux with no DTS, which produced audio-only output by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e (:issue:\u003ccode\u003e1917\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix subtitle UTF-8 handling by :gh-user:\u003ccode\u003ejbree\u003c/code\u003e in (:pr:\u003ccode\u003e2271\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix several incorrect \u003ccode\u003emalloc\u003c/code\u003e size calculations by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev17.0.1\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA cdivision decorator for faster division.\u003c/li\u003e\n\u003cli\u003eAdjust tests so they work with 8.1 by :gh-user:\u003ccode\u003estrophy\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMake VideoFormat.components lazy by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBreak reference cycle \u003ccode\u003eStreamContainer.get()\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eExpose threads in filter graph by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix crash with container closing with GC by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix \u0026quot;Writing packets to data stream broken in av\u0026gt;=17\u0026quot; regression :issue:\u003ccode\u003e2223\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e_send_packet_and_recv\u003c/code\u003e to simplify \u003ccode\u003edecode()\u003c/code\u003e by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReuse a \u003ccode\u003eAVPacket\u003c/code\u003e read buffer when demuxing by :gh-user:\u003ccode\u003elgeiger\u003c/code\u003e and :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eAVCodecContext.frame_num\u003c/code\u003e instead of counting ourselves by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eav_channel_layout_compare()\u003c/code\u003e for \u003ccode\u003eAudioLayout.__eq__()\u003c/code\u003e by :gh-user:\u003ccode\u003eWyattBlue\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/97241598792f4c980c32458187154c7c999d68b3\"\u003e\u003ccode\u003e9724159\u003c/code\u003e\u003c/a\u003e Release 17.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/ef72887eb5be25e2fe23bca92fd11dcc92e4c7d8\"\u003e\u003ccode\u003eef72887\u003c/code\u003e\u003c/a\u003e Update Authors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/5f5535cb017954148d077d6598485c9944cee1ed\"\u003e\u003ccode\u003e5f5535c\u003c/code\u003e\u003c/a\u003e Fix remux examples dropping keyframes with no DTS (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/1917\"\u003e#1917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/7edf3fc72af6efd5de8643f24d272179fa9d12cf\"\u003e\u003ccode\u003e7edf3fc\u003c/code\u003e\u003c/a\u003e Remove stale autodoc directives for deleted attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/1940fd450e6165da950f540591da21b608d04a62\"\u003e\u003ccode\u003e1940fd4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2264\"\u003e#2264\u003c/a\u003e (Re-revised)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/28d50ddc0ae99b6980c05d1aec74ffe33b7020f5\"\u003e\u003ccode\u003e28d50dd\u003c/code\u003e\u003c/a\u003e Allow setting the rotation sidedata via new FFMPEG APIs (\u003ca href=\"https://redirect.github.com/PyAV-Org/PyAV/issues/2287\"\u003e#2287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/4af11a26fed1e6347d8748d5b48a679a5f9536b1\"\u003e\u003ccode\u003e4af11a2\u003c/code\u003e\u003c/a\u003e Break reference cycle between \u003ccode\u003eFilterLink\u003c/code\u003e and \u003ccode\u003eGraph\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/75e6854648a89b4038cc6e8e1790406a7af94f23\"\u003e\u003ccode\u003e75e6854\u003c/code\u003e\u003c/a\u003e Fix memory leak when setting opaque on Frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/209388f57d640ff150e997ed3c11835db302a792\"\u003e\u003ccode\u003e209388f\u003c/code\u003e\u003c/a\u003e Fix memory leak in \u003ccode\u003eAudioLayout\u003c/code\u003e by uninitializing channel layout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyAV-Org/PyAV/commit/870dd7090bc30be2841163cab0c90e5ebd6b7f7b\"\u003e\u003ccode\u003e870dd70\u003c/code\u003e\u003c/a\u003e Fix FFmpegError memory leak\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyAV-Org/PyAV/compare/v17.0.1...v17.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 48.0.0 to 49.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e49.0.0 - 2026-06-12\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.\n  We now only publish ``arm64`` wheels for macOS.\n* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.\n  Users should move to a 64-bit Python installation.\n* **BACKWARDS INCOMPATIBLE:** Removed the deprecated\n  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,\n  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,\n  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use\n  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,\n  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``\n  instead. These were deprecated in version 40.0.\n* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`\n  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block\n  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.\n  Attempting to encrypt or decrypt more data than the counter allows before it\n  would overflow now raises a :class:`ValueError` rather than silently diverging\n  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows\n  encrypting up to 256 GiB with a given nonce.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA\n  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises\n  a :class:`ValueError`. Such certificates are invalid, but older versions of\n  Java emitted them; previously they loaded with a deprecation warning.\n* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``\n  is set. The build now derives the Python include directory from\n  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which\n  previously caused the build to fail during cross-compilations for embedded\n  systems, on hosts which have same-version Python development headers\n  installed as the target Python.\n* Added support for signing and verifying X.509 certificates, certificate\n  signing requests, and certificate revocation lists with\n  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading\n  certificates that contain ML-DSA public keys.\n* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to\n  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the\n  encapsulated key from the ciphertext returned by\n  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.\n* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and\n  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`\n  now accept any extension type. Previously only a fixed set of extension\n  types was supported, which made it impossible to account for otherwise\n  unrecognized critical extensions during path validation.\n* Added support for using :class:`~cryptography.x509.Certificate`,\n  :class:`~cryptography.x509.CertificateSigningRequest`, and\n  :class:`~cryptography.x509.CertificateRevocationList` as field types in\n  :doc:`/hazmat/asn1/index` structures.\n* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e300bbe2f1bec75e5ee7e0ab7b196958831b3db6\"\u003e\u003ccode\u003ee300bbe\u003c/code\u003e\u003c/a\u003e bump version and changelog for 49.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15030\"\u003e#15030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/fa74cd8031b263edb50307f6d5a9a70df9f0a541\"\u003e\u003ccode\u003efa74cd8\u003c/code\u003e\u003c/a\u003e Add external mu (message representative) support for ML-DSA (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14979\"\u003e#14979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/f594db3f315e621473c58721961f502ba2a286ec\"\u003e\u003ccode\u003ef594db3\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl from 0.10.80 to 0.10.81 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15029\"\u003e#15029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/608e0119532153336310e51747724c6b9d107df7\"\u003e\u003ccode\u003e608e011\u003c/code\u003e\u003c/a\u003e chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15028\"\u003e#15028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/a322bc4fb2bd2fd6f345fdb155cac226b1770dad\"\u003e\u003ccode\u003ea322bc4\u003c/code\u003e\u003c/a\u003e chore(deps): bump cc from 1.2.63 to 1.2.64 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15027\"\u003e#15027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/33181a74d41aa859b05f3720700a31c8e5b9e54c\"\u003e\u003ccode\u003e33181a7\u003c/code\u003e\u003c/a\u003e Reject critical nameConstraints extensions containing directoryName constrain...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/6080dc7f08e7473544b07df95833ff2ee843266e\"\u003e\u003ccode\u003e6080dc7\u003c/code\u003e\u003c/a\u003e Bump dependencies that dependabot isn't (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15026\"\u003e#15026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/121faa33a717559a8b0f0180b2d4e7785234af79\"\u003e\u003ccode\u003e121faa3\u003c/code\u003e\u003c/a\u003e chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15023\"\u003e#15023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/829520baa909eff95d64e5ebd165544d6fd60172\"\u003e\u003ccode\u003e829520b\u003c/code\u003e\u003c/a\u003e Add more robust processing for DH parameters. (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15016\"\u003e#15016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0f0500141cec535846f36c4c68d02b03126386b5\"\u003e\u003ccode\u003e0f05001\u003c/code\u003e\u003c/a\u003e Bump downstream dependencies in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/15025\"\u003e#15025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...49.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `slowapi` to 0.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/laurents/slowapi/releases\"\u003eslowapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Update warn to warning py3.11 deprecation by \u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/200\"\u003elaurentS/slowapi#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: allow Requests to be sent to exempt_when by \u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/160\"\u003elaurentS/slowapi#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: drop python 3.7 and 3.8 from CI checks by \u003ca href=\"https://github.com/laurentS\"\u003e\u003ccode\u003e@​laurentS\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/238\"\u003elaurentS/slowapi#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: prepare 0.1.10 release by \u003ca href=\"https://github.com/ecly\"\u003e\u003ccode\u003e@​ecly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/212\"\u003elaurentS/slowapi#212\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/200\"\u003elaurentS/slowapi#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/160\"\u003elaurentS/slowapi#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ecly\"\u003e\u003ccode\u003e@​ecly\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/laurentS/slowapi/pull/212\"\u003elaurentS/slowapi#212\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/laurentS/slowapi/compare/v0.1.9...v0.1.10\"\u003ehttps://github.com/laurentS/slowapi/compare/v0.1.9...v0.1.10\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md\"\u003eslowapi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.1.10] - 2026-06-13\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: allow usage of the request object in the except_when function (thanks \u003ca href=\"https://github.com/colin99d\"\u003e\u003ccode\u003e@​colin99d\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded more test exemption logic (thanks \u003ca href=\"https://github.com/colin99\"\u003e\u003ccode\u003e@​colin99\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix logger warning for Python 3.11 deprecation  (thanks \u003ca href=\"https://github.com/kevin868\"\u003e\u003ccode\u003e@​kevin868\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.9] - 2024-02-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elimit_value\u003c/code\u003e typehint in \u003ccode\u003elimit()\u003c/code\u003e function (thanks \u003ca href=\"https://github.com/PookieBuns\"\u003e\u003ccode\u003e@​PookieBuns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003elimit_value\u003c/code\u003e typehint in \u003ccode\u003eshared_limit()\u003c/code\u003e function (thanks \u003ca href=\"https://github.com/aberlioz\"\u003e\u003ccode\u003e@​aberlioz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOnly pass \u003ccode\u003e\u0026quot;.env\u0026quot;\u003c/code\u003e to starlette \u003ccode\u003eConfig\u003c/code\u003e if \u003ccode\u003e\u0026quot;.env\u0026quot;\u003c/code\u003e file exists (thanks \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.8] - 2023-04-07\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLoosen restriction on the limits dependency (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix redis install error (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Python 3.11 support (thanks \u003ca href=\"https://github.com/sanders41\"\u003e\u003ccode\u003e@​sanders41\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.7] - 2022-11-09\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded ASGI middleware alternative (thanks \u003ca href=\"https://github.com/thentgesMindee\"\u003e\u003ccode\u003e@​thentgesMindee\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for custom cost per hit (thanks \u003ca href=\"https://github.com/nootr\"\u003e\u003ccode\u003e@​nootr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ekey_style\u003c/code\u003e parameter to choose between endpoint or url (thanks \u003ca href=\"https://github.com/thentgesMindee\"\u003e\u003ccode\u003e@​thentgesMindee\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.1.6] - 2022-08-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded feature to support providing functions for dynamically defined limits (thanks \u003ca href=\"https://github.com/maratsarbasov\"\u003e\u003ccode\u003e@​maratsarbasov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded github action to check for unused imports (thanks \u003ca href=\"https://github.com/twcurrie\"\u003e\u003ccode\u003e@​twcurrie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded coverage report in CI (thanks \u003ca href=\"https://github.com/karlnewell\"\u003e\u003ccode\u003e@​karlnewell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded Python 3.10 to CI (thanks \u003ca href=\"https://github.com/Reuben\"\u003e\u003ccode\u003e@​Reuben\u003c/code\u003e\u003c/a\u003e Thomas-Davis)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShifted redis to extras, removed test imports of library (thanks \u003ca href=\"https://github.com/ME-ON1\"\u003e\u003ccode\u003e@​ME-ON1\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgraded dependencies (thanks \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated documentation and example code (thanks \u003ca href=\"https://github.com/Dustyposa\"\u003e\u003ccode\u003e@​Dustyposa\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/nootr\"\u003e\u003ccode\u003e@​nootr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet minimum Python version to 3.6.2 (thanks \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed exempt decorator for async routes (thanks \u003ca href=\"https://github.com/laurents\"\u003e\u003ccode\u003e@​laurents\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandled newly raised exception from parsing library (thanks \u003ca href=\"https://github.com/Rested\"\u003e\u003ccode\u003e@​Rested\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/75799a3ec9498af10110068190356f704f838fe3\"\u003e\u003ccode\u003e75799a3\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/6f22eabc90a793d8c8459b6a8115c6f7fbb05bc5\"\u003e\u003ccode\u003e6f22eab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/212\"\u003e#212\u003c/a\u003e from ecly/release-v0.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/5e2b9c108f79471fc96a5152bb69774894660cd1\"\u003e\u003ccode\u003e5e2b9c1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/238\"\u003e#238\u003c/a\u003e from laurentS/drop-old-python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/a83ec7211ea664fcb65580a386845832c112892d\"\u003e\u003ccode\u003ea83ec72\u003c/code\u003e\u003c/a\u003e Update README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/d1a20b6a4e0ba063bdb2160379be531c385c40a3\"\u003e\u003ccode\u003ed1a20b6\u003c/code\u003e\u003c/a\u003e Drop python 3.7 and 3.8 from CI checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/8bf8b2ec55677aa3c9e0f9bed9f1a48f0b0b8d2e\"\u003e\u003ccode\u003e8bf8b2e\u003c/code\u003e\u003c/a\u003e Make exempt_when with request backwards compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/eaf5ba76cd8657693bcec6dec281a35053b1164b\"\u003e\u003ccode\u003eeaf5ba7\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/a72bcc66597f620f04bf5be3676e40ed308d3a6a\"\u003e\u003ccode\u003ea72bcc6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/laurents/slowapi/issues/160\"\u003e#160\u003c/a\u003e from colin99d/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/42330fcddbf5ce22d18622ca14772cff256c2e74\"\u003e\u003ccode\u003e42330fc\u003c/code\u003e\u003c/a\u003e Merge branch 'laurentS:master' into master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laurentS/slowapi/commit/91145c087d658b6c3404935cd02155e291c2682b\"\u003e\u003ccode\u003e91145c0\u003c/code\u003e\u003c/a\u003e Fixed mypy error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/laurents/slowapi/compare/v0.1.9...v0.1.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` to 2.43.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003ch2\u003e2.43.0 (2026-06-17)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.42.0...v2.43.0\"\u003ev2.42.0...v2.43.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/22542358490ef8f31f0d373e17f7b791b3d983ca\"\u003e2254235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.43.0 (2026-06-17)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.42.0...v2.43.0\"\u003ev2.42.0...v2.43.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/22542358490ef8f31f0d373e17f7b791b3d983ca\"\u003e2254235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.42.0 (2026-06-16)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.41.1...v2.42.0\"\u003ev2.41.1...v2.42.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e admin spend_alerts (\u003ca href=\"https://github.com/openai/openai-python/commit/6134198a488996c4ff6fca4551afd55fb3294fdc\"\u003e6134198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/f337bf43276c880d2daf09a5d7f9fc9a886c4bf2\"\u003ef337bf4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/7015158c3119acf57af6c20903587cef928530a9\"\u003e7015158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild System\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix release workflow permissions (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/a526ee813f085318fe3c6923ac3fa10c1cf56420\"\u003ea526ee8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse CI environment for examples API key (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/d64d811e82aff724397e32d593e50657fee3f905\"\u003ed64d811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.41.1 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.41.0...v2.41.1\"\u003ev2.41.0...v2.41.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBuild System\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove scheduled release workflow trigger (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3366\"\u003e#3366\u003c/a\u003e) (\u003ca href=\"https://github.com/openai/openai-python/commit/2a91011abc21032db9566b98068afefb5fbb9b24\"\u003e2a91011\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/e20b6b82c145091f0d8412a7e4a9bc5900a40462\"\u003e\u003ccode\u003ee20b6b8\u003c/code\u003e\u003c/a\u003e release: 2.43.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d354538e8c2618e228c80f1fdc332ee1f70d1f2\"\u003e\u003ccode\u003e4d35453\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2bba15e71817a75e9b8517e09cb244bc144b50d0\"\u003e\u003ccode\u003e2bba15e\u003c/code\u003e\u003c/a\u003e release: 2.42.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/1ec3e8298982d900d31b486177b5d4cecadcf035\"\u003e\u003ccode\u003e1ec3e82\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/93c2eca17d2d484b95245c849b39f51c6d291478\"\u003e\u003ccode\u003e93c2eca\u003c/code\u003e\u003c/a\u003e feat(api): manual updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/b269f88a30fcfbcceea1cc30deb00405db88c5e6\"\u003e\u003ccode\u003eb269f88\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ee821d6b4a59d6b73850640162b6454da434f5f7\"\u003e\u003ccode\u003eee821d6\u003c/code\u003e\u003c/a\u003e feat(api): admin spend_alerts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/60002e574925e84261150f3e01be4bcb53658261\"\u003e\u003ccode\u003e60002e5\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d64d811e82aff724397e32d593e50657fee3f905\"\u003e\u003ccode\u003ed64d811\u003c/code\u003e\u003c/a\u003e build: Use CI environment for examples API key (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3394\"\u003e#3394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a526ee813f085318fe3c6923ac3fa10c1cf56420\"\u003e\u003ccode\u003ea526ee8\u003c/code\u003e\u003c/a\u003e build: fix release workflow permissions (\u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3389\"\u003e#3389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.30.0...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` to 0.111.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.111.0\u003c/h2\u003e\n\u003ch2\u003e0.111.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.110.0...v0.111.0\"\u003ev0.110.0...v0.111.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e tag refusal-fallback middleware requests with fallback-refusal-middleware (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/96\"\u003e#96\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2f8ac789506efc0719b06f1f646c9a98bb25ce7b\"\u003e2f8ac78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.111.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.110.0...v0.111.0\"\u003ev0.110.0...v0.111.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e tag refusal-fallback middleware requests with fallback-refusal-middleware (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/96\"\u003e#96\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2f8ac789506efc0719b06f1f646c9a98bb25ce7b\"\u003e2f8ac78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.110.0 (2026-06-18)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.2...v0.110.0\"\u003ev0.109.2...v0.110.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for new code_execution_20260120 tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5e23212dc0883174c879b97ef8e7e33ead4e8da5\"\u003e5e23212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eappend x-stainless-helper across header merges instead of clobbering (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/105\"\u003e#105\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/922558e2ce52e18863dab27bcc04067068827364\"\u003e922558e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock:\u003c/strong\u003e preserve stream event type (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1682\"\u003e#1682\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b27e3439699174dbc41e34e2d6ef5cb1e2930c18\"\u003eb27e343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehelpers:\u003c/strong\u003e single source of truth for x-stainless-helper key + closed value vocabulary (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/95\"\u003e#95\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e6f7a56bb624f4c946cb15ba7973fd6fe052e10f\"\u003ee6f7a56\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.2 (2026-06-15)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.1...v0.109.2\"\u003ev0.109.1...v0.109.2\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e remove retired models from API and SDKs (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/d4bcfcc257bd0c97d5e75060bd19c97abddd9f49\"\u003ed4bcfcc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.1 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.109.0...v0.109.1\"\u003ev0.109.0...v0.109.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add \u003ccode\u003efrontier_llm\u003c/code\u003e refusal category (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/d3a806b454d8aaf5806db11c651deebe61836131\"\u003ed3a806b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.109.0 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.108.0...v0.109.0\"\u003ev0.108.0...v0.109.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Managed Agents deployments and environment variable credentials (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47633bff658d4aaced3cd920ef6782c48cf31a9a\"\u003e47633bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.108.0 (2026-06-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.1...v0.108.0\"\u003ev0.107.1...v0.108.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5d6fd8d3f46dfffdc7d1579674053c6efe9d6508\"\u003e\u003ccode\u003e5d6fd8d\u003c/code\u003e\u003c/a\u003e release: 0.111.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9fdf2efcf79c09a086169ea4710ec4b379565453\"\u003e\u003ccode\u003e9fdf2ef\u003c/code\u003e\u003c/a\u003e feat(helpers): tag refusal-fallback middleware requests with fallback-refusal...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/af2b702140d8c53ba841b590b5022053c616c4d7\"\u003e\u003ccode\u003eaf2b702\u003c/code\u003e\u003c/a\u003e release: 0.110.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a10dbaabdf6e0f9dda126c8014465c797f9ff008\"\u003e\u003ccode\u003ea10dbaa\u003c/code\u003e\u003c/a\u003e feat(api): add support for new code_execution_20260120 tool\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9d49b634b44bd70ae344d1e0574347eda2a8ef10\"\u003e\u003ccode\u003e9d49b63\u003c/code\u003e\u003c/a\u003e fix(helpers): single source of truth for x-stainless-helper key + closed valu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e8a5c84e53f0f6282f90bcd809e15835a08e4a06\"\u003e\u003ccode\u003ee8a5c84\u003c/code\u003e\u003c/a\u003e fix: append x-stainless-helper across header merges instead of clobbering (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit...\n\n_Description has been truncated_","html_url":"https://github.com/project-argusai/ArgusAI/pull/472","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/project-argusai%2FArgusAI/issues/472","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/472/packages"}},{"old_version":"48.0.0","new_version":"48.0.1","update_type":"patch","path":null,"pr_created_at":"2026-06-20T09:50:43.000Z","version_change":"48.0.0 → 48.0.1","issue":{"uuid":"4706010116","node_id":"PR_kwDOJEpxds7opCPM","number":80,"state":"closed","title":"Bump cryptography from 48.0.0 to 48.0.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-20T12:33:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T09:50:43.000Z","updated_at":"2026-06-20T12:33:35.000Z","time_to_close":9771,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 48.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=pip\u0026previous-version=48.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SFSeeger/Abitur-Song-Uploader/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SFSeeger/Abitur-Song-Uploader/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SFSeeger%2FAbitur-Song-Uploader/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"}},{"old_version":"48.0.0","new_version":"48.0.1","update_type":"patch","path":null,"pr_created_at":"2026-06-20T07:32:23.000Z","version_change":"48.0.0 → 48.0.1","issue":{"uuid":"4705580242","node_id":"PR_kwDOJLMoKM7onso4","number":229,"state":"closed","title":"chore: bump cryptography from 48.0.0 to 48.0.1","user":"dependabot[bot]","labels":["Dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-20T07:34:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T07:32:23.000Z","updated_at":"2026-06-20T07:34:49.000Z","time_to_close":144,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"cryptography","old_version":"48.0.0","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"}],"path":null,"ecosystem":"pip"},"body":"Bumps [cryptography](https://github.com/pyca/cryptography) from 48.0.0 to 48.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/48.0.0...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography\u0026package-manager=uv\u0026previous-version=48.0.0\u0026new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/thenativeweb/eventsourcingdb-client-python/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/thenativeweb/eventsourcingdb-client-python/pull/229","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thenativeweb%2Feventsourcingdb-client-python/issues/229","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/229/packages"}},{"old_version":"46.0.7","new_version":"48.0.1","update_type":"major","path":null,"pr_created_at":"2026-06-20T02:18:13.000Z","version_change":"46.0.7 → 48.0.1","issue":{"uuid":"4704779852","node_id":"PR_kwDOSFtRfc7olMCJ","number":29,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv","type: chore"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-06-20T02:22:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-20T02:18:13.000Z","updated_at":"2026-06-20T02:22:35.000Z","time_to_close":260,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.3","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.1","repository_url":"https://github.com/pyca/cryptography"},{"name":"jupyter-server","old_version":"2.18.2","new_version":"2.20.0","repository_url":"https://github.com/jupyter-server/jupyter_server"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the / directory: [pypdf](https://github.com/py-pdf/pypdf), [bleach](https://github.com/mozilla/bleach), [cryptography](https://github.com/pyca/cryptography) and [jupyter-server](https://github.com/jupyter-server/jupyter_server).\n\nUpdates `pypdf` from 6.10.2 to 6.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.13.3, 2026-06-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e) by \u003ca href=\"https://github.com/Samuel-Harris\"\u003e\u003ccode\u003e@​Samuel-Harris\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSeveral fixes by \u003ca href=\"https://github.com/metsw24-max\"\u003e\u003ccode\u003e@​metsw24-max\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.2...6.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.2, 2026-06-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDetect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3847\"\u003e#3847\u003c/a\u003e) by \u003ca href=\"https://github.com/fredericoschardong\"\u003e\u003ccode\u003e@​fredericoschardong\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix UnboundLocalError in _read_standard_xref_table on a malformed entry (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3841\"\u003e#3841\u003c/a\u003e) by \u003ca href=\"https://github.com/joszamama\"\u003e\u003ccode\u003e@​joszamama\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise PdfStreamError on non-hexadecimal bytes in hex readers (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3832\"\u003e#3832\u003c/a\u003e) by \u003ca href=\"https://github.com/metsw24-max\"\u003e\u003ccode\u003e@​metsw24-max\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.1...6.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.1, 2026-06-08\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent infinite loops when processing threads/articles (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3839\"\u003e#3839\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.0, 2026-06-05\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loops for outlines and text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3830\"\u003e#3830\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Japanese predefined CMaps (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3800\"\u003e#3800\u003c/a\u003e) by \u003ca href=\"https://github.com/yasuhiroiwaki\"\u003e\u003ccode\u003e@​yasuhiroiwaki\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFont: Collect all character widths, not only those that can be unicode mapped (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3798\"\u003e#3798\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecover a corrupt trailing startxref pointer (closes \u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3238\"\u003e#3238\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3826\"\u003e#3826\u003c/a\u003e) by \u003ca href=\"https://github.com/gaoflow\"\u003e\u003ccode\u003e@​gaoflow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle /Pages node without /Kids during flattening (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3825\"\u003e#3825\u003c/a\u003e) by \u003ca href=\"https://github.com/gaoflow\"\u003e\u003ccode\u003e@​gaoflow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.13.3, 2026-06-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSeveral fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.2...6.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.2, 2026-06-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDetect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix UnboundLocalError in _read_standard_xref_table on a malformed entry (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3841\"\u003e#3841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise PdfStreamError on non-hexadecimal bytes in hex readers (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3832\"\u003e#3832\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.1...6.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.1, 2026-06-08\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent infinite loops when processing threads/articles (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3839\"\u003e#3839\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.13.0, 2026-06-05\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loops for outlines and text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3830\"\u003e#3830\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Japanese predefined CMaps (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3800\"\u003e#3800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFont: Collect all character widths, not only those that can be unicode mapped (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3798\"\u003e#3798\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecover a corrupt trailing startxref pointer (closes \u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3238\"\u003e#3238\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3826\"\u003e#3826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle /Pages node without /Kids during flattening (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3825\"\u003e#3825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept inline image EI marker at the end of a content stream (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance (MAINT)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eType the always-raising deprecation helpers as \u003ccode\u003eNoReturn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3819\"\u003e#3819\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9aa05e7bde29a55e3ddb938347082e0d6e333e17\"\u003e\u003ccode\u003e9aa05e7\u003c/code\u003e\u003c/a\u003e REL: 6.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/bbd083d1196d276d9c542418f77ac49e06de3ff1\"\u003e\u003ccode\u003ebbd083d\u003c/code\u003e\u003c/a\u003e SEC: Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3871\"\u003e#3871\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/d5cd26622a871635cb8bc6ae0552c843681b5a6e\"\u003e\u003ccode\u003ed5cd266\u003c/code\u003e\u003c/a\u003e ROB: Guard text operators against missing operands in extract_text (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3861\"\u003e#3861\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/82f1f902a466a42c0e586afdfb35227825572df4\"\u003e\u003ccode\u003e82f1f90\u003c/code\u003e\u003c/a\u003e ROB: Tolerate malformed /Limits in index2label (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3858\"\u003e#3858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0276a6fa03a1304a87dfc610ae0335b563cb8788\"\u003e\u003ccode\u003e0276a6f\u003c/code\u003e\u003c/a\u003e PI: Avoid per-pixel getpixel loop for 1-bit indexed images (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3854\"\u003e#3854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/41a9c3c54f2de0fcb0151e796178c2ed5acb5f79\"\u003e\u003ccode\u003e41a9c3c\u003c/code\u003e\u003c/a\u003e MAINT: Make mypy assert messages consistent (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3849\"\u003e#3849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/d1bba60c8e22e6fe23d23998dbaea6ea713868e2\"\u003e\u003ccode\u003ed1bba60\u003c/code\u003e\u003c/a\u003e MAINT: Increase readability of PdfDocCommon (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3834\"\u003e#3834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/53b6fbc71d8596d52002026b821c3436e62060fe\"\u003e\u003ccode\u003e53b6fbc\u003c/code\u003e\u003c/a\u003e DEV: Bump codecov/codecov-action from 6.0.1 to 7.0.0 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3859\"\u003e#3859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/e07c223a67fcbaf3fb29b511b65cb5de650edd17\"\u003e\u003ccode\u003ee07c223\u003c/code\u003e\u003c/a\u003e MAINT: Enforce G004 (no f-strings in logging) (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3845\"\u003e#3845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5270f76027c5a41be3247b661b58f435e8be479b\"\u003e\u003ccode\u003e5270f76\u003c/code\u003e\u003c/a\u003e ROB: Guard zero unitsPerEm in from_truetype_font_file (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3846\"\u003e#3846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.2...6.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.7 to 48.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.1 - 2026-06-09\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.\n\u003cp\u003e.. _v48-0-0:\u003c/p\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.8 has been removed.\n\u003ccode\u003ecryptography\u003c/code\u003e now requires Python 3.9 or later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading an X.509 CRL whose inner\n\u003ccode\u003eTBSCertList.signature\u003c/code\u003e algorithm does not match the outer\n\u003ccode\u003esignatureAlgorithm\u003c/code\u003e now raises \u003ccode\u003eValueError\u003c/code\u003e. Previously, such CRLs\nwere parsed successfully and only rejected during signature validation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded support for :doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mlkem\u003c/code\u003e and\n:doc:\u003ccode\u003e/hazmat/primitives/asymmetric/mldsa\u003c/code\u003e when using OpenSSL 3.5.0 or\nlater, in addition to the existing AWS-LC and BoringSSL support. This means\npost-quantum algorithms are now available to users of our wheels.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Support for Python 3.8 is deprecated and will be removed in the next\n  ``cryptography`` release.\n* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves\n  (``SECT*`` classes) has been removed. These curves are rarely used and\n  have additional security considerations that make them undesirable.\n* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.\n  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\n  continue to be supported.\n* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL \u0026lt; 4.1.\n* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or\n  keys with unsupported explicit curve encodings now raises\n  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of\n  ``ValueError``. This change affects\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,\n  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,\n  and :meth:`~cryptography.x509.Certificate.public_key` when called on\n  certificates with unsupported public key algorithms.\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/de987ce48ccfeb1abca41efa23b2bf73ec704f74\"\u003e\u003ccode\u003ede987ce\u003c/code\u003e\u003c/a\u003e 48.0.1 version bump and changelog (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14996\"\u003e#14996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.18.2 to 2.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.20.0\u003c/h2\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-44727 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp\"\u003eGHSA-fcw5-x6j4-ccmp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix confusing terminal output when using ServerApp.ip=0.0.0.0 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1643\"\u003e#1643\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a toggle to enable curve encryption for all kernels that support it \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1638\"\u003e#1638\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGrab the port from \u003ccode\u003ebind_sockets\u003c/code\u003e in case its different \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1651\"\u003e#1651\u003c/a\u003e (\u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1664\"\u003e#1664\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a reminder to merge GHSA before release \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1659\"\u003e#1659\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1658\"\u003e#1658\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eci: explicitly pass base-setup inputs to fix strict validation failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1626\"\u003e#1626\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlign docs for curve encryption with latest JEP version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1660\"\u003e#1660\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove PGP key from docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1653\"\u003e#1653\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29\u0026amp;to=2026-06-17\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003e2.19.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix confusing terminal output when using ServerApp.ip=0.0.0.0 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1643\"\u003e#1643\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a toggle to enable curve encryption for all kernels that support it \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1638\"\u003e#1638\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGrab the port from \u003ccode\u003ebind_sockets\u003c/code\u003e in case its different \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1651\"\u003e#1651\u003c/a\u003e (\u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1664\"\u003e#1664\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a reminder to merge GHSA before release \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1659\"\u003e#1659\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1658\"\u003e#1658\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eci: explicitly pass base-setup inputs to fix strict validation failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1626\"\u003e#1626\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlign docs for curve encryption with latest JEP version \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1660\"\u003e#1660\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove PGP key from docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1653\"\u003e#1653\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29\u0026amp;to=2026-06-17\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/choldgraf\"\u003e\u003ccode\u003e@​choldgraf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ianthomas23\"\u003e\u003ccode\u003e@​ianthomas23\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e2.19.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn \u003ccode\u003eunresolved\u003c/code\u003e stanza when kernel scope is unavailable for \u003ccode\u003eresolvePath\u003c/code\u003e (instead of failing with 404) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1641\"\u003e#1641\u003c/a\u003e (\u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRecreate notary store on failure to prevent save deadlock and data loss \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1640\"\u003e#1640\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/05a78ad879e69ef87e91b2714a8ebeb5ff9628a7\"\u003e\u003ccode\u003e05a78ad\u003c/code\u003e\u003c/a\u003e Publish 2.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd\"\u003e\u003ccode\u003e6cbee8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/333e700119ee0bcc0b5fcd4c158213d7c275c778\"\u003e\u003ccode\u003e333e700\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003etest_authorizer\u003c/code\u003e having a spurious comma in params (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/cccd543352d9be0365de56627b671cc8aa9cab0c\"\u003e\u003ccode\u003ecccd543\u003c/code\u003e\u003c/a\u003e Fix CI: explicitly pass base-setup inputs to avoid strict validation failures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/cd16d715dfb1f84b2e5056317927fc930b811842\"\u003e\u003ccode\u003ecd16d71\u003c/code\u003e\u003c/a\u003e Align docs for curve encryption with latest JEP version (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e458061e6ee50368bbdb74153092fc8400704ee0\"\u003e\u003ccode\u003ee458061\u003c/code\u003e\u003c/a\u003e Add a toggle to enable curve encryption for all kernels that support it (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1638\"\u003e#1638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceeb4fb61be1deaaa7c1ff01325f7dd47db1c46\"\u003e\u003ccode\u003e0ceeb4f\u003c/code\u003e\u003c/a\u003e Add note in RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/b13f8a241b1111e402457e1d0b1cce252d8e1e5e\"\u003e\u003ccode\u003eb13f8a2\u003c/code\u003e\u003c/a\u003e Markdown does not work.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e885b10a26c11caf109007a901153d1ac373c14d\"\u003e\u003ccode\u003ee885b10\u003c/code\u003e\u003c/a\u003e Add GHSA reminder in prep-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0e28c901e8bc0953d61611fe8cb018460433288f\"\u003e\u003ccode\u003e0e28c90\u003c/code\u003e\u003c/a\u003e Exclude problematic \u003ccode\u003epywinpty\u003c/code\u003e 3.0.4 version (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...v2.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/danielbodnar/OpenHands/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/danielbodnar/OpenHands/pull/29","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2FOpenHands/issues/29","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/29/packages"}}]}